How to use the unicorn.UC_ARCH_ARM64 function in unicorn
To help you get started, we’ve selected a few unicorn examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
SimonTheCoder / pyGDB_remote / unicorn_machine.py View on Github 
def __init__(self,arch=unicorn.UC_ARCH_ARM64,mode=unicorn.UC_MODE_ARM,write_auto_map = True):
bit = None
if arch == unicorn.UC_ARCH_ARM64:
bit = 64
else:
bit = 32
super(Unicorn_machine, self).__init__(bit)
self.mu = unicorn.Uc(arch,mode)
self.mu.hook_add(unicorn.UC_HOOK_MEM_UNMAPPED,self._uc_hook_mem_unmapped)
#force UC run every instruction instead of block
self.mu.hook_add(unicorn.UC_HOOK_CODE,self._uc_hook_code)
self.write_auto_map = write_auto_map
self.last_pc = Nonedef emulate_plt_instructions_inner(elf, got, pc, data, targets):
# Deferred import to not affect load time
import unicorn as U
# Instantiate the emulator with the correct arguments for the current
# architecutre.
arch = {
'aarch64': U.UC_ARCH_ARM64,
'amd64': U.UC_ARCH_X86,
'arm': U.UC_ARCH_ARM,
'i386': U.UC_ARCH_X86,
'mips': U.UC_ARCH_MIPS,
# 'powerpc': U.UC_ARCH_PPC, <-- Not actually supported
'thumb': U.UC_ARCH_ARM,
}.get(elf.arch, None)
if arch is None:
log.warn("Could not emulate PLT instructions for %r" % elf)
return {}
emulation_bits = elf.bits
# x32 uses 64-bit instructions, just restricts itself to a 32-bit
# address space.def __init__(self, trace=True, sca_mode=False, local_vars=[]):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_ARM64, uc.UC_MODE_ARM)
self.disasm = cs.Cs(cs.CS_ARCH_ARM64, cs.CS_MODE_ARM)
self.disasm.detail = True
self.word_size = 8
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.arm64_const.UC_ARM64_REG_PC
known_regs = [i[len('UC_ARM64_REG_'):] for i in dir(uc.arm64_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.arm64_const, 'UC_ARM64_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()def __init__(self,arch=unicorn.UC_ARCH_ARM64,mode=unicorn.UC_MODE_ARM,write_auto_map = True):
bit = None
if arch == unicorn.UC_ARCH_ARM64:
bit = 64
else:
bit = 32
super(Unicorn_machine, self).__init__(bit)
self.mu = unicorn.Uc(arch,mode)
self.mu.hook_add(unicorn.UC_HOOK_MEM_UNMAPPED,self._uc_hook_mem_unmapped)
#force UC run every instruction instead of block
self.mu.hook_add(unicorn.UC_HOOK_CODE,self._uc_hook_code)
self.write_auto_map = write_auto_map
self.last_pc = None
self.single_inst_state = 0def __init__(self):
Emulator.__init__(self, "ARM64",
unicorn.UC_ARCH_ARM64,
unicorn.UC_MODE_ARM,
"pc",
64,
["sp", "cpsr"])
self.syscall_regnames = map(lambda x: "x%d" % x, range(0, 8)) + ["x8",
"pc"]
self.stackbot = "fp"
self.stacktop = "sp"
self.syscall_reg = "x8"# arm
elif is_arm(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_ARM, keystone.KS_MODE_ARM, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_ARM, unicorn.UC_MODE_ARM, unicorn.UC_MODE_LITTLE_ENDIAN
elif is_arm_thumb(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_ARM, keystone.KS_MODE_THUMB, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_ARM, unicorn.UC_MODE_THUMB, unicorn.UC_MODE_LITTLE_ENDIAN
# aarch64
elif is_aarch64(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_ARM64, 0, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_ARM64, unicorn.UC_MODE_ARM, unicorn.UC_MODE_LITTLE_ENDIAN
