Barakat/emu.py

## emu.py
#!python3
# -*- coding: utf-8 -*-
# pip install unicorn
import unicorn
import unicorn.x86_const


def required_mapping_size(size):
    page_size = 4096
    while page_size < size:
        page_size *= 2
    return page_size


def emulate(code):
    code_size = len(code)
    code_mapping_size = required_mapping_size(code_size)
    code_address_start = 0x0000000010000000
    code_address_end = code_address_start + code_size

    stack_size = 4096
    stack_mapping_size = required_mapping_size(stack_size)
    stack_address_start = 0x0000000000000000
    stack_address_end = stack_address_start + stack_size

    emulator = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)

    emulator.mem_map(code_address_start, code_mapping_size)
    emulator.mem_write(code_address_start, code)

    emulator.mem_map(stack_address_start, stack_mapping_size)

    emulator.reg_write(unicorn.x86_const.UC_X86_REG_ESP, stack_address_end - 1)

    emulator.reg_write(unicorn.x86_const.UC_X86_REG_EAX, 1)
    emulator.reg_write(unicorn.x86_const.UC_X86_REG_EBX, 2)
    emulator.reg_write(unicorn.x86_const.UC_X86_REG_EDX, 3)
    emulator.reg_write(unicorn.x86_const.UC_X86_REG_ECX, 4)
    emulator.reg_write(unicorn.x86_const.UC_X86_REG_ESI, 5)

    emulator.emu_start(code_address_start, code_address_end)

    eax = emulator.reg_read(unicorn.x86_const.UC_X86_REG_EAX)
    ebx = emulator.reg_read(unicorn.x86_const.UC_X86_REG_EBX)
    edx = emulator.reg_read(unicorn.x86_const.UC_X86_REG_EDX)
    ecx = emulator.reg_read(unicorn.x86_const.UC_X86_REG_ECX)
    esi = emulator.reg_read(unicorn.x86_const.UC_X86_REG_ESI)

    print(f'eax = {eax}, ebx = {ebx}, edx = {edx}, ecx = {ecx}, esi = {esi}\n')


def main():
    # 0:  50                      push   eax
    # 1:  53                      push   ebx
    # 2:  58                      pop    eax
    # 3:  5a                      pop    edx
    # 4:  51                      push   ecx
    # 5:  87 ce                   xchg   esi,ecx
    # 7:  59                      pop    ecx
    emulate(b'\x50\x53\x58\x5A\x51\x87\xCE\x59')
    # Output: eax = 2, ebx = 2, edx = 1, ecx = 4, esi = 4

    # 0:  89 d8                   mov    eax,ebx
    # 2:  89 d0                   mov    eax,edx
    # 4:  89 f1                   mov    ecx,esi
    emulate(b'\x89\xD8\x89\xD0\x89\xF1')
    # Output: eax = 3, ebx = 2, edx = 3, ecx = 5, esi = 5

    # 0:  89 d8                   mov    eax,ebx
    # 2:  89 c2                   mov    edx,eax
    # 4:  89 ce                   mov    esi,ecx
    emulate(b'\x89\xD8\x89\xC2\x89\xCE')
    # Output: eax = 2, ebx = 2, edx = 2, ecx = 4, esi = 4

    # 0:  89 c3                   mov    ebx,eax
    # 2:  89 c2                   mov    edx,eax
    # 4:  89 ce                   mov    esi,ecx
    emulate(b'\x89\xC3\x89\xC2\x89\xCE')
    # Output: eax = 1, ebx = 1, edx = 1, ecx = 4, esi = 4

    # 0:  89 d8                   mov    eax,ebx
    # 2:  89 c2                   mov    edx,eax
    # 4:  89 f1                   mov    ecx,esi
    emulate(b'\x89\xD8\x89\xC2\x89\xF1')
    # Output: eax = 2, ebx = 2, edx = 2, ecx = 5, esi = 5

