unicorn icon indicating copy to clipboard operation
unicorn copied to clipboard

Published 20 hours ago verified publisher icon unicorn-engine

mov eax,dword ptr ds:[...]

Open xSanx opened this issue 2 years ago • 9 comments

xSanx avatar May 25 '22 12:05 xSanx

Hi! how to implement such instructions in unicorn? mu.reg_write(UC_X86_REG_DS, ADDRESS_data) - forced assignment as with stack does not work

xSanx avatar May 25 '22 12:05 xSanx

Hello, I can't understand your question but I do think DS register only makes sense in real mode.

wtdcode avatar May 28 '22 13:05 wtdcode

the question is how to implement in Unicorn segment transitions?

xSanx avatar May 30 '22 05:05 xSanx

What does "segment transitions" actually mean?

wtdcode avatar May 30 '22 09:05 wtdcode

mov eax,dword ptr ds:[...] ds - segment data, how setting unicorn

xSanx avatar May 30 '22 12:05 xSanx

mu.reg_write(UC_X86_REG_DS, ADDRESS_data) don`t working Снимок экрана 2022-05-30 164152

xSanx avatar May 30 '22 13:05 xSanx

Again, DS register doesn't make too much sense in nowadays protected mode. Please refer to x86 manual for details.

For UC_ERR_READ_UNMAPPED, you have to map your data to the accessed memory address.

wtdcode avatar May 30 '22 13:05 wtdcode

Again, DS register doesn't make too much sense in nowadays protected mode. Please refer to x86 manual for details.

For UC_ERR_READ_UNMAPPED, you have to map your data to the accessed memory address.

from unicorn import * from unicorn.x86_const import * from pwn import *

code to be emulated X86_CODE32 = b"\x41\x4a" # INC ecx; DEC edx

X86_CODE32_Text = read('heavensgate_009E1000.bin') # INC ecx; DEC edx # INC ecx; DEC edx

X86_CODE32_Data = b"\x41\x4a"

memory address where emulation starts ADDRESS = 0x10000000

STACK_ADDR = 0x0000000 STACK_SIZE = 1024*1024

ADDRESS_data = 0x9000000 DATA_SIZE = 1024*1024

def hook_code(mu, address, size, user_data): print('>>> Tracing instruction at 0x%x, instruction size = 0x%x' %(address, size))

print("Emulate i386 code") try:

Initialize emulator in X86-32bit mode

mu = Uc(UC_ARCH_X86, UC_MODE_32)

map 2MB memory for this emulation

mu.mem_map(ADDRESS, 2 * 1024 * 1024)

stack

mu.mem_map(STACK_ADDR, 2 * 1024 * 1024)

mu.mem_map(ADDRESS_data, 2 * 1024 * 1024)

write machine code to be emulated to memory

mu.mem_write(ADDRESS, X86_CODE32_Text)

mu.mem_write(ADDRESS_data, X86_CODE32_Data)

initialize stack

mu.reg_write(UC_X86_REG_ESP, STACK_ADDR + STACK_SIZE - 1)

mu.reg_write(UC_X86_REG_DS, ADDRESS_data)

initialize machine registers

mu.reg_write(UC_X86_REG_ECX, 0x1234) mu.reg_write(UC_X86_REG_EDX, 0x7890)

mu.hook_add(UC_HOOK_CODE, hook_code)

emulate code in infinite time & unlimited instructions

mu.emu_start(0x10000000, 0x10000018)#ADDRESS + len(X86_CODE32_Text))

now print out some registers

print("Emulation done. Below is the CPU context")

r_ecx = mu.reg_read(UC_X86_REG_ECX) r_edx = mu.reg_read(UC_X86_REG_EDX) print(">>> ECX = 0x%x" %r_ecx) print(">>> EDX = 0x%x" %r_edx) except UcError as e: print("ERROR: %s" % e)

I mismatched the data somewhere? Thank you

xSanx avatar May 31 '22 10:05 xSanx

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.

github-actions[bot] avatar Jul 31 '22 05:07 github-actions[bot]