How to use the unicorn.x86_const function in unicorn
To help you get started, we’ve selected a few unicorn examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
unicorn-engine / unicorn / tests / regress / jmp_ebx_hang.py View on Github 
mu.mem_map(CODE_ADDR, 1024 * 4)
mu.mem_write(CODE_ADDR, CODE)
# If EBX is zero then an exception is raised, as expected
mu.reg_write(unicorn.x86_const.UC_X86_REG_EBX, 0x0)
print(">>> jmp ebx (ebx = 0)");
with self.assertRaises(UcError) as m:
mu.emu_start(CODE_ADDR, CODE_ADDR + 2, count=1)
self.assertEqual(m.exception.errno, UC_ERR_FETCH_UNMAPPED)
print(">>> jmp ebx (ebx = 0xaa96a47f)");
mu = unicorn.Uc(UC_ARCH_X86, UC_MODE_32)
mu.mem_map(CODE_ADDR, 1024 * 4)
# If we write this address to EBX then the emulator hangs on emu_start
mu.reg_write(unicorn.x86_const.UC_X86_REG_EBX, 0xaa96a47f)
mu.mem_write(CODE_ADDR, CODE)
with self.assertRaises(UcError) as m:
mu.emu_start(CODE_ADDR, CODE_ADDR + 2, count=1)
self.assertEqual(m.exception.errno, UC_ERR_FETCH_UNMAPPED)# Mapping : 0x7ffff7ffe000-0x7ffff7fff000
emu.mem_map(0x7ffff7ffe000, 0x1000, 0o3)
emu.mem_write(0x7ffff7ffe000, open('./emu_files/gef-crack3-by-D4RK_FL0W-0x7ffff7ffe000.raw', 'rb').read())
# Mapping [stack]: 0x7ffffffde000-0x7ffffffff000
emu.mem_map(0x7ffffffde000, 0x21000, 0o3)
emu.mem_write(0x7ffffffde000, open('./emu_files/gef-crack3-by-D4RK_FL0W-0x7ffffffde000.raw', 'rb').read())
# Mapping [vsyscall]: 0xffffffffff600000-0xffffffffff601000
emu.mem_map(0xffffffffff600000, 0x1000, 0o5)
emu.mem_write(0xffffffffff600000, open('./emu_files/gef-crack3-by-D4RK_FL0W-0xffffffffff600000.raw', 'rb').read())
emu.hook_add(unicorn.UC_HOOK_CODE, code_hook)
emu.hook_add(unicorn.UC_HOOK_INTR, intr_hook)
emu.hook_add(unicorn.UC_HOOK_INSN, syscall_hook, None, 1, 0, unicorn.x86_const.UC_X86_INS_SYSCALL)
return emuemu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_64 + unicorn.UC_MODE_LITTLE_ENDIAN)
emu.mem_map(SEGMENT_FS_ADDR-0x1000, 0x3000)
set_fs(emu, SEGMENT_FS_ADDR)
set_gs(emu, SEGMENT_GS_ADDR)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RAX, 0x5555555583c0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RBX, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RCX, 0x400)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RDX, 0x7ffff7dcc960)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RSP, 0x7fffffffdc90)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RBP, 0x7fffffffdc90)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RSI, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RDI, 0x5555555583c0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RIP, 0x555555555269)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R8, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R9, 0x5555555582b0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R10, 0x7ffff7dd2800)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R11, 0x246)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R12, 0x5555555550b0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R13, 0x7fffffffdd90)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R14, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R15, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_EFLAGS, 0x202)
