sogen

Sogen Windows user-space emulator bindings

These details have not been verified by PyPI

Project description

Sogen is a high-performance Windows user space emulator that operates at syscall level, providing full control over process execution through comprehensive hooking capabilities.

Perfect for security research, malware analysis, and DRM research where fine-grained control over process execution is required.

Built in C++ and powered by the backend of your choice:

Try it out: sogen.dev

[!WARNING]
Caution is advised when analyzing malware in Sogen, as host isolation might not be perfect.
To mitigate potential risk, use the web version to benefit from the additional safety provided by your browser's sandbox.

Key Features

🔄 Syscall-Level Emulation
- Instead of reimplementing Windows APIs, the emulator operates at the syscall level, allowing it to leverage existing system DLLs
📝 Advanced Memory Management
- Supports Windows-specific memory types including reserved, committed, built on top of Unicorn's memory management
📦 Complete PE Loading
- Handles executable and DLL loading with proper memory mapping, relocations, and TLS
⚡ Exception Handling
- Implements Windows structured exception handling (SEH) with proper exception dispatcher and unwinding support
🧵 Threading Support
- Provides a scheduled (round-robin) threading model
💾 State Management
- Supports both full state serialization and fast in-memory snapshots
💻 Debugging Interface
- Implements GDB serial protocol for integration with common debugging tools (IDA Pro, GDB, LLDB, VS Code, ...)

Preview

YouTube Overview

Click here for the slides.

Python Bindings

Install with:

pip install sogen

Python bindings require an emulation root. You can download a ready-made root here, or create your own by following the instructions in the wiki.

Example:

import sogen

emu = sogen.create_application("c:/test-sample.exe", None, emulation_root="./root")


def on_module_load(module):
    if module.name.lower() == "test-sample.exe":
        emu.hooks.memory_execution_at(module.entry_point, lambda address: print(f"hit entry point: 0x{address:x}"))

emu.callbacks.on_module_load = on_module_load
emu.start()
print(emu.process.exit_status)

See examples/python/README.md for setup details and a larger example.

Quick Start (Windows + Visual Studio)

[!TIP]
Checkout the Wiki for more details on how to build & run the emulator on Windows, Linux, macOS, ...

1. Checkout the code:

git clone --recurse-submodules https://github.com/momo5502/sogen.git

2. Run the following command in an x64 Development Command Prompt in the cloned directory:

cmake --preset=vs2022

3. Build the solution that was generated at build/vs2022/emulator.sln

4. Create a registry dump by running the grab-registry.bat as administrator and place it in the artifacts folder next to the analyzer.exe

