private static void RunTest(Byte[] code, Int64 address, Int32 mode) { using (var u = new Unicorn(Common.UC_ARCH_X86, mode)) using (var disassembler = CapstoneDisassembler.CreateX86Disassembler(DisassembleMode.Bit32)) { Console.WriteLine("Unicorn version: {0}", u.Version()); // map 2MB of memory for this emulation u.MemMap(address, 2 * 1024 * 1024, Common.UC_PROT_ALL); // initialize machine registers u.RegWrite(X86.UC_X86_REG_EAX, 0x1234); u.RegWrite(X86.UC_X86_REG_ECX, 0x1234); u.RegWrite(X86.UC_X86_REG_EDX, 0x7890); // write machine code to be emulated to memory u.MemWrite(address, code); // initialize machine registers u.RegWrite(X86.UC_X86_REG_ESP, Utils.Int64ToBytes(address + 0x200000)); // handle IN & OUT instruction u.AddInHook(InHookCallback); u.AddOutHook(OutHookCallback); // tracing all instructions by having @begin > @end u.AddCodeHook((uc, addr, size, userData) => CodeHookCallback(disassembler, uc, addr, size, userData), 1, 0); // handle interrupt ourself u.AddInterruptHook(InterruptHookCallback); // handle SYSCALL u.AddSyscallHook(SyscallHookCallback); // intercept invalid memory events u.AddEventMemHook(MemMapHookCallback, Common.UC_HOOK_MEM_READ_UNMAPPED | Common.UC_HOOK_MEM_WRITE_UNMAPPED); Console.WriteLine(">>> Start tracing code"); // emulate machine code in infinite time u.EmuStart(address, address + code.Length, 0u, 0u); // print registers var ecx = u.RegRead(X86.UC_X86_REG_ECX); var edx = u.RegRead(X86.UC_X86_REG_EDX); var eax = u.RegRead(X86.UC_X86_REG_EAX); Console.WriteLine("[!] EAX = {0}", eax.ToString("X")); Console.WriteLine("[!] ECX = {0}", ecx.ToString("X")); Console.WriteLine("[!] EDX = {0}", edx.ToString("X")); Console.WriteLine(">>> Emulation Done!"); } }