alexhude
commented
5 years ago Thank you for your feedback.
However, I don't think there is an issue here, because step is NOT called recursively. According to IDA SDK
THREAD_SAFE int execute_sync ( exec_request_t & req, int reqf )
Execute code in the main thread.Therefore, there is a new thread created for every instruction, but as soon as instruction is executed execute_sync(uEmuOnMainCallable(result_handler), MFF_WRITE) returns control back to main thread. Then result_handler creates new thread to execute next instruction.
It was intentionally designed that way with the idea of using some third party modules while control is back to IDA main thread (advanced manual fuzzing, monitoring, dynamic instrumentation etc). This means, even if we run with UC_HOOK_CODE we have to wait for the main thread to continue. For the purpose of running/tracing code quickly I strongly suggest using unicorn API directly because in this case you don't need to interact with CPU state in custom uEmu IDA views.
Also, as I remember, at the time of writing UC_HOOK_CODE was not working properly causing some odd issues during big block execution.
Vtec234
The code for
stepstarts a new thread to do the step, probably to keep the simulation asynchronous, which is fair enough and useful. But thestepfunction is only capable of executing one instruction at a time. Therunfunctionality also usesstep, just with a special constantkStepCount_Runwhich means "keep going". The issue is thatstep_thread_mainwill callsteprecursively, which will spawn a brand new thread.. on every instruction. Unicorn is slower than hardware, but not that slow, so this control flow makes emulation orders of magnitude slower than it needs to be. Proposed fix: callemu_startwith an indefinite count in thestep_thread_mainthread and use Unicorn hooks (UC_HOOK_CODE) to do the tracing, breakpoint handling andIDAAPI_MakeCode.