5. Run the program of your choice:

analyzer.exe C:\example.exe

Project details

These details have not been verified by PyPI

Release history Release notifications | RSS feed

0.0.1.dev4189 pre-release

Jun 19, 2026

0.0.1.dev4169 pre-release

Jun 17, 2026

0.0.1.dev4155 pre-release

Jun 16, 2026

0.0.1.dev4150 pre-release

Jun 16, 2026

0.0.1.dev4143 pre-release

Jun 16, 2026

0.0.1.dev4137 pre-release

Jun 16, 2026

0.0.1.dev4132 pre-release

Jun 15, 2026

0.0.1.dev4126 pre-release

Jun 15, 2026

0.0.1.dev4122 pre-release

Jun 15, 2026

0.0.1.dev4120 pre-release

Jun 15, 2026

0.0.1.dev4112 pre-release

Jun 15, 2026

0.0.1.dev4109 pre-release

Jun 15, 2026

0.0.1.dev4107 pre-release

Jun 14, 2026

0.0.1.dev4104 pre-release

Jun 14, 2026

0.0.1.dev4101 pre-release

Jun 14, 2026

0.0.1.dev4099 pre-release

Jun 14, 2026

0.0.1.dev4085 pre-release

Jun 13, 2026

0.0.1.dev3996 pre-release

Jun 13, 2026

0.0.1.dev3976 pre-release

Jun 11, 2026

0.0.1.dev3973 pre-release

Jun 11, 2026

0.0.1.dev3968 pre-release

Jun 10, 2026

0.0.1.dev3928 pre-release

Jun 8, 2026

0.0.1.dev3926 pre-release

Jun 8, 2026

0.0.1.dev3924 pre-release

Jun 8, 2026

0.0.1.dev3919 pre-release

Jun 7, 2026

0.0.1.dev3917 pre-release

Jun 7, 2026

0.0.1.dev3911 pre-release

Jun 7, 2026

0.0.1.dev3905 pre-release

Jun 7, 2026

0.0.1.dev3880 pre-release

Jun 7, 2026

0.0.1.dev3878 pre-release

Jun 6, 2026

0.0.1.dev3875 pre-release

Jun 6, 2026

0.0.1.dev3870 pre-release

Jun 6, 2026

0.0.1.dev3869 pre-release

Jun 6, 2026

0.0.1.dev3860 pre-release

Jun 6, 2026

0.0.1.dev3858 pre-release

Jun 6, 2026

0.0.1.dev3819 pre-release

Jun 6, 2026

0.0.1.dev3815 pre-release

Jun 5, 2026

0.0.1.dev3814 pre-release

Jun 5, 2026

0.0.1.dev3810 pre-release

Jun 4, 2026

0.0.1.dev3808 pre-release

Jun 3, 2026

0.0.1.dev3796 pre-release

Jun 2, 2026

0.0.1.dev3774 pre-release

Jun 1, 2026

0.0.1.dev3748 pre-release

Jun 1, 2026

0.0.1.dev3742 pre-release

May 31, 2026

0.0.1.dev3740 pre-release

May 30, 2026

0.0.1.dev3731 pre-release

May 29, 2026

0.0.1.dev3727 pre-release

May 29, 2026

0.0.1.dev3706 pre-release

May 29, 2026

0.0.1.dev3701 pre-release

May 26, 2026

0.0.1.dev3696 pre-release

May 26, 2026

0.0.1.dev3692 pre-release

May 25, 2026

0.0.1.dev3690 pre-release

May 25, 2026

0.0.1.dev3686 pre-release

May 25, 2026

0.0.1.dev3682 pre-release

May 25, 2026

0.0.1.dev3678 pre-release

May 24, 2026

0.0.1.dev3675 pre-release

May 21, 2026

0.0.1.dev3671 pre-release

May 21, 2026

0.0.1.dev3663 pre-release

May 21, 2026

0.0.1.dev3662 pre-release

May 21, 2026

0.0.1.dev3660 pre-release

May 21, 2026

0.0.1.dev3653 pre-release

May 21, 2026

0.0.1.dev3650 pre-release

May 21, 2026

0.0.1.dev3646 pre-release

May 20, 2026

0.0.1.dev3616 pre-release

May 20, 2026

0.0.1.dev3610 pre-release

May 20, 2026

0.0.1.dev3604 pre-release

May 20, 2026

0.0.1.dev3603 pre-release

May 20, 2026

0.0.1.dev3601 pre-release

May 20, 2026

0.0.1.dev3600 pre-release

May 19, 2026

0.0.1.dev3599 pre-release

May 19, 2026

0.0.1.dev3591 pre-release

May 19, 2026

0.0.1.dev3590 pre-release

May 19, 2026

0.0.1.dev3583 pre-release

May 19, 2026

0.0.1.dev3578 pre-release

May 18, 2026

0.0.1.dev3530 pre-release

May 18, 2026

0.0.1.dev3528 pre-release

May 18, 2026

0.0.1.dev3524 pre-release

May 18, 2026

0.0.1.dev3516 pre-release

May 17, 2026

0.0.1.dev3514 pre-release

May 17, 2026

0.0.1.dev3513 pre-release

May 17, 2026

0.0.1.dev3512 pre-release

May 17, 2026

0.0.1.dev3505 pre-release

May 17, 2026

0.0.1.dev3497 pre-release

May 17, 2026

0.0.1.dev3488 pre-release

May 17, 2026

0.0.1.dev3486 pre-release

May 15, 2026

0.0.1.dev3485 pre-release

May 15, 2026

This version

0.0.1.dev3483 pre-release

May 15, 2026

0.0.1.dev3478 pre-release

May 15, 2026

0.0.1.dev3477 pre-release

May 15, 2026

0.0.1.dev3476 pre-release

May 14, 2026

0.0.1.dev3471 pre-release

May 14, 2026

0.0.1.dev3459 pre-release

May 14, 2026

0.0.1.dev3458 pre-release

May 14, 2026

0.0.1.dev3455 pre-release

May 13, 2026

0.0.1.dev3445 pre-release

May 13, 2026

0.0.1.dev3440 pre-release

May 13, 2026

0.0.1.dev3425 pre-release

May 13, 2026

0.0.1.dev3422 pre-release

May 12, 2026

0.0.1.dev3408 pre-release

May 12, 2026

0.0.1.dev3391 pre-release

May 12, 2026

0.0.1.dev1 pre-release

May 12, 2026

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sogen-0.0.1.dev3483.tar.gz (21.0 MB view details)

