private static void Main(string[] args)
{
using (var unicorn = new Unicorn(UcArch.UC_ARCH_ARM64, UcMode.UC_MODE_ARM))
{
const ulong address = 0x1000;
const ulong memSize = 0x1000;
var codeBytes = new byte[]
{
0x01, 0x06, 0xa0, 0xd2,
0x41, 0x10, 0x18, 0xd5,
0xdf, 0x3f, 0x03, 0xd5
};
unicorn.HookCode((uc, address1, size, data) =>
{
Console.WriteLine("Code..");
});
unicorn.MemMap(address, memSize);
unicorn.MemWrite(address, codeBytes);
unicorn.RegWrite(UcArm64Reg.UC_ARM64_REG_SP, address + memSize);
unicorn.EmuStart(address, address + (ulong)codeBytes.Length);
}
}
public static void RunTest(Byte[] code, UInt64 address)
{
var u = new Unicorn(Common.UC_ARCH_X86, Common.UC_MODE_32);
Console.WriteLine("Unicorn version: {0}", u.Version());
// map 2MB of memory for this emulation
Utils.CheckError(u.MemMap(address, new UIntPtr(2 * 1024 * 1024), Common.UC_PROT_ALL));
// write machine code to be emulated to memory
Utils.CheckError(u.MemWrite(address, code));
// initialize machine registers
Utils.CheckError(u.RegWrite(X86.UC_X86_REG_ESP, Utils.Int64ToBytes(address + 0x200000)));
// tracing all instructions by having @begin > @end
Utils.CheckError(u.AddCodeHook(CodeHookCallback, null, 1, 0).Item1);
// handle interrupt ourself
Utils.CheckError(u.AddInterruptHook(InterruptHookCallback, null).Item1);
// handle SYSCALL
Utils.CheckError(u.AddSyscallHook(SyscallHookCallback, null).Item1);
Console.WriteLine(">>> Start tracing linux code");
// emulate machine code in infinite time
u.EmuStart(address, address + (UInt64)code.Length, 0u, new UIntPtr(0));
Console.WriteLine(">>> Emulation Done!");
}
private static void RunTest(Byte[] code, Int64 address, Int32 mode)
{
using (var u = new Unicorn(Common.UC_ARCH_X86, mode))
using (var disassembler = CapstoneDisassembler.CreateX86Disassembler(DisassembleMode.Bit32))
{
Console.WriteLine("Unicorn version: {0}", u.Version());
// map 2MB of memory for this emulation
u.MemMap(address, 2 * 1024 * 1024, Common.UC_PROT_ALL);
// initialize machine registers
u.RegWrite(X86.UC_X86_REG_EAX, 0x1234);
u.RegWrite(X86.UC_X86_REG_ECX, 0x1234);
u.RegWrite(X86.UC_X86_REG_EDX, 0x7890);
// write machine code to be emulated to memory
u.MemWrite(address, code);
// initialize machine registers
u.RegWrite(X86.UC_X86_REG_ESP, Utils.Int64ToBytes(address + 0x200000));
// handle IN & OUT instruction
u.AddInHook(InHookCallback);
u.AddOutHook(OutHookCallback);
// tracing all instructions by having @begin > @end
u.AddCodeHook((uc, addr, size, userData) => CodeHookCallback(disassembler, uc, addr, size, userData), 1, 0);
// handle interrupt ourself
u.AddInterruptHook(InterruptHookCallback);
// handle SYSCALL
u.AddSyscallHook(SyscallHookCallback);
// intercept invalid memory events
u.AddEventMemHook(MemMapHookCallback, Common.UC_HOOK_MEM_READ_UNMAPPED | Common.UC_HOOK_MEM_WRITE_UNMAPPED);
Console.WriteLine(">>> Start tracing code");
// emulate machine code in infinite time
u.EmuStart(address, address + code.Length, 0u, 0u);
// print registers
var ecx = u.RegRead(X86.UC_X86_REG_ECX);
var edx = u.RegRead(X86.UC_X86_REG_EDX);
var eax = u.RegRead(X86.UC_X86_REG_EAX);
Console.WriteLine("[!] EAX = {0}", eax.ToString("X"));
Console.WriteLine("[!] ECX = {0}", ecx.ToString("X"));
Console.WriteLine("[!] EDX = {0}", edx.ToString("X"));
Console.WriteLine(">>> Emulation Done!");
}
}
private static void RunTest(Byte[] code, Int64 address)
{
try
{
using (var u = new Unicorn(Common.UC_ARCH_X86, Common.UC_MODE_32))
using (var disassembler = CapstoneDisassembler.CreateX86Disassembler(DisassembleMode.Bit32))
{
Console.WriteLine("Unicorn version: {0}", u.Version());
// map 2MB of memory for this emulation
u.MemMap(address, 2 * 1024 * 1024, Common.UC_PROT_ALL);
// write machine code to be emulated to memory
u.MemWrite(address, code);
// initialize machine registers
u.RegWrite(X86.UC_X86_REG_ESP, Utils.Int64ToBytes(address + 0x200000));
var regv = new Byte[4];
u.RegRead(X86.UC_X86_REG_ESP, regv);
// tracing all instructions by having @begin > @end
u.AddCodeHook((uc, addr, size, userData) => CodeHookCallback(disassembler, uc, addr, size, userData), 1, 0);
// handle interrupt ourself
u.AddInterruptHook(InterruptHookCallback);
// handle SYSCALL
u.AddSyscallHook(SyscallHookCallback);
