Convenience helpers for working with the Unicorn emulator
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
ucutils - Unicorn Emulator Utilities
ucutils provides helper utilities and abstractions for working with the Unicorn CPU emulator. It simplifies memory management, register access, and architecture-specific operations while supporting both x86 and x64 architectures. The library also includes Windows-specific utilities for emulating Windows structures and behaviors.
For more comprehensive Windows emulation including API hooking and system call emulation, consider using the Speakeasy project. ucutils focuses on providing low-level CPU emulation utilities rather than full system emulation.
Create the extended emulator instance:
emu = ucutils.emu.Emulator(unicorn.UC_ARCH_X86, unicorn.UC_MODE_64)
Map and access memory (typical Unicorn API):
emu.mem_map(0x0, 0x1000)
code = b"\x48\xC7\xC0\x01\x00\x00\x00" # mov rax, 0x1
emu.mem_write(0x0, code)
emu.emu_start(0x0, len(code))
Easily access registers:
assert emu.rax == 0x1
And, easily allocate and access memory:
addr = emu.mem.alloc(0x1000)
emu.mem_write(addr, b"AAAA")
assert emu.mem[addr:addr+4] == b"AAAA"
Stack operations:
emu.push(0xAA)
assert emu.pop() == 0xAA
Emulation stepping:
emu.mem_map(0x0, 0x1000)
code = b"\x48\xC7\xC0\x01\x00\x00\x00\x48\xC7\xC3\x02\x00\x00\x00" # mov rax,0x1; mov rbx,0x2
emu.mem_write(0x0, code)
emu.stepi() # Execute first instruction
assert emu.pc == 0x7
assert emu.rax == 0x1
Checkpointing:
assert emu.rax == 0x0
assert emu.rbx == 0x0
with ucutils.checkpoint.checkpoint(emu):
emu.rax = 0x1
emu.rbx = 0x2
emu.stepi()
# changes will be reverted after the block,
# including memory contents and registry context.
assert emu.rax == 0x0
assert emu.rbx == 0x0
Install TEB and PEB for Windows process emulation (useful for tracing shellcode), and then load a PE file:
ucutils.plat.win64.map_teb(emu)
pe = pefile.PE(data=b"MZ...")
ucutils.plat.win.load_dll(emu, {"filename": "payload.dll", "pe": pe})
# exports are added to emu.symbols
assert "payload.dll!ServiceMain" in emu.symbols
# LDR_ENTRY is registered in emulated memory,
# which is useful for (shellcode) payloads that manually resolve imports.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ucutils-0.3.3.tar.gz.
File metadata
- Download URL: ucutils-0.3.3.tar.gz
- Upload date:
- Size: 31.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/4.0.1 CPython/3.11.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a1b6297b590b82bf3e2c30a77343d766f3e148efcf7e29d3b762d23021569a4d
|
|
| MD5 |
0e0a663f1893acda0bcc868483353ff6
|
|
| BLAKE2b-256 |
d506057ace1f0b3c7a34b4873ce81327728306ac7053d8101d7d3159ba65bbf1
|
File details
Details for the file ucutils-0.3.3-py3-none-any.whl.
File metadata
- Download URL: ucutils-0.3.3-py3-none-any.whl
- Upload date:
- Size: 27.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/4.0.1 CPython/3.11.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6ec996f27f47a00f4b56a05f4e5ec1c742f0e1341f9e1fba30535bbd790f2b0a
|
|
| MD5 |
df6e6886e2a6516659e48fe813cc7b68
|
|
| BLAKE2b-256 |
ac108ed21c9cfddffad71278f0d40b51e1bf1850d98715cd15f6487d1af742d0
|
