Sample execution error

[FernandoDoming]

Trying to execute the sample provided in README.md yields the following:

advapi32.dll is loaded @ 0x70000000
kernel32.dll is loaded @ 0x700a1000
urlmon.dll is loaded @ 0x701b1000
stack: 0x5ff00000-0x60000000
Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 315, in 'calling callback function'
  File "/usr/local/lib/python2.7/site-packages/unicorn/unicorn.py", line 438, in _hookcode_cb
    cb(self, address, size, data)
  File "/Users/fernando/dev/python/unitracer/unitracer/windows.py", line 294, in _hook_code
    api_hooks[func].hook(self)
AttributeError: 'function' object has no attribute 'hook'

[icchy]

hi, what is your environment? it works successfully on my macOS.

[FernandoDoming]

Tried in both Ubuntu 16.10 and macOS 10.12.6

$ python --version
Python 2.7.10

$ cat test.py
# Copied from README.md
import unitracer
from unicorn.x86_const import *

uni = unitracer.Windows()

# add search path for dll
uni.dll_path.insert(0, "dlls")

# change stack
uni.STACK_BASE = 0x60000000
uni.STACK_SIZE = 0x10000

# load binary
uni.load_pe('./samples/AntiDebug.exe')
# uni.load_code(open('./samples/URLDownloadToFile.sc').read())

# add api hooks
def IsDebuggerPresent(ip, sp, ut):
    emu = ut.emu
    retaddr = ut.popstack()
    print "IsDebuggerPresent"
    emu.reg_write(UC_X86_REG_EAX, 0)
    ut.pushstack(retaddr)

uni.api_hooks['IsDebuggerPresent'] = IsDebuggerPresent

# add original hooks
def myhook(ut, address, size, userdata):
    if address == 0xdeadbeef:
        ut.dumpregs(["eax", "ebx"])

uni.hooks.append(myhook)

# suppress verbose output (disassemble)
uni.verbose = False

uni.start(0)

--------------------------------------------------------------------------
$ python test.py
advapi32.dll is loaded @ 0x70000000
kernel32.dll is loaded @ 0x700a1000
urlmon.dll is loaded @ 0x701b1000
stack: 0x5ff00000-0x60000000
Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 314, in 'calling callback function'
  File "/Library/Python/2.7/site-packages/unicorn/unicorn.py", line 438, in _hookcode_cb
    cb(self, address, size, data)
  File "/Users/fernando.dominguez/dev/python/tracecorn/unitracer/windows.py", line 293, in _hook_code
    api_hooks[func].hook(self)
AttributeError: 'function' object has no attribute 'hook'
GetWindowsDirectoryA = "C:\Windows"
unregistered function: lstrcat
URLDownloadToFileA (pCaller=0x0, szURL="https://www.dropbox.com/s/fr3z6axblxfcmq8/UrlDownLoadtoFile.exe?dl=0", szFileName="C:\Windows", lpfnCB=0x0)
RegCreateKeyA (hKey=0x80000002, lpSubkey="Software\Microsoft\Windows\CurrentVersion\Run", phkResult=0x403159)
RegSetValueExA (hKey=0x12341234, lpValueName="ransomware", dwType=None, lpData="C:\Windows", cbData=260)
RegCloseKey (hKey=0x12341234)
ExitProcess (0)
ERROR: Unhandled CPU exception (UC_ERR_EXCEPTION)
eax: 0x00000000
ebx: 0x00000000
ecx: 0x00000000
edx: 0x00000000
edi: 0x00000000
esi: 0x00000000
esp: 0x5ffffff8
ebp: 0x60000000
eip: 0x00401081

---------------------------------------------------------------------------
$ git log --short
22bf067 (HEAD -> master, origin/master, origin/HEAD) Create LICENSE
8445584 Merge pull request #12 from icchy/dev
baa2145 fix Windows with unitrace
[...]

[icchy]

Thank you for your report, I checked and found that the example code doesn't work. I'll fix it soon.

[icchy]

fixed. please recheck!

[FernandoDoming]

Checked, works now.

Thanks! Much appreciated