hzqst/unicorn_pe hzqst/unicorn_pe

  • Stars
    star
    617
  • Rank 72,412 (Top 2 %)
  • Language
    C
  • License
    MIT License
  • Created almost 6 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
hzqst/unicorn_pe
github

hzqst

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.

Unicorn PE

Unicorn PE is an unicorn based instrumentation project/framework designed to emulate code execution for windows PE files, especially packed ones.

Feature

Dump PE image from emu-memory into file, fix import table, decrypt VMProtect strings, decrypt VMProtect imports.

Partial support for exception. (only #DB and #BP)

Show disasm for all instructions that is being executed.

Update BlackBone to latest ver (2020.4.5).

TODO

Feature: x86 (low priority) -- 0%

Build

Visual Studio 2017 or 2019

Open unicorn_pe.sln with Visual Studio

Build project "unicorn_pe" as x64/Release or x64/Debug. (No x86 support for now)

Usage

unicorn_pe (filename or filepath) [-k for kernel mode driver emulation] [-disasm for displaying disasm] [-dump for binary dump] [-packed for packed binary] [-boundcheck for memory access bound check, may slower the execution]

Programming

...to be documented

Snapshots

original driver

1

vmprotect packed driver

2

vmprotect is fixing encrypted IAT

3

vmprotect goes back to original entry point

4

vmprotect packed DLL, full user-mode emulation.

4

License

This software is released under the MIT License, see LICENSE.

Dependencies

A modification of https://github.com/DarthTon/Blackbone is done for PE manual-mapping.

https://github.com/unicorn-engine/unicorn for emulation.

https://github.com/aquynh/capstone for disasm.

More Repositories

1

VmwareHardenedLoader

Vmware Hardened VM detection mitigation loader (anti anti-vm)
C
1,216
star
2

Syscall-Monitor

Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+
POV-Ray SDL
666
star
3

FuckCertVerifyTimeValidity

This tiny project prevents the signtool from verifing cert time validity and let you sign your bin with outdated cert without changing system time manually
C++
160
star
4

MetaHookSv

MetaHook (https://github.com/nagist/metahook) porting for SvEngine (GoldSrc engine modified by Sven-Coop)
C++
93
star
5

CGAssistantJS

CGAssistant is a helper for you to play CrossGate (中译:魔力宝贝) with highly automated game experience.
JavaScript
49
star
6

CGAssistant

CGAssistant is a helper for you to play CrossGate (中译:魔力宝贝) with highly automated game experience.
C++
48
star
7

MetaRenderer

C++
16
star
8

FortniteLama

This project exploits the lama bug from Fortnite Save the World that every times you quit SSD with +ALT+F4 you get 4 mini lama(s)
C++
12
star
9

CaptionMod

This is a caption/subtitle plugin designed for displaying captions/subtitles in GoldSRC engine & VGUI2 based singleplayer games.
C++
10
star
10

metamod-fallguys

It's a metamod plugin for Fall Guys maps in Sven Co-op
C
8
star
11

ForniteCNCrashFix

the driver fix a bug that Fornite Chinese server version always crash under Windows 10.
C++
4
star
12

Chicken-Fortress-3

Chicken Fortress 3 is a Half-Life mod that ported source game Team Fortress 2 to GoldSRC engine.
3
star
13

SteamAppsLocation

SteamAppsLocation is a simple program using Steam-Apps-Management-API to locate InstallDir for steam games.
C#
2
star
14

BindlessTextureMinimumDemo

Basically the title
C++
1
star
15

sven-fallguys

Fall Guys in Sven Co-op
1
star