emu.reg_write(unicorn.x86_const.UC_X86_REG_CS, 0x33)
emu.reg_write(unicorn.x86_const.UC_X86_REG_SS, 0x2b)
emu.reg_write(unicorn.x86_const.UC_X86_REG_DS, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_ES, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_FS, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_GS, 0x0)
# Mapping /home/h3y/Downloads/crackmes/crack3-by-D4RK_FL0W: 0x555555554000-0x555555555000
emu.mem_map(0x555555554000, 0x1000, 0o1)def set_msr(uc, msr, value, scratch=SCRATCH_ADDR):
buf = b"\x0f\x30" # x86: wrmsr
uc.mem_map(scratch, 0x1000)
uc.mem_write(scratch, buf)
uc.reg_write(unicorn.x86_const.UC_X86_REG_RAX, value & 0xFFFFFFFF)
uc.reg_write(unicorn.x86_const.UC_X86_REG_RDX, (value >> 32) & 0xFFFFFFFF)
uc.reg_write(unicorn.x86_const.UC_X86_REG_RCX, msr & 0xFFFFFFFF)
uc.emu_start(scratch, scratch+len(buf), count=1)
uc.mem_unmap(scratch, 0x1000)
returndef __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_X86, uc.UC_MODE_32)
self.disasm = cs.Cs(cs.CS_ARCH_X86, cs.CS_MODE_32)
self.disasm.detail = True
self.word_size = 4
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.x86_const.UC_X86_REG_EIP
known_regs = [i[len('UC_X86_REG_'):] for i in dir(uc.x86_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.x86_const, 'UC_X86_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()def reset_stack(self):
self.emu.reg_write(uc.x86_const.UC_X86_REG_EBP, self.STACK_ADDR)
self.emu.reg_write(uc.x86_const.UC_X86_REG_ESP, self.STACK_ADDR)def __init__(self, *args, **kwargs):
import unicorn.x86_const as csts
self.regs = {
"EAX": csts.UC_X86_REG_EAX, "EBX": csts.UC_X86_REG_EBX,
"ECX": csts.UC_X86_REG_ECX, "EDI": csts.UC_X86_REG_EDI,
"EDX": csts.UC_X86_REG_EDX, "ESI": csts.UC_X86_REG_ESI,
"EBP": csts.UC_X86_REG_EBP, "ESP": csts.UC_X86_REG_ESP,
}
self.pc_reg_name = "EIP"
self.pc_reg_value = csts.UC_X86_REG_EIP
super(UcWrapCPU_x86_32, self).__init__(*args, **kwargs)def __init__(self, *args, **kwargs):
import unicorn.x86_const as csts
self.regs = {
"RAX": csts.UC_X86_REG_RAX, "RBX": csts.UC_X86_REG_RBX,
"RCX": csts.UC_X86_REG_RCX, "RDI": csts.UC_X86_REG_RDI,
"RDX": csts.UC_X86_REG_RDX, "RSI": csts.UC_X86_REG_RSI,
"RBP": csts.UC_X86_REG_RBP, "RSP": csts.UC_X86_REG_RSP,
"R8": csts.UC_X86_REG_R8, "R11": csts.UC_X86_REG_R11,
"R9": csts.UC_X86_REG_R9, "R10": csts.UC_X86_REG_R10,
"R12": csts.UC_X86_REG_R12, "R13": csts.UC_X86_REG_R13,
"R14": csts.UC_X86_REG_R14, "R15": csts.UC_X86_REG_R15,
}
self.pc_reg_name = "RIP"
self.pc_reg_value = csts.UC_X86_REG_RIP
super(UcWrapCPU_x86_64, self).__init__(*args, **kwargs)
Popular unicorn functions
- unicorn.arm64_const
- unicorn.arm_const
- unicorn.mips_const
- unicorn.Uc
- unicorn.Uc.hook_del
- unicorn.Uc.mem_unmap
- unicorn.UC_ARCH_ARM
- unicorn.UC_ARCH_ARM64
- unicorn.UC_ARCH_MIPS
- unicorn.UC_ARCH_X86
- unicorn.UC_HOOK_CODE
- unicorn.UC_MODE_32
- unicorn.UC_MODE_64
- unicorn.UC_MODE_ARM
- unicorn.UC_MODE_LITTLE_ENDIAN
- unicorn.UC_MODE_THUMB
- unicorn.UcError
- unicorn.x86_const
- unicorn.x86_const.UC_X86_REG_RDI
- unicorn.x86_const.UC_X86_REG_RIP