Barakat/arch_detect.py

## arch_detect.py
#!python3
# -*- coding: utf-8 -*-
# pip install unicorn
import unicorn
import unicorn.x86_const


def main():
    emulation_address = 0x08000000

    #
    # unicorn.UC_MODE_64 (eax = 0):
    #
    # 0:  31 c0                   xor    eax,eax
    # 2:  40 90                   rex xchg eax,eax
    #
    # unicorn.UC_MODE_32 (eax = 1)
    #
    # 0:  31 c0                   xor    eax,eax
    # 2:  40                      inc    eax
    # 3:  90                      nop

    code = b'\x31\xc0\x40\x90'

    emulator = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_64)

    emulator.mem_map(emulation_address, 4 * 1024)
    emulator.mem_write(emulation_address, code)

    emulator.emu_start(emulation_address, emulation_address + len(code))

    eax = emulator.reg_read(unicorn.x86_const.UC_X86_REG_EAX)

    print(f'[!] eax value after emulation = {eax}')

if __name__ == '__main__':
    main()
	#!python3
	# -- coding: utf-8 --
	# pip install unicorn
	import unicorn
	import unicorn.x86_const


	def main():
	emulation_address = 0x08000000

	#
	# unicorn.UC_MODE_64 (eax = 0):
	#
	# 0: 31 c0 xor eax,eax
	# 2: 40 90 rex xchg eax,eax
	#
	# unicorn.UC_MODE_32 (eax = 1)
	#
	# 0: 31 c0 xor eax,eax
	# 2: 40 inc eax
	# 3: 90 nop

	code = b'\x31\xc0\x40\x90'

	emulator = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_64)

	emulator.mem_map(emulation_address, 4 * 1024)
	emulator.mem_write(emulation_address, code)

	emulator.emu_start(emulation_address, emulation_address + len(code))

	eax = emulator.reg_read(unicorn.x86_const.UC_X86_REG_EAX)

	print(f'[!] eax value after emulation = {eax}')

	if __name__ == '__main__':
	main()