How to use the unicorn.x86_const.UC_X86_REG_RDI function in unicorn
To help you get started, we’ve selected a few unicorn examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
fgsect / unicorefuzz / example_module / config.py View on Github 
def place_input(uc, input):
import util
from unicorn.x86_const import UC_X86_REG_RDI, UC_X86_REG_RSI
if len(input) > 512:
import os
os._exit(0) # probably too big anyway.
# ulong decode_negTokenInit(char *security_blob, ulong length, byte *param_3) => RDI, RSI, ...
# read input to the correct position at param rdi here:
rdi = uc.reg_read(UC_X86_REG_RDI)
#rsi = uc.reg_read(UC_X86_REG_RSI)
util.map_page_blocking(uc, rdi) # ensure security_blob is mapped
uc.mem_write(rdi, input) # insert afl input
uc.reg_write(UC_X86_REG_RSI, len(input)) # write lengthdef place_input_skb(ucf: Unicorefuzz, uc: Uc, input: bytes) -> None:
"""
Places the input in memory and alters the input.
This is an example for sk_buff in openvsswitch
"""
if len(input) > 1500:
import os
os._exit(0) # too big!
# read input to the correct position at param rdx here:
rdx = uc.reg_read(UC_X86_REG_RDX)
rdi = uc.reg_read(UC_X86_REG_RDI)
ucf.map_page_blocking(uc, rdx) # ensure sk_buf is mapped
bufferPtr = struct.unpack("def place_input_skb(uc, input):
"""
Places the input in memory and alters the input.
This is an example for sk_buff in openvsswitch
"""
import util
import struct
from unicorn.x86_const import UC_X86_REG_RDX, UC_X86_REG_RDI
if len(input) > 1500:
import os
os._exit(0) # too big!
# read input to the correct position at param rdx here:
rdx = uc.reg_read(UC_X86_REG_RDX)
rdi = uc.reg_read(UC_X86_REG_RDI)
util.map_page_blocking(uc, rdx) # ensure sk_buf is mapped
bufferPtr = struct.unpack("def reset():
emu = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_64 + unicorn.UC_MODE_LITTLE_ENDIAN)
emu.mem_map(SEGMENT_FS_ADDR-0x1000, 0x3000)
set_fs(emu, SEGMENT_FS_ADDR)
set_gs(emu, SEGMENT_GS_ADDR)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RAX, 0x5555555583c0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RBX, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RCX, 0x400)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RDX, 0x7ffff7dcc960)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RSP, 0x7fffffffdc90)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RBP, 0x7fffffffdc90)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RSI, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RDI, 0x5555555583c0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_RIP, 0x555555555269)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R8, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R9, 0x5555555582b0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R10, 0x7ffff7dd2800)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R11, 0x246)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R12, 0x5555555550b0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R13, 0x7fffffffdd90)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R14, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_R15, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_EFLAGS, 0x202)
emu.reg_write(unicorn.x86_const.UC_X86_REG_CS, 0x33)
emu.reg_write(unicorn.x86_const.UC_X86_REG_SS, 0x2b)
emu.reg_write(unicorn.x86_const.UC_X86_REG_DS, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_ES, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_FS, 0x0)
emu.reg_write(unicorn.x86_const.UC_X86_REG_GS, 0x0)def __init__(self, *args, **kwargs):
import unicorn.x86_const as csts
self.regs = {
"RAX": csts.UC_X86_REG_RAX, "RBX": csts.UC_X86_REG_RBX,
"RCX": csts.UC_X86_REG_RCX, "RDI": csts.UC_X86_REG_RDI,
"RDX": csts.UC_X86_REG_RDX, "RSI": csts.UC_X86_REG_RSI,
"RBP": csts.UC_X86_REG_RBP, "RSP": csts.UC_X86_REG_RSP,
"R8": csts.UC_X86_REG_R8, "R11": csts.UC_X86_REG_R11,
"R9": csts.UC_X86_REG_R9, "R10": csts.UC_X86_REG_R10,
"R12": csts.UC_X86_REG_R12, "R13": csts.UC_X86_REG_R13,
"R14": csts.UC_X86_REG_R14, "R15": csts.UC_X86_REG_R15,
}
self.pc_reg_name = "RIP"
self.pc_reg_value = csts.UC_X86_REG_RIP
super(UcWrapCPU_x86_64, self).__init__(*args, **kwargs)def dump_regs(mu, address, size):
f = open("dump_regs","a+")
f.write(">>> Tracing instruction at 0x%x, instruction size = 0x%x\n" %(address, size))
rax = mu.reg_read(unicorn.x86_const.UC_X86_REG_RAX)
rbx = mu.reg_read(unicorn.x86_const.UC_X86_REG_RBX)
rcx = mu.reg_read(unicorn.x86_const.UC_X86_REG_RCX)
rdx = mu.reg_read(unicorn.x86_const.UC_X86_REG_RDX)
rsi = mu.reg_read(unicorn.x86_const.UC_X86_REG_RSI)
rdi = mu.reg_read(unicorn.x86_const.UC_X86_REG_RDI)
rbp = mu.reg_read(unicorn.x86_const.UC_X86_REG_RBP)
rsp = mu.reg_read(unicorn.x86_const.UC_X86_REG_RSP)
rip = mu.reg_read(unicorn.x86_const.UC_X86_REG_RIP)
r8 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R8)
r9 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R9)
r10 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R10)
r11 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R11)
r12 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R12)
r13 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R13)
r14 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R14)
r15 = mu.reg_read(unicorn.x86_const.UC_X86_REG_R15)
f.write(">>> RAX = 0x%x\n" %rax)
f.write(">>> RBX = 0x%x\n" %rbx)
f.write(">>> RCX = 0x%x\n" %rcx)
f.write(">>> RDX = 0x%x\n" %rdx)def init_reg(mu):
mu.reg_write(unicorn.x86_const.UC_X86_REG_RAX, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_RBX, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_RCX, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_RDX, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_RSI, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_RDI, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_RBP, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_RSP, 0x7fffffffe0a0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_R8, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_R9, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_R10, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_R11, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_R12, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_R13, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_R14, 0x0)
mu.reg_write(unicorn.x86_const.UC_X86_REG_R15, 0x0)
Popular unicorn functions
- unicorn.arm64_const
- unicorn.arm_const
- unicorn.mips_const
- unicorn.Uc
- unicorn.Uc.hook_del
- unicorn.Uc.mem_unmap
- unicorn.UC_ARCH_ARM
- unicorn.UC_ARCH_ARM64
- unicorn.UC_ARCH_MIPS
- unicorn.UC_ARCH_X86
- unicorn.UC_HOOK_CODE
- unicorn.UC_MODE_32
- unicorn.UC_MODE_64
- unicorn.UC_MODE_ARM
- unicorn.UC_MODE_LITTLE_ENDIAN
- unicorn.UC_MODE_THUMB
- unicorn.UcError
- unicorn.x86_const
- unicorn.x86_const.UC_X86_REG_RDI
- unicorn.x86_const.UC_X86_REG_RIP