unicorn_pe
unicorn_pe copied to clipboard
hzqst
Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.
Having to install VS2017 just for it to not throw many errors when trying to build is a bit tedious. Of course, it's not that bad and I very much...
After I compiled it myself, I used the compiled program to analyze a 64-bit sys I wrote, but so did the 64 bits exe file, which was always manualmap failed。...
Hi, this situation must be handled internally by the emulator. If you edit the header manually, the emulation hangs. unicorn_pe cpuid.exe -disasm BlackBone: Allocate: Allocating at address 0x000002A6F2DC0000 (0x1000 bytes)...
dump command is crashed My guess is that the driver crashes while calling the wdfversionbind function. Is there any solution?  
Hi , i have Windows 10 x64 PC Project on Debug Mode with x64 Visual Studio 2017 Windows SDK 10.0.17763.0 I cant compile the project. Severity Code Description Project File...
Hi, do you plan to update the emulator and fix memory allocation errors? Thanks! Regards,
https://github.com/hzqst/unicorn_pe/blob/b6be00543069c366451a93af1a7fa5ea7fd9d3e3/unicorn_pe/unicorn_pe.cpp#L55-L62 实际上在blackbone::PreCallback事件中,modInfo.size一直都是0,modInfo.size并没有起到预期的作用。 https://github.com/hzqst/unicorn_pe/blob/b6be00543069c366451a93af1a7fa5ea7fd9d3e3/Blackbone/src/BlackBone/ManualMap/MMap.cpp#L854-L868 如果加载的模块大小超过0x10000,那么就会出现下面的情况。  很显然这些ImageBase是错误的 |ImageName|ImageBase|ImageSize| |-|-|-| |"ntdll.dll"|0x0000000180030000|0x001f5000| |"kernelbase.dll"|0x0000000180020000|0x002c8000| |"kernel32.dll"|0x0000000180050000|0x000be000| "kernel32.LocalAlloc" 0x00000001800684c0
Hi, it would be more productive if we add debug test macros to identify problem areas faster. Regards
Hi, what if we switch to a modular architecture so that software modules are not compiled in a single file. Regards,
I've tried to do a sanity check by running unicorn_pe under itself hoping to see the usage message. unicorn_pe crashed with an access violation on [unicorn_pe.cpp:60](https://github.com/hzqst/unicorn_pe/blob/b68920724139154ef64da53495464f3631248a0b/unicorn_pe/unicorn_pe.cpp#L60) (I'm assuming that the...
