scemu
scemu copied to clipboard
sha0coder
Any thoughts regarding an scemu lib?
Hi, Thanks for making and releasing this! Being as light weight and fast as this is I'm thinking of using it in a lil project that needs to analyze some chunks of iced-x86 disassembled code and then read some register values. It works fine from the command line for exploration but would be nicer (in my case) to use as a lib where I could run and then query the state as needed. I was thinking of just pulling out the non console oriented bits but thought you might want to know that there is a use-case for your code as a lib as an alternative to working with the likes of unicorn within other projects. It looks like you kept the code nicely separated... is it possible you already had that thought and have some input on why it would/wouldn't be a good thing to do?
Just wanted to let you know that my simple use for this seems to work. I wrapped pretty much all of the outputs with verbose tests and fiddled around with returning instead of termination/console spawning but it wasn't bad at all.
I initialize once and then re-use it to load chunks and get my value.
fn init_emu() -> Emu {
let map_path = PathBuf::from("./src/client_commands/emu/maps64")
.as_os_str()
.to_str()
.unwrap()
.to_string();
let mut emu = Emu::new();
let mut cfg = emu::Config::new();
cfg.maps_folder = map_path;
cfg.is_64bits = true;
emu.set_config(cfg);
emu.init();
emu
}
fn get_code(
emu: &mut Emu,
code_bytes: &[u8],
start_addr: u64,
stop_addr: u64,
) -> Result<u32, Box<dyn std::error::Error>> {
emu.cfg.code_base_addr = start_addr;
emu.cfg.entry_point = start_addr;
emu.cfg.console_addr = stop_addr;
emu.regs.clear::<64>();
emu.load_code_bytes(code_bytes);
emu.run();
let code: u32 = emu.regs.get_r8d().try_into()?;
Ok(code)
}
Hello Thell, looks really interesting this would allow the people do their implementations, I thought about doing a scripting language for automating the binary analysis, but for now I'm busy implementing more API, and windows internals, and I also have to implement 64bits PE loading.
I'm focused on using this for malware analysis mainly, the most automatically possible, but for sure can be used for other purposes and also can be forked to do cool modifications.
I adapted the code a bit for being used programatically. People can modify the main.rs and emulate specific malware functions.
I managed to generate the crypto-key of Xloader malware with a program using scemu :)
Cool! I'll have to take a look at that.
And this reminds me that one other thing I ended up doing while using scemu as a lib was to make the maps embed into the executable so it'd be usable without install dependencies. I used RustEmbed and it worked nicely. Since only the x64 was needed I used...
use rust_embed::RustEmbed;
#[derive(RustEmbed)]
#[folder = "src/client_commands/emu/maps64"]
struct EmuAsset;
oh yeah that was just what i needed, thanks
El jue, 18 ago 2022 a las 22:01, Thell @.***>) escribió:
Cool! I'll have to take a look at that. And this reminds me that one other thing I ended up doing while using scemu as a lib was to make the maps embed into the executable so it'd be usable without install dependencies. I used RustEmbed and it worked nicely. Since only the x64 was needed I used...
use rust_embed::RustEmbed;#[derive(RustEmbed)]#[folder = "src/client_commands/emu/maps64"]struct EmuAsset;
— Reply to this email directly, view it on GitHub https://github.com/sha0coder/scemu/issues/6#issuecomment-1219902100, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAK5QQW4P7AWL6447RTCWGLVZ2I75ANCNFSM52YJMBQQ . You are receiving this because you commented.Message ID: @.***>
I have the lib in local ok passing tests for 32bits and 64bits with the embedding thing working ok. Im going to publish it soon.
crates.io don't allow that size, probably because of the maps. "the remote server responded with an error: max upload size is: 10485760"
To use the lib, the developer will have to download the maps from a github release maps32.zip and maps64.zip and put them on specific place. Is the unique solution i see :/
yes i could embed just two zips and decompress from rust, but it would make slower the initialization. And not sure if fits the size allowed on crates.io
btw there is a bug in github and all my commits appear like the user wit00 by error, when github will solve the ticket i will publish the code of the lib.