search

hzqst / unicorn_pe

Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.
MIT License
787 stars 199 forks source link

Got error when compiling project #4

Open eix128 opened 5 years ago

eix128 commented 5 years ago

Hi , i have Windows 10 x64 PC Project on Debug Mode with x64 Visual Studio 2017 Windows SDK 10.0.17763.0

I cant compile the project.

Severity Code Description Project File Line Suppression State Error LNK2001 unresolved external symbol "struct asmjit::X86RegData const asmjit::x86RegData" (?x86RegData@asmjit@@3UX86RegData@1@B) unicorn_pe C:\Users\kadir\Desktop\unicorn_pe\unicorn_pe\emuapi.obj 1

Severity Code Description Project File Line Suppression State Error (active) E2633 invalid nontype template argument of type "HANDLE" unicorn_pe C:\Users\kadir\Desktop\unicorn_pe\Blackbone\src\BlackBone\Include\HandleGuard.h 84

Severity Code Description Project File Line Suppression State Error (active) E2633 invalid nontype template argument of type "HANDLE" unicorn_pe C:\Users\kadir\Desktop\unicorn_pe\Blackbone\src\BlackBone\Include\HandleGuard.h 85

Severity Code Description Project File Line Suppression State Error LNK2001 unresolved external symbol "struct asmjit::X86RegData const asmjit::x86RegData" (?x86RegData@asmjit@@3UX86RegData@1@B) unicorn_pe C:\Users\kadir\Desktop\unicorn_pe\unicorn_pe\unicorn_pe.obj 1

Severity Code Description Project File Line Suppression State Error LNK2019 unresolved external symbol __imp_Disasm referenced in function "private: bool cdecl blackbone::TraceHook::CheckBranching(struct blackbone::HookContext const &,unsigned int64,unsigned __int64)" (?CheckBranching@TraceHook@blackbone@@AEAA_NAEBUHookContext@2@_K1@Z) BlackBone C:\Users\kadir\Desktop\unicorn_pe\Blackbone\src\BlackBone\TraceHook.obj 1

How can i compile the project ?

hzqst commented 5 years ago

It seems you have problem compiling BlackBone.

eix128 commented 5 years ago

Yes , so how to solve the issue ?

hzqst commented 5 years ago

I guess you have failed to compile BlackBone static lib which lead to link error later. compile the whole solution again and see if there are some errors with BlackBone (maybe missing lib? if so , pull the latest reposity and it should resolve)

2

eix128 commented 5 years ago

1>------ Build started: Project: BlackBone, Configuration: Debug(DLL) x64 ------ 1>Assembling Syscalls\Syscall32.asm... 1>BlackBone.vcxproj -> C:\Users\Admin\Desktop\unicorn_pe\build\x64\Debug(DLL)\BlackBone.dll 1>0 File(s) copied 1>File not found - msdia140.dll 1>File not found - symsrv.dll 1>0 File(s) copied 1>C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VC\VCTargets\Microsoft.CppCommon.targets(138,5): error MSB3073: The command "xcopy "C:\Users\Admin\Desktop\unicorn_pe\Blackbone\src\BlackBone....\DIA\x64\msdia140.dll" "C:\Users\Admin\Desktop\unicorn_pe\build\x64\Debug(DLL)\" /Y 1>C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VC\VCTargets\Microsoft.CppCommon.targets(138,5): error MSB3073: xcopy "C:\Users\Admin\Desktop\unicorn_pe\Blackbone\src\BlackBone....\DIA\x64\symsrv.dll" "C:\Users\Admin\Desktop\unicorn_pe\build\x64\Debug(DLL)\" /Y 1>C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VC\VCTargets\Microsoft.CppCommon.targets(138,5): error MSB3073: :VCEnd" exited with code 4. 1>Done building project "BlackBone.vcxproj" -- FAILED. ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

hzqst commented 5 years ago

BlackBone, Configuration: Debug(DLL) x64

the BlackBone is supposed to be compiled as Debug x64 rather than Debug(DLL) x64

and meanwhile, I guess you were opening the dependencies' vcxproj files one by one. did you ever try unicorn_pe.sln?

eix128 commented 5 years ago

Yes now compiled fine. This framework will be very useful if it can be used like cheatengine. Search for string Changing data at runtime. Game cheats or cracking.

Now on windows , can i use it to hook system calls on any exe file ? Can this framework be implemented on linux , ios , android also ? For hooking all library calls

hzqst commented 5 years ago

Yes now compiled fine. This framework will be very useful if it can be used like cheatengine. Search for string Changing data at runtime. Game cheats or cracking.