# powerpc (uncomment when unicorn supports ppc)
# elif is_ppc(m):
# if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_PPC, keystone.KS_MODE_PPC32, keystone.KS_MODE_BIG_ENDIAN
# elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_PPC, 0, capstone.CS_MODE_BIG_ENDIAN
# else: arch, mode, endian = unicorn.UC_ARCH_PPC, unicorn.UC_MODE_PPC32, unicorn.UC_MODE_BIG_ENDIAN
# mips/mips64
elif is_mips(a):
if a.endianness==Endianness.LITTLE:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS32, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS32, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS32, unicorn.UC_MODE_LITTLE_ENDIAN
else:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS32, keystone.KS_MODE_BIG_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS32, capstone.CS_MODE_BIG_ENDIAN# make sure context is None if setup failed for any reason. we want a clean setup later
self.context = None
err_msg = 'unhandled error'
if err == self.ERR_INVALID_TID:
err_msg = 'invalid thread id'
elif err == self.ERR_INVALID_CONTEXT:
err_msg = 'invalid context'
raise self.EmulatorSetupFailedError('Setup failed: %s' % err_msg)
# calculate the start address
address = self._next_instruction
if address == 0:
if self.uc._arch == unicorn.UC_ARCH_ARM:
address = self.uc.reg_read(unicorn.arm_const.UC_ARM_REG_PC)
elif self.uc._arch == unicorn.UC_ARCH_ARM64:
address = self.uc.reg_read(unicorn.arm64_const.UC_ARM64_REG_PC)
elif self.uc._arch == unicorn.UC_ARCH_X86 and self.uc._mode == unicorn.UC_MODE_32:
address = self.uc.reg_read(unicorn.x86_const.UC_X86_REG_EIP)
elif self.uc._arch == unicorn.UC_ARCH_X86 and self.uc._mode == unicorn.UC_MODE_64:
address = self.uc.reg_read(unicorn.x86_const.UC_X86_REG_RIP)
else:
raise self.EmulatorSetupFailedError('Unsupported arch')
if until > 0:
self.log_to_ui('[*] start emulation from %s to %s' % (hex(address), hex(self.end_ptr)))
else:
if step_mode == STEP_MODE_NONE or step_mode == STEP_MODE_SINGLE:
self.log_to_ui('[*] stepping %s' % hex(address))
elif step_mode == STEP_MODE_FUNCTION:
self.log_to_ui('[*] stepping to next function call')
elif step_mode == STEP_MODE_JUMP:if is_little_endian:
cs_mode = cs.CS_MODE_MIPS32 + cs.CS_MODE_LITTLE_ENDIAN
else:
cs_mode = cs.CS_MODE_MIPS32 + cs.CS_MODE_BIG_ENDIAN
elif architecture == "ARM":
#if self.mode == uc.UC_MODE_ARM:
#elif self.mode == uc.UC_MODE_THUMB:
cur_arch = uc.UC_ARCH_ARM
cur_mode = uc.UC_MODE_ARM
cs_arch = cs.CS_ARCH_ARM
cs_mode = cs.CS_MODE_ARM
elif architecture == "AArch64":
cur_arch = uc.UC_ARCH_ARM64
cur_mode = uc.UC_MODE_ARM
cs_arch = cs.CS_ARCH_ARM64
cs_mode = cs.CS_MODE_ARM
elif architecture == "x86":
cur_arch = uc.UC_ARCH_X86
cs_arch = cs.CS_ARCH_X86
if bits == 32:
cur_mode = uc.UC_MODE_32
cs_mode = cs.CS_MODE_32
elif bits == 16:
cur_mode = uc.UC_MODE_16
cs_mode = cs.CS_MODE_16
else:def __init__(self):
super(Arm64, self).__init__()
self.unicorn_arch = unicorn.UC_ARCH_ARM64
self.unicorn_mode = unicorn.UC_MODE_ARM
self.capstone_arch = capstone.CS_ARCH_ARM64
self.capstone_mode = capstone.CS_MODE_ARM
Popular unicorn functions
- unicorn.arm64_const
- unicorn.arm_const
- unicorn.mips_const
- unicorn.Uc
- unicorn.Uc.hook_del
- unicorn.Uc.mem_unmap
- unicorn.UC_ARCH_ARM
- unicorn.UC_ARCH_ARM64
- unicorn.UC_ARCH_MIPS
- unicorn.UC_ARCH_X86
- unicorn.UC_HOOK_CODE
- unicorn.UC_MODE_32
- unicorn.UC_MODE_64
- unicorn.UC_MODE_ARM
- unicorn.UC_MODE_LITTLE_ENDIAN
- unicorn.UC_MODE_THUMB
- unicorn.UcError
- unicorn.x86_const
- unicorn.x86_const.UC_X86_REG_RDI
- unicorn.x86_const.UC_X86_REG_RIP