Uploaded May 15, 2026 Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

sogen-0.0.1.dev3483-cp312-cp312-win_amd64.whl (3.7 MB view details)

Uploaded May 15, 2026 CPython 3.12Windows x86-64

sogen-0.0.1.dev3483-cp312-cp312-manylinux_2_39_x86_64.whl (6.8 MB view details)

Uploaded May 15, 2026 CPython 3.12manylinux: glibc 2.39+ x86-64

sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_x86_64.whl (5.5 MB view details)

Uploaded May 15, 2026 CPython 3.12macOS 15.0+ x86-64

sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_arm64.whl (4.7 MB view details)

Uploaded May 15, 2026 CPython 3.12macOS 15.0+ ARM64

File details

Details for the file sogen-0.0.1.dev3483.tar.gz.

File metadata

Download URL: sogen-0.0.1.dev3483.tar.gz
Upload date: May 15, 2026
Size: 21.0 MB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sogen-0.0.1.dev3483.tar.gz
Algorithm	Hash digest
SHA256	`32eed6d72315777194666115ede0fdfa0e8ad86cba282146cd716d41ca210ecc`
MD5	`20e0dab77e5be160b502e0edb12a7fa9`
BLAKE2b-256	`263931b75d6e27ac2394f6adaefb1c926f99ad4bb37229cf8c9a93d807889401`

See more details on using hashes here.

Provenance

The following attestation bundles were made for sogen-0.0.1.dev3483.tar.gz:

Publisher: build-push.yml on momo5502/sogen

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: sogen-0.0.1.dev3483.tar.gz
- Subject digest: 32eed6d72315777194666115ede0fdfa0e8ad86cba282146cd716d41ca210ecc
- Sigstore transparency entry: 1548164669
- Sigstore integration time: May 15, 2026
Source repository:
- Permalink: momo5502/sogen@98d6892ec76c0082fbff77da3f145484c3ac46e1
- Branch / Tag: refs/heads/main
- Owner: https://github.com/momo5502
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: build-push.yml@98d6892ec76c0082fbff77da3f145484c3ac46e1
- Trigger Event: push

File details

Details for the file sogen-0.0.1.dev3483-cp312-cp312-win_amd64.whl.

File metadata

Download URL: sogen-0.0.1.dev3483-cp312-cp312-win_amd64.whl
Upload date: May 15, 2026
Size: 3.7 MB
Tags: CPython 3.12, Windows x86-64
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sogen-0.0.1.dev3483-cp312-cp312-win_amd64.whl
Algorithm	Hash digest
SHA256	`1a3db0cac373fe3862326ca080d55a62b0bddec09177380fcb021dd5a915d4a6`
MD5	`fa5baa96595b6e1ad5d5588e48385ebf`
BLAKE2b-256	`5d7885ccf343e3c74bc8cd8284978ab27a519f09d9adcb7df496ae0245d973bf`

See more details on using hashes here.

Provenance

The following attestation bundles were made for sogen-0.0.1.dev3483-cp312-cp312-win_amd64.whl:

Publisher: build-push.yml on momo5502/sogen

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: sogen-0.0.1.dev3483-cp312-cp312-win_amd64.whl
- Subject digest: 1a3db0cac373fe3862326ca080d55a62b0bddec09177380fcb021dd5a915d4a6
- Sigstore transparency entry: 1548164786
- Sigstore integration time: May 15, 2026
Source repository:
- Permalink: momo5502/sogen@98d6892ec76c0082fbff77da3f145484c3ac46e1
- Branch / Tag: refs/heads/main
- Owner: https://github.com/momo5502
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: build-push.yml@98d6892ec76c0082fbff77da3f145484c3ac46e1
- Trigger Event: push

File details

Details for the file sogen-0.0.1.dev3483-cp312-cp312-manylinux_2_39_x86_64.whl.

