How to use the unicorn.UC_MODE_LITTLE_ENDIAN function in unicorn
To help you get started, we’ve selected a few unicorn examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
alanvivona / pwnshop / src / 0x19-crackme-darkflow-3 / emu.py View on Github 
def reset():
emu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_64 + unicorn.UC_MODE_LITTLE_ENDIAN)
emu.mem_map(SEGMENT_FS_ADDR-0x1000, 0x3000)
set_fs(emu, SEGMENT_FS_ADDR)
set_gs(emu, SEGMENT_GS_ADDR)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RAX, 0x5555555583c0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RBX, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RCX, 0x400)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RDX, 0x7ffff7dcc960)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RSP, 0x7fffffffdc90)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RBP, 0x7fffffffdc90)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RSI, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RDI, 0x5555555583c0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RIP, 0x555555555269)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R8, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R9, 0x5555555582b0)def setup_arm64(self):
self.uc = unicorn.Uc(unicorn.UC_ARCH_ARM64, unicorn.UC_MODE_LITTLE_ENDIAN)
self.cs = Cs(CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN)
self._current_cpu_mode = unicorn.UC_MODE_LITTLE_ENDIANdef setup_arm64(self):
self.uc = unicorn.Uc(unicorn.UC_ARCH_ARM64, unicorn.UC_MODE_LITTLE_ENDIAN)
self.cs = Cs(CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN)
self._current_cpu_mode = unicorn.UC_MODE_LITTLE_ENDIANRetrieve the mode used by Unicorn for the current architecture.
"""
arch = pwndbg.arch.current
mode = 0
if arch == 'armcm':
mode |= (U.UC_MODE_MCLASS | U.UC_MODE_THUMB) if (pwndbg.regs.xpsr & (1<<24)) else U.UC_MODE_MCLASS
elif arch in ('arm', 'aarch64'):
mode |= U.UC_MODE_THUMB if (pwndbg.regs.cpsr & (1<<5)) else U.UC_MODE_ARM
else:
mode |= {4:U.UC_MODE_32, 8:U.UC_MODE_64}[pwndbg.arch.ptrsize]
if pwndbg.arch.endian == 'little':
mode |= U.UC_MODE_LITTLE_ENDIAN
else:
mode |= U.UC_MODE_BIG_ENDIAN
return mode
self.compiler = compiler
self.breakpoints = list()
self.breakpoints_callback = list()
# Convert IDA architectures IDs to our own.
if architecture == "ppc": # FIXME : pyelftools does not recognize
# PowerPC architecture, hence does not
# return its type.
raise PimpMyRideException("PowerPC is unsupported.")
elif architecture == "MIPS":
cur_arch = uc.UC_ARCH_MIPS
if is_little_endian:
cur_mode = uc.UC_MODE_MIPS32 + uc.UC_MODE_LITTLE_ENDIAN
else:
cur_mode = uc.UC_MODE_MIPS32 + uc.UC_MODE_BIG_ENDIAN
cs_arch = cs.CS_ARCH_MIPS
if is_little_endian:
cs_mode = cs.CS_MODE_MIPS32 + cs.CS_MODE_LITTLE_ENDIAN
else:
cs_mode = cs.CS_MODE_MIPS32 + cs.CS_MODE_BIG_ENDIAN
elif architecture == "ARM":
#if self.mode == uc.UC_MODE_ARM:
#elif self.mode == uc.UC_MODE_THUMB:
cur_arch = uc.UC_ARCH_ARM
cur_mode = uc.UC_MODE_ARM
cs_arch = cs.CS_ARCH_ARM
Popular unicorn functions
- unicorn.arm64_const
- unicorn.arm_const
- unicorn.mips_const
- unicorn.Uc
- unicorn.Uc.hook_del
- unicorn.Uc.mem_unmap
- unicorn.UC_ARCH_ARM
- unicorn.UC_ARCH_ARM64
- unicorn.UC_ARCH_MIPS
- unicorn.UC_ARCH_X86
- unicorn.UC_HOOK_CODE
- unicorn.UC_MODE_32
- unicorn.UC_MODE_64
- unicorn.UC_MODE_ARM
- unicorn.UC_MODE_LITTLE_ENDIAN
- unicorn.UC_MODE_THUMB
- unicorn.UcError
- unicorn.x86_const
- unicorn.x86_const.UC_X86_REG_RDI
- unicorn.x86_const.UC_X86_REG_RIP