Exemplo n.º 1
0
 Int32 emu_cpu_step(emu_cpu *hCpu);
Exemplo n.º 2
0
 UInt32 emu_cpu_eip_set(emu_cpu *hCpu, UInt32 eip);
Exemplo n.º 3
0
 UInt32 emu_cpu_eip_get(emu_cpu *hCpu);
Exemplo n.º 4
0
 Int32 emu_cpu_parse(emu_cpu *hCpu);
Exemplo n.º 5
0
 UInt32 emu_cpu_run(emu_cpu *hCpu);
Exemplo n.º 6
0
 UInt32 emu_disasm_addr(emu_cpu *hCpu, UInt32 eip, StringBuilder buf99);
Exemplo n.º 7
0
 UInt32 emu_cpu_reg32_set(emu_cpu *hCpu, emu_reg32 reg32, UInt32 val);
Exemplo n.º 8
0
 UInt32 emu_cpu_reg32_get(emu_cpu *hCpu, emu_reg32 reg32);
Exemplo n.º 9
0
        static void Main(string[] args)
        {
            e = emu_new();
            cpu = emu_cpu_get(e);
            mem = emu_memory_get(e);
            env = emu_env_new(e);

            Console.WriteLine("hEmu=" + e.ToString("X") + " hMem=" + mem.ToString("X") + " hEnv=" + env.ToString("X"));

            //emu_cpu_reg32_set( cpu, emu_reg32.esp  , 0x12FE00);
            //emu_cpu_reg32_set( cpu, emu_reg32.ebp, 0x12FFF0);

            cpu->esp = 0x12FE00;
            cpu->ebp = 0x12FFF0;

            //ApiHookProc ahp = new ApiHookProc(hook_LoadLibraryA);
            UInt32 r = emu_env_w32_export_new_hook(env, "LoadLibraryA", hook_LoadLibraryA, 0);
            Console.WriteLine("SetHook returned: " + r+"\n");

            //mov eax, 0; inc eax, int 3
            //byte[] b = { 0xb8, 0x00, 0x00, 0x00, 0x00, 0x40, 0xcc, 0xcc };

            //00436A3D     68 6C333200    PUSH 32336C
            //00436A42     68 7368656C    PUSH 6C656873
            //00436A47     54             PUSH ESP
            //00436A48     68 771D807C    PUSH 7C801D77  ;LoadLibrary address
            //00436A4D     59             POP ECX
            //00436A4E     FFD1           CALL ECX
            //00436A48     68 A0AD807C    PUSH 7c80ada0 ;GetProcAddress (stack not setup properly though for legit call)
            //00436A4D     59             POP ECX
            //00436A4E     FFD1           CALL ECX

            byte[] b = {0x68, 0x6C, 0x33, 0x32, 0x00, 0x68, 0x73, 0x68, 0x65, 0x6C, 0x54,
                        0x68, 0x77, 0x1D, 0x80, 0x7C, 0x59, 0xFF, 0xD1,0x68, 0xa0, 0xad,
                        0x80, 0x7c, 0x59, 0xFF, 0xD1, 0xCC };

            WriteShellcode(0x401000, b);

            //emu_cpu_eip_set(cpu, 0x401000);
            cpu->eip = 0x401000;

            Console.WriteLine("Eip = " + emu_cpu_eip_get(cpu));

            for (int i = 0; i < 100; i++)
            {
                emu_env_w32_dll_export* export = emu_env_w32_eip_check(env);
                if ( (int)export != 0)
                {
                    if (export->lpfnHook == 0){ //then it is an api start address, but its not hooked..
                        Console.WriteLine("\nUnhooked api: " + CString(export->lpfnName,256));
                        break;
                    }
                }
                else
                {
                    print_disasm();
                    if (!Step()) break;
                }
            }

            Console.WriteLine("\nError: " + emu_strerror(e));
            Console.WriteLine("Run Complete eax=" + emu_cpu_reg32_get(cpu, emu_reg32.eax).ToString("X") );
            Console.ReadKey();
        }