def test_copy(emu: Emulator):
emu.mem.map(0x1000, 0x80)
emu.mem.write_code(0x1000, 'NOP; NOP; NOP')
emu.mem.write(0x1040, b'AAAA')
emu.jump(0x1000)
other = emu.copy()
emu.mem.write(0x1040, b'BBBB')
emu.run(3)
assert emu.pc == 0x100C
assert other.pc == 0x1000
assert other.mem.read(0x1040, 4) == b'AAAA'
emu = Emulator(ARCH_X86)
emu.allocate_stack(0x1000)
start_seg = emu.mem.allocate(0x1000)
func_seg = emu.mem.allocate(0x1000)
emu.mem.write_code(
start_seg.address, f"""
push 1
push 2
call 0x{func_seg.address:X}
{'nop;'*20}
""")
emu.mem.write_code(func_seg.address, f"""
mov eax, 700
ret
""")
def func_hook(emu: Emulator):
print(hex(emu.sp), emu.get_curr_insn()
) #since this opcode never runs, the trace func isn't called
return emu.stack[1] + emu.stack[2]
emu.replace_function(func_seg.address, func_hook)
emu.add_code_hook(lambda e: print(hex(e.sp), e.get_curr_insn()))
emu.add_code_hook(HOOK_STOP, start_seg.address + 0x10)
emu.run(address=start_seg.address)
print(emu.regs.eax)
from megastone import Emulator, ARCH_ARM
emu = Emulator(ARCH_ARM)
segment = emu.mem.allocate(0x1000, 'code')
emu.mem.write_code(
segment.address, """
MOV R0, 1
ADD R0, R0
ADD R0, R0
ADD R0, R0
""")
emu.add_code_hook(lambda e: print(e.get_curr_insn(), e.regs.r0))
emu.run(count=4, address=segment.address)
from megastone import Emulator, ARCH_ARM64, HOOK_STOP_ONCE
emu = Emulator(ARCH_ARM64)
segment = emu.mem.allocate(0x1000, 'code')
emu.mem.write_code(
segment.address, """
start:
MOV X0, 0
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
B start
""")
emu.add_breakpoint(segment.address + 0x8)
emu.add_code_hook(HOOK_STOP_ONCE, segment.address + 0x10)
emu.add_breakpoint(segment.address + 0x18)
emu.add_code_hook(lambda e: print(e.get_curr_insn(), e.regs.x0))
emu.jump(segment.address)
for _ in range(5):
print(emu.run())
LDR R0, ={data1}
LDR R1, [R0]
STR R1, [R0]
LDR R0, ={data4 + 3}
LDRB R1, [R0]
STRB R1, [R0]
LDR R0, ={data4 + 4}
LDRB R1, [R0]
STRB R1, [R0]
""")
def data_hook(emu: Emulator):
print(emu.get_curr_insn(), hex(emu.curr_hook.address), emu.curr_access)
def add_hooks(emu: Emulator, ptr, size):
emu.add_read_hook(data_hook, ptr, size)
emu.add_write_hook(data_hook, ptr, size)
add_hooks(emu, data1, 1)
add_hooks(emu, data2, 1)
add_hooks(emu, data3, 2)
add_hooks(emu, data4, 4)
add_hooks(emu, data5, 4)
emu.run(count=24, address=code_seg.address)