GithubHelp home page GithubHelp logo

ykankaya / unicorn_pe-1 Goto Github PK

View Code? Open in Web Editor NEW

This project forked from fobricia/unicorn_pe

0.0 1.0 0.0 31.9 MB

Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.

Home Page: https://github.com/hzqst/unicorn_pe

License: MIT License

Shell 0.04% Ruby 0.24% C++ 4.14% Python 2.21% C 86.94% Objective-C 0.07% Java 1.91% OCaml 0.75% Haskell 0.27% Smalltalk 1.73% Tcl 0.01% Go 0.19% C# 0.52% Assembly 0.01% F# 0.27% PowerShell 0.05% Pascal 0.31% Makefile 0.21% CMake 0.08% Batchfile 0.04%

unicorn_pe-1's Introduction

Unicorn PE

Unicorn PE is an unicorn based instrumentation project/framework designed to emulate code execution for windows PE files, especially packed ones.

Feature

Dump PE image from emu-memory into file, fix import table, especially packed ones.

Partial support for exception. (only #DB and #BP)

Show disasm for all instructions that is being executed.

Update BlackBone to latest ver (2020.4.5).

TODO

Feature: x86 (low priority) -- 0%

Build

Visual Studio 2019 are required.

Open unicorn_pe.sln with Visual Studio 2019

Build project "unicorn_pe" as x64/Release or x64/Debug. (No x86 support for now)

Usage

unicorn_pe (filename or filepath) [-k for kernel mode driver emulation] [-disasm for displaying disasm]

Programming

...to be documented

Snapshots

original driver

1

vmprotect packed driver

2

vmprotect is fixing encrypted IAT

3

vmprotect goes back to original entry point

4

vmprotect packed DLL, full user-mode emulation.

4

License

This software is released under the MIT License, see LICENSE.

Dependencies

A modification of https://github.com/DarthTon/Blackbone is done for PE manual-mapping.

https://github.com/unicorn-engine/unicorn for emulation.

https://github.com/aquynh/capstone for disasm.

unicorn_pe-1's People

Contributors

hzqst avatar spriteovo avatar hyperforce avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.