How to use the unicorn.x86_const.UC_X86_REG_RIP function in unicorn

To help you get started, we’ve selected a few unicorn examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

unicorn-engine / unicorn / tests / regress / x86_64_eflags.py View on Github

def test_eflags(self):
        # xor r14,r14
        CODE = 'M1\xf6'

        uc = U.Uc(U.UC_ARCH_X86, U.UC_MODE_64)
        uc.reg_write(U.x86_const.UC_X86_REG_RIP, 0x6000b0)
        uc.reg_write(U.x86_const.UC_X86_REG_EFLAGS, 0x200)

        uc.mem_map(0x600000, 0x1000)
        uc.mem_write(0x6000b0, CODE)
        uc.emu_start(0x6000b0, 0, count=1)


        # Here's the original execution trace for this on actual hardware.
        #
        # (gdb) x/i $pc
        # => 0x6000b0:    xor    %r14,%r14
        # (gdb) p/x $eflags
        # $1 = 0x200
        # (gdb) p $eflags
        # $2 = [ IF ]
        # (gdb) si

unicorn-engine / unicorn / tests / regress / x86_64_eflags.py View on Github

# Here's the original execution trace for this on actual hardware.
        #
        # (gdb) x/i $pc
        # => 0x6000b0:    xor    %r14,%r14
        # (gdb) p/x $eflags
        # $1 = 0x200
        # (gdb) p $eflags
        # $2 = [ IF ]
        # (gdb) si
        # 0x00000000006000b3 in ?? ()
        # (gdb) p/x $eflags
        # $3 = 0x246
        # (gdb) p $eflags
        # $4 = [ PF ZF IF ]

        self.assertEqual(0x6000b3, uc.reg_read(U.x86_const.UC_X86_REG_RIP))
        self.assertEqual(0x246, uc.reg_read(U.x86_const.UC_X86_REG_EFLAGS))

alanvivona / pwnshop / src / 0x19-crackme-darkflow-3 / emu.py View on Github

#!/usr/bin/env python3

#
# Emulation script for "crack3-by-D4RK_FL0W" from 0x555555555269 to 0x555555555328
#
# Powered by gef, unicorn-engine, and capstone-engine
#
# @_hugsy_
#
from __future__ import print_function
import collections
import capstone, unicorn

registers = collections.OrderedDict(sorted({'$rax': unicorn.x86_const.UC_X86_REG_RAX,'$rbx': unicorn.x86_const.UC_X86_REG_RBX,'$rcx': unicorn.x86_const.UC_X86_REG_RCX,'$rdx': unicorn.x86_const.UC_X86_REG_RDX,'$rsp': unicorn.x86_const.UC_X86_REG_RSP,'$rbp': unicorn.x86_const.UC_X86_REG_RBP,'$rsi': unicorn.x86_const.UC_X86_REG_RSI,'$rdi': unicorn.x86_const.UC_X86_REG_RDI,'$rip': unicorn.x86_const.UC_X86_REG_RIP,'$r8': unicorn.x86_const.UC_X86_REG_R8,'$r9': unicorn.x86_const.UC_X86_REG_R9,'$r10': unicorn.x86_const.UC_X86_REG_R10,'$r11': unicorn.x86_const.UC_X86_REG_R11,'$r12': unicorn.x86_const.UC_X86_REG_R12,'$r13': unicorn.x86_const.UC_X86_REG_R13,'$r14': unicorn.x86_const.UC_X86_REG_R14,'$r15': unicorn.x86_const.UC_X86_REG_R15,'$eflags': unicorn.x86_const.UC_X86_REG_EFLAGS,'$cs': unicorn.x86_const.UC_X86_REG_CS,'$ss': unicorn.x86_const.UC_X86_REG_SS,'$ds': unicorn.x86_const.UC_X86_REG_DS,'$es': unicorn.x86_const.UC_X86_REG_ES,'$fs': unicorn.x86_const.UC_X86_REG_FS,'$gs': unicorn.x86_const.UC_X86_REG_GS}.items(), key=lambda t: t[0]))
uc = None
verbose = False
syscall_register = "$rax"

def disassemble(code, addr):
    cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64 + capstone.CS_MODE_LITTLE_ENDIAN)
    for i in cs.disasm(code, addr):
        return i

def hook_code(emu, address, size, user_data):
    code = emu.mem_read(address, size)
    insn = disassemble(code, address)
    print(">>> {:#x}: {:s} {:s}".format(insn.address, insn.mnemonic, insn.op_str))
    return

def code_hook(emu, address, size, user_data):

cea-sec / Sibyl / sibyl / engine / qemu.py View on Github

def __init__(self, *args, **kwargs):
        import unicorn.x86_const as csts
        self.regs = {
            "RAX": csts.UC_X86_REG_RAX, "RBX": csts.UC_X86_REG_RBX,
            "RCX": csts.UC_X86_REG_RCX, "RDI": csts.UC_X86_REG_RDI,
            "RDX": csts.UC_X86_REG_RDX, "RSI": csts.UC_X86_REG_RSI,
            "RBP": csts.UC_X86_REG_RBP, "RSP": csts.UC_X86_REG_RSP,
             "R8": csts.UC_X86_REG_R8, "R11": csts.UC_X86_REG_R11,
            "R9": csts.UC_X86_REG_R9, "R10": csts.UC_X86_REG_R10,
            "R12": csts.UC_X86_REG_R12, "R13": csts.UC_X86_REG_R13,
            "R14": csts.UC_X86_REG_R14, "R15": csts.UC_X86_REG_R15,
        }
        self.pc_reg_name = "RIP"
        self.pc_reg_value = csts.UC_X86_REG_RIP
        super(UcWrapCPU_x86_64, self).__init__(*args, **kwargs)

