// hook_intr private static void HookInterrupt(Emulator emulator, int into, object userData) { X86Registers registers = ((X86Emulator)emulator).Registers; byte[] buffer = new byte[256]; if (into != 0x80) { return; } long eax = registers.EAX; long eip = registers.EIP; switch (eax) { default: Console.WriteLine($">>> 0x{eip.ToString("x2")}: interrupt 0x{into.ToString("x2")}, EAX = 0x{eax.ToString("x2")}"); break; case 1: // sys_exit Console.WriteLine($">>> 0x{eip.ToString("x2")}: interrupt 0x{into.ToString("x2")}, SYS_EXIT. quit!"); Console.WriteLine(); emulator.Stop(); break; case 4: long ecx = registers.ECX; long edx = registers.EDX; int count = buffer.Length < edx ? buffer.Length : (int)edx; emulator.Memory.Read((ulong)ecx, buffer, count); // >>> 0x%x: interrupt 0x%x, SYS_WRITE. buffer = 0x%x, size = %u, content = '%s'\n // r_eip, intno, r_ecx, r_edx, buffer Console.WriteLine($">>> 0x{eip.ToString("x2")}: interrupts 0x{into.ToString("x2")}, SYS_WRITE. buffer = 0x{ecx.ToString("x2")}, size = {edx.ToString("x2")}, content = {Encoding.UTF8.GetString(buffer)}"); break; } }
/// <summary> /// Initializes a new instance of the <see cref="X86Emulator"/> class with the specified /// <see cref="X86Mode"/> to use. /// </summary> /// <param name="mode">Mode to use.</param> public X86Emulator(X86Mode mode) : base(Bindings.Arch.x86, (Bindings.Mode)mode) { _registers = new X86Registers(this); }
/// <summary> /// Initializes a new instance of the <see cref="X86Emulator"/> class with the specified /// <see cref="X86Mode"/> to use. /// </summary> /// <param name="mode">Mode to use.</param> public X86Emulator(X86Mode mode) : base(UnicornArch.X86, (UnicornMode)mode) { _registers = new X86Registers(this); }