jtbennett-fe

Results 10 issues of jtbennett-fe

add "count" parameter to iterate function, like emulateRange has

can't change pc from api hooks

_handleApiHooks calls skipInstruction after the hook is called, which undoes any change to the pc made by the hook

enforce ordering of stacked hook execution

whether it be FIFO, LIFO, etc. Speakeasy should have an intuitive order of execution for hooks when there are multiple hooks set for a given API.

support the PEB field RTL_USER_PROCESS_PARAMETERS* ProcessParameters;

library name file extensions

should Speakeasy be stripping the file extensions when storing the module names passed to GetProcAddress?

write to unmapped memory in add_module_to_peb called from LoadLibraryEx hook

05e355ade0467021057237150f0a0e03

support virtual memory for separate processes

exception when calling speakeasy's "call" api

File "speakeasy/speakeasy/binemu.py", line 324, in set_func_args self.mem_write(curr_sp, r) File "speakeasy/speakeasy/memmgr.py", line 194, in mem_write self.emu_eng.mem_write(addr, data) File "speakeasy/speakeasy/engines/unicorn_eng.py", line 196, in mem_write return self.emu.mem_write(addr, data) File "python3.7/site-packages/unicorn/unicorn.py", line 442, in...

log the exit conditions of an emulation

it is not always clear why speakeasy has stopped emulation. logging the reason for stopping (even if it is simply because it ended naturally) would be helpful for understanding what...

allow user to specify filename of emulated module when bytes are provided

this will be useful when malware expect a certain name.