from megastone import Emulator, ARCH_ARM
emu = Emulator(ARCH_ARM)
segment = emu.mem.allocate(0x1000, 'code')
emu.mem.write_code(
segment.address, """
MOV R0, 1
ADD R0, R0
ADD R0, R0
ADD R0, R0
""")
emu.add_code_hook(lambda e: print(e.get_curr_insn(), e.regs.r0))
emu.run(count=4, address=segment.address)
emu = Emulator(ARCH_X86)
emu.allocate_stack(0x1000)
start_seg = emu.mem.allocate(0x1000)
func_seg = emu.mem.allocate(0x1000)
emu.mem.write_code(
start_seg.address, f"""
push 1
push 2
call 0x{func_seg.address:X}
{'nop;'*20}
""")
emu.mem.write_code(func_seg.address, f"""
mov eax, 700
ret
""")
def func_hook(emu: Emulator):
print(hex(emu.sp), emu.get_curr_insn()
) #since this opcode never runs, the trace func isn't called
return emu.stack[1] + emu.stack[2]
emu.replace_function(func_seg.address, func_hook)
emu.add_code_hook(lambda e: print(hex(e.sp), e.get_curr_insn()))
emu.add_code_hook(HOOK_STOP, start_seg.address + 0x10)
emu.run(address=start_seg.address)
print(emu.regs.eax)
from megastone import Emulator, ARCH_ARM64, HOOK_STOP_ONCE
emu = Emulator(ARCH_ARM64)
segment = emu.mem.allocate(0x1000, 'code')
emu.mem.write_code(
segment.address, """
start:
MOV X0, 0
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
ADD X0, X0, 1
B start
""")
emu.add_breakpoint(segment.address + 0x8)
emu.add_code_hook(HOOK_STOP_ONCE, segment.address + 0x10)
emu.add_breakpoint(segment.address + 0x18)
emu.add_code_hook(lambda e: print(e.get_curr_insn(), e.regs.x0))
emu.jump(segment.address)
for _ in range(5):
print(emu.run())