Now on windows , can i use it to hook system calls on any exe file ? Can this framework be implemented on linux , ios , android also ? For hooking all library calls

You can but why not use API hook? it is even simpler This framework can not be impl on linux, since linux use ELF rather than PE format. There are some other framework that does the exactly same job for linux ELF /so files, see http://www.unicorn-engine.org/showcase/

eix128 commented 5 years ago

I cant hook for string returns with cheat engine. Like i will search for RAX register ( function return value) value to "secret key" or i will search for function void test(char **input); When RAX register will be "secret key" which functions being called for this string. addresses of these functions. Then i can replay or change the "secret key" So that i can use app for my own purpose. This can be also good for Linux and Windows

eix128 commented 5 years ago

Well , i can now use Panda :) https://github.com/panda-re/panda

847095356 commented 4 years ago

why i cant find header file "cor.h"

hzqst commented 4 years ago

why i cant find header file "cor.h"

it's part of .NET/CLR of Visual Studio installation

847095356 commented 4 years ago

why i cant find header file "cor.h"

it's part of .NET/CLR of Visual Studio installation

that means i should install .net it in vs installer?

hzqst commented 4 years ago

why i cant find header file "cor.h"

it's part of .NET/CLR of Visual Studio installation

that means i should install .net it in vs installer?

yes

847095356 commented 4 years ago

why i cant find header file "cor.h"

it's part of .NET/CLR of Visual Studio installation

that means i should install .net it in vs installer?

yes

thank u have a good day

847095356 commented 4 years ago

how to use this create a dump for the packed .sys or rebuild its imports ... im a newer

hzqst commented 4 years ago

how to use this create a dump for the packed .sys or rebuild its imports ... im a newer

unicorn_pe.exe [filename_of_sys] -k -dump -packed

847095356 commented 4 years ago

how to use this create a dump for the packed .sys or rebuild its imports ... im a newer

unicorn_pe.exe [filename_of_sys] -k -dump -packed

...so where is the dump file

851083624 commented 2 years ago

我用VS2019编译一直失败 选的x64Debug 10.0.17763.0 已启动重新生成… 1>------ 已启动全部重新生成: 项目: BlackBone, 配置: Debug x64 ------ 1>Assembling Syscalls\Syscall64.asm... 1>assembler.cpp 1>codegen.cpp 1>constpool.cpp 1>containers.cpp 1>cpuinfo.cpp @@@@@1>cputicks.cpp 1>error.cpp 1>globals.cpp 1>operand.cpp 1>runtime.cpp 1>string.cpp 1>vmem.cpp 1>zone.cpp 1>x86assembler.cpp 1>x86cpuinfo.cpp 1>x86inst.cpp 1>x86operand.cpp 1>x86operand_regs.cpp 1>wow64ext.cpp 1>AsmHelper32.cpp 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\3rd_party\AsmJit\x86\x86inst.cpp(62,40): warning C5054: 运算符“|”: 已在不同类型的枚举之间弃用 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\3rd_party\AsmJit\x86\x86inst.cpp(63,40): warning C5054: 运算符“|”: 已在不同类型的枚举之间弃用

1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\Include\HandleGuard.h(36,18): error C2039: "addressof": 不是 "std" 的成员 (编译源文件 Misc\InitOnce.cpp) 1>D:\Windows Kits\10\Include\10.0.17763.0\ucrt\stddef.h(19): message : 参见“std”的声明 (编译源文件 Misc\InitOnce.cpp) 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\Include\HandleGuard.h(81): message : 查看对正在编译的 类 模板 实例化“blackbone::HandleGuard<handle_t,close_fn,zero_handle>”的引用 (编译源文件 Misc\InitOnce.cpp)

1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(27,33): error C2039: "wstring": 不是 "std" 的成员 1>C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\14.29.30133\include\vector(24): message : 参见“std”的声明 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(27,40): error C4430: 缺少类型说明符 - 假定为 int。注意: C++ 不支持默认 int 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(27,40): error C2143: 语法错误: 缺少“,”(在“&”的前面) 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(32,5): error C2065: “_path”: 未声明的标识符 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(32,13): error C2065: “path”: 未声明的标识符 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(53,37): error C2065: “_path”: 未声明的标识符 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(62,41): error C2065: “_path”: 未声明的标识符 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(143,6): error C2039: "wstring": 不是 "std" 的成员 1>C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\14.29.30133\include\vector(24): message : 参见“std”的声明 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(143,24): error C2039: "GetImageRuntimeVer": 不是 "blackbone::ImageNET" 的成员 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.h(21): message : 参见“blackbone::ImageNET”的声明 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(143,42): error C4430: 缺少类型说明符 - 假定为 int。注意: C++ 不支持默认 int 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(143,42): error C2146: 语法错误: 缺少“;”(在标识符“GetImageRuntimeVer”的前面) 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(144,1): error C2143: 语法错误: 缺少“;”(在“{”的前面) 1>C:\Users\Administrator\Desktop\XR\unicorn_pe-master\Blackbone\src\BlackBone\PE\ImageNET.cpp(144,1): error C2447: “{”: 缺少函数标题(是否是老式的形式表?)