Ledger-Donjon / rainbow / rainbow / generics / x64.py View on Github

def __init__(self, trace=True, sca_mode=False, local_vars={}):
        super().__init__(trace, sca_mode)
        self.emu = uc.Uc(uc.UC_ARCH_X86, uc.UC_MODE_64)
        self.disasm = cs.Cs(cs.CS_ARCH_X86, cs.CS_MODE_64)
        self.disasm.detail = True
        self.word_size = 8
        self.endianness = "little"
        self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
        self.page_shift = self.page_size.bit_length() - 1
        self.pc = uc.x86_const.UC_X86_REG_RIP

        # workaround for capstone 4
        uc.x86_const.UC_X86_REG_RFLAGS = uc.x86_const.UC_X86_REG_EFLAGS

        known_regs = [i[len('UC_X86_REG_'):] for i in dir(uc.x86_const) if '_REG' in i]
        self.reg_map = {r.lower(): getattr(uc.x86_const, 'UC_X86_REG_'+r) for r in known_regs}

        self.stubbed_functions = local_vars
        self.setup(sca_mode)

        self.reset_stack()

iGio90 / Dwarf / lib / emulator.py View on Github

self.log_to_ui('Error: Emulator stopped - looping')
            self.stop()
            return

        self._current_instruction = address

        # check if pc/eip is end_ptr
        pc = 0  # address should be pc too ???
        if self.dwarf.arch == 'arm':
            pc = uc.reg_read(unicorn.arm_const.UC_ARM_REG_PC)
        elif self.dwarf.arch == 'arm64':
            pc = uc.reg_read(unicorn.arm64_const.UC_ARM64_REG_PC)
        elif self.dwarf.arch == 'ia32':
            pc = uc.reg_read(unicorn.x86_const.UC_X86_REG_EIP)
        elif self.dwarf.arch == 'x64':
            pc = uc.reg_read(unicorn.x86_const.UC_X86_REG_RIP)

        if self.thumb:
            pc = pc | 1

        if pc == self._end_address:
            self._request_stop = True

        # set the current context
        self.current_context.set_context(uc)

        instruction = None
        try:
            try:
                data = bytes(uc.mem_read(address, size))
                assembly = self.cs.disasm(data, address)
            except:

alanvivona / pwnshop / src / 0x19-crackme-darkflow-3 / emu.py View on Github

def reset():
    emu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_64 + unicorn.UC_MODE_LITTLE_ENDIAN)

    emu.mem_map(SEGMENT_FS_ADDR-0x1000, 0x3000)
    set_fs(emu, SEGMENT_FS_ADDR)
    set_gs(emu, SEGMENT_GS_ADDR)

    emu.reg_write(unicorn.x86_const.UC_X86_REG_RAX, 0x5555555583c0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_RBX, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_RCX, 0x400)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_RDX, 0x7ffff7dcc960)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_RSP, 0x7fffffffdc90)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_RBP, 0x7fffffffdc90)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_RSI, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_RDI, 0x5555555583c0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_RIP, 0x555555555269)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_R8, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_R9, 0x5555555582b0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_R10, 0x7ffff7dd2800)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_R11, 0x246)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_R12, 0x5555555550b0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_R13, 0x7fffffffdd90)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_R14, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_R15, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_EFLAGS, 0x202)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_CS, 0x33)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_SS, 0x2b)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_DS, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_ES, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_FS, 0x0)
    emu.reg_write(unicorn.x86_const.UC_X86_REG_GS, 0x0)
    # Mapping /home/h3y/Downloads/crackmes/crack3-by-D4RK_FL0W: 0x555555554000-0x555555555000

r00tus3r / r00tEmu / utils.py View on Github

def dump_regs(mu, address, size):
    f = open("dump_regs","a+")
    f.write(">>> Tracing instruction at 0x%x, instruction size = 0x%x\n" %(address, size))
    rax = mu.reg_read(unicorn.x86_const.UC_X86_REG_RAX)
    rbx = mu.reg_read(unicorn.x86_const.UC_X86_REG_RBX)
    rcx = mu.reg_read(unicorn.x86_const.UC_X86_REG_RCX)
    rdx = mu.reg_read(unicorn.x86_const.UC_X86_REG_RDX)
    rsi = mu.reg_read(unicorn.x86_const.UC_X86_REG_RSI)
    rdi = mu.reg_read(unicorn.x86_const.UC_X86_REG_RDI)
    rbp = mu.reg_read(unicorn.x86_const.UC_X86_REG_RBP)
    rsp = mu.reg_read(unicorn.x86_const.UC_X86_REG_RSP)
    rip = mu.reg_read(unicorn.x86_const.UC_X86_REG_RIP)
    r8 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R8)
    r9 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R9)
    r10 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R10)
    r11 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R11)
    r12 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R12)
    r13 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R13)
    r14 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R14)
    r15 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R15)

    f.write(">>> RAX = 0x%x\n" %rax)
    f.write(">>> RBX = 0x%x\n" %rbx)
    f.write(">>> RCX = 0x%x\n" %rcx)
    f.write(">>> RDX = 0x%x\n" %rdx)
    f.write(">>> RSI = 0x%x\n" %rsi)
    f.write(">>> RDI = 0x%x\n" %rdi)
    f.write(">>> RBP = 0x%x\n" %rbp)

How to use the unicorn.x86_const.UC_X86_REG_RIP function in unicorn

To help you get started, we’ve selected a few unicorn examples, based on popular ways it is used in public projects.

unicorn

Package Health Score

Popular unicorn functions

Similar packages