    # 0:  89 c2                   mov    edx,eax
    # 2:  89 d8                   mov    eax,ebx
    # 4:  89 ce                   mov    esi,ecx
    emulate(b'\x89\xC2\x89\xD8\x89\xCE')
    # Output: eax = 2, ebx = 2, edx = 1, ecx = 4, esi = 4


if __name__ == '__main__':
    main()
	#!python3
	# -- coding: utf-8 --
	# pip install unicorn
	import unicorn
	import unicorn.x86_const


	def required_mapping_size(size):
	page_size = 4096
	while page_size < size:
	page_size *= 2
	return page_size


	def emulate(code):
	code_size = len(code)
	code_mapping_size = required_mapping_size(code_size)
	code_address_start = 0x0000000010000000
	code_address_end = code_address_start + code_size

	stack_size = 4096
	stack_mapping_size = required_mapping_size(stack_size)
	stack_address_start = 0x0000000000000000
	stack_address_end = stack_address_start + stack_size

	emulator = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)

	emulator.mem_map(code_address_start, code_mapping_size)
	emulator.mem_write(code_address_start, code)

	emulator.mem_map(stack_address_start, stack_mapping_size)

	emulator.reg_write(unicorn.x86_const.UC_X86_REG_ESP, stack_address_end - 1)

	emulator.reg_write(unicorn.x86_const.UC_X86_REG_EAX, 1)
	emulator.reg_write(unicorn.x86_const.UC_X86_REG_EBX, 2)
	emulator.reg_write(unicorn.x86_const.UC_X86_REG_EDX, 3)
	emulator.reg_write(unicorn.x86_const.UC_X86_REG_ECX, 4)
	emulator.reg_write(unicorn.x86_const.UC_X86_REG_ESI, 5)

	emulator.emu_start(code_address_start, code_address_end)

	eax = emulator.reg_read(unicorn.x86_const.UC_X86_REG_EAX)
	ebx = emulator.reg_read(unicorn.x86_const.UC_X86_REG_EBX)
	edx = emulator.reg_read(unicorn.x86_const.UC_X86_REG_EDX)
	ecx = emulator.reg_read(unicorn.x86_const.UC_X86_REG_ECX)
	esi = emulator.reg_read(unicorn.x86_const.UC_X86_REG_ESI)

	print(f'eax = {eax}, ebx = {ebx}, edx = {edx}, ecx = {ecx}, esi = {esi}\n')


	def main():
	# 0: 50 push eax
	# 1: 53 push ebx
	# 2: 58 pop eax
	# 3: 5a pop edx
	# 4: 51 push ecx
	# 5: 87 ce xchg esi,ecx
	# 7: 59 pop ecx
	emulate(b'\x50\x53\x58\x5A\x51\x87\xCE\x59')
	# Output: eax = 2, ebx = 2, edx = 1, ecx = 4, esi = 4

	# 0: 89 d8 mov eax,ebx
	# 2: 89 d0 mov eax,edx
	# 4: 89 f1 mov ecx,esi
	emulate(b'\x89\xD8\x89\xD0\x89\xF1')
	# Output: eax = 3, ebx = 2, edx = 3, ecx = 5, esi = 5

	# 0: 89 d8 mov eax,ebx
	# 2: 89 c2 mov edx,eax
	# 4: 89 ce mov esi,ecx
	emulate(b'\x89\xD8\x89\xC2\x89\xCE')
	# Output: eax = 2, ebx = 2, edx = 2, ecx = 4, esi = 4

	# 0: 89 c3 mov ebx,eax
	# 2: 89 c2 mov edx,eax
	# 4: 89 ce mov esi,ecx
	emulate(b'\x89\xC3\x89\xC2\x89\xCE')
	# Output: eax = 1, ebx = 1, edx = 1, ecx = 4, esi = 4

	# 0: 89 d8 mov eax,ebx
	# 2: 89 c2 mov edx,eax
	# 4: 89 f1 mov ecx,esi
	emulate(b'\x89\xD8\x89\xC2\x89\xF1')
	# Output: eax = 2, ebx = 2, edx = 2, ecx = 5, esi = 5

	# 0: 89 c2 mov edx,eax
	# 2: 89 d8 mov eax,ebx
	# 4: 89 ce mov esi,ecx
	emulate(b'\x89\xC2\x89\xD8\x89\xCE')
	# Output: eax = 2, ebx = 2, edx = 1, ecx = 4, esi = 4


	if __name__ == '__main__':
	main()