File metadata

Download URL: sogen-0.0.1.dev3483-cp312-cp312-manylinux_2_39_x86_64.whl
Upload date: May 15, 2026
Size: 6.8 MB
Tags: CPython 3.12, manylinux: glibc 2.39+ x86-64
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sogen-0.0.1.dev3483-cp312-cp312-manylinux_2_39_x86_64.whl
Algorithm	Hash digest
SHA256	`ccedc54f944fb194c0ea57ab3eb70cceb283212fa07988e3511e58f071016678`
MD5	`26fc687b29199d62bf3e48dc10409d65`
BLAKE2b-256	`02749f03a00f82e9848acf24e277ba432c2672ea0e7b87db826843bf3a6d0884`

See more details on using hashes here.

Provenance

The following attestation bundles were made for sogen-0.0.1.dev3483-cp312-cp312-manylinux_2_39_x86_64.whl:

Publisher: build-push.yml on momo5502/sogen

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: sogen-0.0.1.dev3483-cp312-cp312-manylinux_2_39_x86_64.whl
- Subject digest: ccedc54f944fb194c0ea57ab3eb70cceb283212fa07988e3511e58f071016678
- Sigstore transparency entry: 1548164846
- Sigstore integration time: May 15, 2026
Source repository:
- Permalink: momo5502/sogen@98d6892ec76c0082fbff77da3f145484c3ac46e1
- Branch / Tag: refs/heads/main
- Owner: https://github.com/momo5502
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: build-push.yml@98d6892ec76c0082fbff77da3f145484c3ac46e1
- Trigger Event: push

File details

Details for the file sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_x86_64.whl.

File metadata

Download URL: sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_x86_64.whl
Upload date: May 15, 2026
Size: 5.5 MB
Tags: CPython 3.12, macOS 15.0+ x86-64
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_x86_64.whl
Algorithm	Hash digest
SHA256	`3b50aea90395d54aa8c6344e2f490ff42c40553757b2548428d092a17d07bf00`
MD5	`c4300b2ff182f925e3365b168ccc99df`
BLAKE2b-256	`8e60f7f343bd14668d302e4b572bd40802a898b93fe7ba07e78e00e228074224`

See more details on using hashes here.

Provenance

The following attestation bundles were made for sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_x86_64.whl:

Publisher: build-push.yml on momo5502/sogen

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_x86_64.whl
- Subject digest: 3b50aea90395d54aa8c6344e2f490ff42c40553757b2548428d092a17d07bf00
- Sigstore transparency entry: 1548164920
- Sigstore integration time: May 15, 2026
Source repository:
- Permalink: momo5502/sogen@98d6892ec76c0082fbff77da3f145484c3ac46e1
- Branch / Tag: refs/heads/main
- Owner: https://github.com/momo5502
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: build-push.yml@98d6892ec76c0082fbff77da3f145484c3ac46e1
- Trigger Event: push

File details

Details for the file sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_arm64.whl.

File metadata

Download URL: sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_arm64.whl
Upload date: May 15, 2026
Size: 4.7 MB
Tags: CPython 3.12, macOS 15.0+ ARM64
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_arm64.whl
Algorithm	Hash digest
SHA256	`c5de7903b173ded7a4bdb7b695eb9d8bae8af2cbc69ea88cba1bac552b6477c5`
MD5	`9442f71b350aaa3c4f6ee0a713aa2ef6`
BLAKE2b-256	`87b9f85aeb029b2e1183c7f4854348d72997f15c73c7768cf0ff6072064da161`

See more details on using hashes here.

Provenance

The following attestation bundles were made for sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_arm64.whl:

Publisher: build-push.yml on momo5502/sogen

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: sogen-0.0.1.dev3483-cp312-cp312-macosx_15_0_arm64.whl
- Subject digest: c5de7903b173ded7a4bdb7b695eb9d8bae8af2cbc69ea88cba1bac552b6477c5
- Sigstore transparency entry: 1548164732
- Sigstore integration time: May 15, 2026
Source repository:
- Permalink: momo5502/sogen@98d6892ec76c0082fbff77da3f145484c3ac46e1
- Branch / Tag: refs/heads/main
- Owner: https://github.com/momo5502
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: build-push.yml@98d6892ec76c0082fbff77da3f145484c3ac46e1
- Trigger Event: push

sogen 0.0.1.dev3483

Navigation

Verified details

Maintainers

Unverified details

Meta

Classifiers

Project description

Key Features

Preview

YouTube Overview

Python Bindings

Quick Start (Windows + Visual Studio)

Project details

Verified details

Maintainers

Unverified details

Meta

Classifiers

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distributions

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance