How to use the unicorn.UC_MODE_32 function in unicorn
To help you get started, we’ve selected a few unicorn examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
unicorn-engine / unicorn / tests / regress / hook_add_crash.py View on Github 
#!/usr/bin/env python
"""https://github.com/unicorn-engine/unicorn/issues/165"""
import unicorn
def hook_mem_read_unmapped(mu, access, address, size, value, user_data):
pass
mu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
try:
for x in range(0, 1000):
mu.hook_add(unicorn.UC_HOOK_MEM_READ_UNMAPPED, hook_mem_read_unmapped, None)
except unicorn.UcError as e:
print("ERROR: %s" % e)def setup_x86(self):
self.uc = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
self.cs = Cs(CS_ARCH_X86, CS_MODE_32)def create_emulator():
'''
create an emulator using some standard options.
'''
return unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)def get_arch_mode(lib, a):
arch = mode = endian = None
# x86
if is_x86_16(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_X86, keystone.KS_MODE_16, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_X86, capstone.CS_MODE_16, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_X86, unicorn.UC_MODE_16, unicorn.UC_MODE_LITTLE_ENDIAN
elif is_x86_32(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_X86, keystone.KS_MODE_32, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_X86, capstone.CS_MODE_32, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_X86, unicorn.UC_MODE_32, unicorn.UC_MODE_LITTLE_ENDIAN
elif is_x86_64(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_X86, keystone.KS_MODE_64, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_X86, capstone.CS_MODE_64, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_X86, unicorn.UC_MODE_64, unicorn.UC_MODE_LITTLE_ENDIAN
# arm
elif is_arm(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_ARM, keystone.KS_MODE_ARM, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_ARM, unicorn.UC_MODE_ARM, unicorn.UC_MODE_LITTLE_ENDIAN
elif is_arm_thumb(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_ARM, keystone.KS_MODE_THUMB, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_ARM, unicorn.UC_MODE_THUMB, unicorn.UC_MODE_LITTLE_ENDIANdef __init__(self):
Emulator.__init__(self, "X86",
unicorn.UC_ARCH_X86, unicorn.UC_MODE_32,
"eip",
32,
["esp", "eip", "gs", "fs", "ds"
])
# "ss", "cs", "ds", "es",
self.syscall_regnames = ["edi", "esi", "ecx", "edx",
"ebx", "eax", "ebp", "esp"]
self.stackbot = "ebp"
self.stacktop = "esp"def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_X86, uc.UC_MODE_32)
self.disasm = cs.Cs(cs.CS_ARCH_X86, cs.CS_MODE_32)
self.disasm.detail = True
self.word_size = 4
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.x86_const.UC_X86_REG_EIP
known_regs = [i[len('UC_X86_REG_'):] for i in dir(uc.x86_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.x86_const, 'UC_X86_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()def runTest(self):
ADDR = 0x10101000
mu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32)
mu.mem_map(ADDR, 1024 * 4)
mu.mem_write(ADDR, b'\x41')
mu.emu_start(ADDR, ADDR + 1, count=1)
# The following should not trigger a null pointer dereference
self.assertEqual(None, mu.emu_stop())cs_arch = cs.CS_ARCH_ARM
cs_mode = cs.CS_MODE_ARM
elif architecture == "AArch64":
cur_arch = uc.UC_ARCH_ARM64
cur_mode = uc.UC_MODE_ARM
cs_arch = cs.CS_ARCH_ARM64
cs_mode = cs.CS_MODE_ARM
elif architecture == "x86":
cur_arch = uc.UC_ARCH_X86
cs_arch = cs.CS_ARCH_X86
if bits == 32:
cur_mode = uc.UC_MODE_32
cs_mode = cs.CS_MODE_32
elif bits == 16:
cur_mode = uc.UC_MODE_16
cs_mode = cs.CS_MODE_16
else:
raise PimpMyRideException("Unknown %dbit for x86 architecture" % bits)
elif architecture == "x64":
cur_arch = uc.UC_ARCH_X86
cur_mode = uc.UC_MODE_64
cs_arch = cs.CS_ARCH_X86
cs_mode = cs.CS_MODE_64
else:
raise PimpMyRideException(
Popular unicorn functions
- unicorn.arm64_const
- unicorn.arm_const
- unicorn.mips_const
- unicorn.Uc
- unicorn.Uc.hook_del
- unicorn.Uc.mem_unmap
- unicorn.UC_ARCH_ARM
- unicorn.UC_ARCH_ARM64
- unicorn.UC_ARCH_MIPS
- unicorn.UC_ARCH_X86
- unicorn.UC_HOOK_CODE
- unicorn.UC_MODE_32
- unicorn.UC_MODE_64
- unicorn.UC_MODE_ARM
- unicorn.UC_MODE_LITTLE_ENDIAN
- unicorn.UC_MODE_THUMB
- unicorn.UcError
- unicorn.x86_const
- unicorn.x86_const.UC_X86_REG_RDI
- unicorn.x86_const.UC_X86_REG_RIP