Console.WriteLine(">>> Start tracing code");
// emulate machine code in infinite time
u.EmuStart(address, address + code.Length, 0u, 0u);
Console.WriteLine(">>> Emulation Done!");
}
}
catch (UnicornEngineException ex)
{
Console.Error.WriteLine("Emulation FAILED! " + ex.Message);
}
}
private static void RunTest(Byte[] code, Int64 address)
{
try
{
using (var u = new Unicorn(Common.UC_ARCH_X86, Common.UC_MODE_32))
using(var disassembler = CapstoneDisassembler.CreateX86Disassembler(DisassembleMode.Bit32))
{
Console.WriteLine("Unicorn version: {0}", u.Version());
// map 2MB of memory for this emulation
u.MemMap(address, 2 * 1024 * 1024, Common.UC_PROT_ALL);
// write machine code to be emulated to memory
u.MemWrite(address, code);
// initialize machine registers
u.RegWrite(X86.UC_X86_REG_ESP, Utils.Int64ToBytes(address + 0x200000));
var regv = new Byte[4];
u.RegRead(X86.UC_X86_REG_ESP, regv);
// tracing all instructions by having @begin > @end
u.AddCodeHook((uc, addr, size, userData) => CodeHookCallback(disassembler, uc, addr, size, userData), 1, 0);
// handle interrupt ourself
u.AddInterruptHook(InterruptHookCallback);
// handle SYSCALL
u.AddSyscallHook(SyscallHookCallback);
Console.WriteLine(">>> Start tracing code");
// emulate machine code in infinite time
u.EmuStart(address, address + code.Length, 0u, 0u);
Console.WriteLine(">>> Emulation Done!");
}
}
catch (UnicornEngineException ex)
{
Console.Error.WriteLine("Emulation FAILED! " + ex.Message);
}
}
public static void RunTest(Byte[] code, UInt64 address)
{
try
{
var u = new Unicorn(Common.UC_ARCH_X86, Common.UC_MODE_32);
Console.WriteLine("Unicorn version: {0}", u.Version());
// map 2MB of memory for this emulation
u.MemMap(address, new UIntPtr(2 * 1024 * 1024), Common.UC_PROT_ALL);
// write machine code to be emulated to memory
u.MemWrite(address, code);
// initialize machine registers
u.RegWrite(X86.UC_X86_REG_ESP, Utils.Int64ToBytes(address + 0x200000));
// tracing all instructions by having @begin > @end
u.AddCodeHook(CodeHookCallback, null, 1, 0);
// handle interrupt ourself
u.AddInterruptHook(InterruptHookCallback, null);
// handle SYSCALL
u.AddSyscallHook(SyscallHookCallback, null);
Console.WriteLine(">>> Start tracing linux code");
// emulate machine code in infinite time
u.EmuStart(address, address + (UInt64)code.Length, 0u, new UIntPtr(0));
Console.WriteLine(">>> Emulation Done!");
}
catch (UnicornEngineException ex)
{
Console.Error.WriteLine("Emulation FAILED! " + ex.Message);
}
}
private static void RunTest(Byte[] code, Int64 address, Int32 mode)
{
using (var u = new Unicorn(Common.UC_ARCH_X86, mode))
using (var disassembler = CapstoneDisassembler.CreateX86Disassembler(DisassembleMode.Bit32))
{
Console.WriteLine("Unicorn version: {0}", u.Version());
// map 2MB of memory for this emulation
u.MemMap(address, 2 * 1024 * 1024, Common.UC_PROT_ALL);
// initialize machine registers
u.RegWrite(X86.UC_X86_REG_EAX, 0x1234);
u.RegWrite(X86.UC_X86_REG_ECX, 0x1234);
u.RegWrite(X86.UC_X86_REG_EDX, 0x7890);
// write machine code to be emulated to memory
u.MemWrite(address, code);
// initialize machine registers
u.RegWrite(X86.UC_X86_REG_ESP, Utils.Int64ToBytes(address + 0x200000));
// handle IN & OUT instruction
u.AddInHook(InHookCallback);
u.AddOutHook(OutHookCallback);
// tracing all instructions by having @begin > @end
u.AddCodeHook((uc, addr, size, userData) => CodeHookCallback(disassembler, uc, addr, size, userData), 1, 0);
// handle interrupt ourself
u.AddInterruptHook(InterruptHookCallback);
// handle SYSCALL
u.AddSyscallHook(SyscallHookCallback);
// intercept invalid memory events
u.AddEventMemHook(MemMapHookCallback, Common.UC_HOOK_MEM_READ_UNMAPPED | Common.UC_HOOK_MEM_WRITE_UNMAPPED);
Console.WriteLine(">>> Start tracing code");
// emulate machine code in infinite time
u.EmuStart(address, address + code.Length, 0u, 0u);
// print registers
var ecx = u.RegRead(X86.UC_X86_REG_ECX);
var edx = u.RegRead(X86.UC_X86_REG_EDX);
var eax = u.RegRead(X86.UC_X86_REG_EAX);
Console.WriteLine("[!] EAX = {0}", eax.ToString("X"));
Console.WriteLine("[!] ECX = {0}", ecx.ToString("X"));
Console.WriteLine("[!] EDX = {0}", edx.ToString("X"));
Console.WriteLine(">>> Emulation Done!");
}
}
