Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

change ip on “Uc(UC_ARCH_X86, UC_MODE_16) ” may no work? #1983

Open
Teloivts opened this issue Jul 31, 2024 · 1 comment
Open

change ip on “Uc(UC_ARCH_X86, UC_MODE_16) ” may no work? #1983

Teloivts opened this issue Jul 31, 2024 · 1 comment

Comments

@Teloivts
Copy link 

from unicorn import *
from unicorn.x86_const import *
#Uc(UC_ARCH_X86, UC_MODE_16) can't change ip usefully?
# 16-bit code to be executed (example: simple infinite loop)

# Memory address where emulation starts
ADDRESS = 0x1000

def hook_code(uc, address, size, user_data):
    # Read the current instruction pointer
    ip = uc.reg_read(UC_X86_REG_IP)
    print(f"IP: {ip:#04x}")

    # Hook condition: jump to a new address if IP is at specific location
    if ip == ADDRESS:
        new_ip = 0x1002
        uc.reg_write(UC_X86_REG_IP, new_ip)
        print('ok?')

def main():
    CODE = b'\xeb\xfe'*1024  # JMP $
    mu = Uc(UC_ARCH_X86, UC_MODE_16)
    mu.mem_map(ADDRESS, 2 * 1024 * 1024)
    mu.mem_write(ADDRESS, CODE)
    mu.hook_add(UC_HOOK_CODE, hook_code)
    try:
        mu.emu_start(ADDRESS, ADDRESS + len(CODE))
    except UcError as e:
        print(f"ERROR: {e}")

if __name__ == '__main__':
    main()

maybe i just make a mistake
environment:win10,x86.
PS D:\Vscode\spark> pip show unicorn
Name: unicorn
Version: 2.0.1.post1
@ljluestc
Copy link 

from unicorn import *
from unicorn.x86_const import *

# Memory address where emulation starts
ADDRESS = 0x1000

def hook_code(uc, address, size, user_data):
    # Here, we're reading the current IP, but remember this might be after the instruction has started
    ip = uc.reg_read(UC_X86_REG_IP)
    print(f"Current IP: {ip:#04x}")

    # Condition to change IP - for example, we'll jump after first instruction
    if ip == ADDRESS:
        new_ip = 0x1002  # Jump to next instruction after the JMP
        uc.reg_write(UC_X86_REG_IP, new_ip)
        print(f'Jumped to IP: {new_ip:#04x}')
    else:
        print(f"IP unchanged, current: {ip:#04x}")

def main():
    # Simple code: JMP to next instruction followed by a NOP
    CODE = b'\xeb\x02\x90'  # JMP +2, NOP (0x90)
    mu = Uc(UC_ARCH_X86, UC_MODE_16)
    mu.mem_map(ADDRESS, 2 * 1024 * 1024)
    mu.mem_write(ADDRESS, CODE)
    
    # Hook every code execution
    mu.hook_add(UC_HOOK_CODE, hook_code)
    
    try:
        # Emulate for a short duration to see if jump works
        mu.emu_start(ADDRESS, ADDRESS + len(CODE), count=3)  # Emulate 3 instructions
    except UcError as e:
        print(f"ERROR: {e}")

if __name__ == '__main__':
    main()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ljluestc @Teloivts