How to use the unicorn.UC_ARCH_X86 function in unicorn
To help you get started, we’ve selected a few unicorn examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
unicorn-engine / unicorn / tests / regress / memmap_segfault.py View on Github 
def test_seg1(self):
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
u.mem_map(0x2000, 0x1000)
u.mem_read(0x2000, 1)
for i in range(50):
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
u.mem_map(i*0x1000, 0x1000)
u.mem_read(i*0x1000, 1)
for i in range(20):
with self.assertRaises(UcError):
u = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
u.mem_map(i*0x1000, 5)
u.mem_read(i*0x1000, 1)err_msg = 'unhandled error'
if err == self.ERR_INVALID_TID:
err_msg = 'invalid thread id'
elif err == self.ERR_INVALID_CONTEXT:
err_msg = 'invalid context'
raise self.EmulatorSetupFailedError('Setup failed: %s' % err_msg)
# calculate the start address
address = self._next_instruction
if address == 0:
if self.uc._arch == unicorn.UC_ARCH_ARM:
address = self.uc.reg_read(unicorn.arm_const.UC_ARM_REG_PC)
elif self.uc._arch == unicorn.UC_ARCH_ARM64:
address = self.uc.reg_read(unicorn.arm64_const.UC_ARM64_REG_PC)
elif self.uc._arch == unicorn.UC_ARCH_X86 and self.uc._mode == unicorn.UC_MODE_32:
address = self.uc.reg_read(unicorn.x86_const.UC_X86_REG_EIP)
elif self.uc._arch == unicorn.UC_ARCH_X86 and self.uc._mode == unicorn.UC_MODE_64:
address = self.uc.reg_read(unicorn.x86_const.UC_X86_REG_RIP)
else:
raise self.EmulatorSetupFailedError('Unsupported arch')
if until > 0:
self.log_to_ui('[*] start emulation from %s to %s' % (hex(address), hex(self.end_ptr)))
else:
if step_mode == STEP_MODE_NONE or step_mode == STEP_MODE_SINGLE:
self.log_to_ui('[*] stepping %s' % hex(address))
elif step_mode == STEP_MODE_FUNCTION:
self.log_to_ui('[*] stepping to next function call')
elif step_mode == STEP_MODE_JUMP:
self.log_to_ui('[*] stepping to next jump')
self.onEmulatorStart.emit()def get_arch_mode(lib, a):
arch = mode = endian = None
# x86
if is_x86_16(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_X86, keystone.KS_MODE_16, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_X86, capstone.CS_MODE_16, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_X86, unicorn.UC_MODE_16, unicorn.UC_MODE_LITTLE_ENDIAN
elif is_x86_32(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_X86, keystone.KS_MODE_32, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_X86, capstone.CS_MODE_32, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_X86, unicorn.UC_MODE_32, unicorn.UC_MODE_LITTLE_ENDIAN
elif is_x86_64(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_X86, keystone.KS_MODE_64, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_X86, capstone.CS_MODE_64, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_X86, unicorn.UC_MODE_64, unicorn.UC_MODE_LITTLE_ENDIAN
# arm
elif is_arm(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_ARM, keystone.KS_MODE_ARM, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_ARM, unicorn.UC_MODE_ARM, unicorn.UC_MODE_LITTLE_ENDIANfrom avatar2.archs.x86 import X86, X86_64
from avatar2.archs.arm import ARM, ARM_CORTEX_M3, ARMBE
#TODO: Add mips? More archs?
from unicorn.x86_const import *
from capstone import *
from capstone.x86 import *
import struct
import avatar2
import config
# TODO: fix avatar2 x86 mode
X64 = X86_64
X86.unicorn_arch = unicorn.UC_ARCH_X86
X86.unicorn_mode = unicorn.UC_MODE_32
X64.unicorn_mode = unicorn.UC_MODE_64
ARM.unicorn_consts = unicorn.arm_const
X86.unicorn_consts = unicorn.x86_const
ARM.unicorn_reg_tag = "UC_ARM_REG_"
ARM.ignored_regs = []
X86.unicorn_reg_tag = "UC_X86_REG_"
X86.ignored_regs = ["cr0","cr2","cr3","cr4","cr8"] # these make unicorn crash
#TODO: arm64, mips, etc.
FSMSR = 0xC0000100
GSMSR = 0xC0000101import unicorn
import capstone
import utils
bits = 32
regs = [
"eax", "ecx", "edx", "ebx",
"esp", "ebp", "esi", "edi",
"eip"
]
unicorn_arch = unicorn.UC_ARCH_X86
unicorn_mode = unicorn.UC_MODE_32
capstone_arch = capstone.CS_ARCH_X86
capstone_mode = capstone.CS_MODE_32
unicorn_regs = {}
capstone_regs = {}
for reg in regs:
unicorn_regs[reg] = getattr(unicorn.x86_const, "UC_X86_REG_" + reg.upper())
capstone_regs[reg] = getattr(capstone.x86_const, "X86_REG_" + reg.upper())
instruction_pointer = "eip"
stack_pointer = "esp"
ip = instruction_pointer'aarch64': C.CS_ARCH_ARM64,
# 'powerpc': C.CS_ARCH_PPC,
}
DEBUG = False
def debug(*a,**kw):
if DEBUG: print(*a, **kw)
# Until Unicorn Engine provides full information about the specific instruction
# being executed for all architectures, we must rely on Capstone to provide
# that information.
arch_to_SYSCALL = {
U.UC_ARCH_X86: [
C.x86_const.X86_INS_SYSCALL,
C.x86_const.X86_INS_SYSENTER,
C.x86_const.X86_INS_SYSEXIT,
C.x86_const.X86_INS_SYSRET,
C.x86_const.X86_INS_IRET,
C.x86_const.X86_INS_IRETD,
C.x86_const.X86_INS_IRETQ,
C.x86_const.X86_INS_INT,
C.x86_const.X86_INS_INT1,
C.x86_const.X86_INS_INT3,
],
U.UC_ARCH_MIPS: [
C.mips_const.MIPS_INS_SYSCALL
],
U.UC_ARCH_SPARC: [
C.sparc_const.SPARC_INS_T
Popular unicorn functions
- unicorn.arm64_const
- unicorn.arm_const
- unicorn.mips_const
- unicorn.Uc
- unicorn.Uc.hook_del
- unicorn.Uc.mem_unmap
- unicorn.UC_ARCH_ARM
- unicorn.UC_ARCH_ARM64
- unicorn.UC_ARCH_MIPS
- unicorn.UC_ARCH_X86
- unicorn.UC_HOOK_CODE
- unicorn.UC_MODE_32
- unicorn.UC_MODE_64
- unicorn.UC_MODE_ARM
- unicorn.UC_MODE_LITTLE_ENDIAN
- unicorn.UC_MODE_THUMB
- unicorn.UcError
- unicorn.x86_const
- unicorn.x86_const.UC_X86_REG_RDI
- unicorn.x86_const.UC_X86_REG_RIP