need help for a project

[nathanebar]

Good evening/morning,

I am a 4 year computer science student and have a project where I think I need to use Unicorn Engine. My project is to emulate a single function from an executable (PE, ELF or MACH-O) for all the platforms (Windows, Linux or Mac). I know that your project can do that but I have to write a code less bigger and by myself. I wanted to know if you could give me any advice for it ? In your project, I don't realy understand where are the instructions we want to emulate ? What I understood is that you write all the instructions of the executable in the Unicorn instance and then you emulate what you want. Is that?

Thank you for your time, Sorry for inconvenience , NB

[jtbennett-fe]

Hello NB,

With Unicorn, you have to allocate memory in the emulator, write the instruction bytes to it, then emulate it. See https://github.com/unicorn-engine/unicorn/blob/master/bindings/python/sample_x86.py#L103 for an example of this. In flare-emu, it loads the executable binary in Unicorn similar to how the operating system would load it in process memory. It reads the executable's headers and maps the executable's segments to the emulator's memory. See https://github.com/mandiant/flare-emu/blob/master/flare_emu.py#L1484 for how it does this.

Good luck!

[nathanebar]

thank you very much Just one last question if possible Do you know how to initialize the ebp register with multiple arguments before emulation? I don't see any example on Unicorn

Thanks

[jtbennett-fe]

You are welcome! For your last question, that is not how the x86 architecture works. General purpose registers such as ebp can only hold a single 32-bit value. You will need to spend some time learning more about x86 before you can properly complete your project. There are a lot of free resources on the internet to help you learn it. Here is one example: https://opensecuritytraining.info/IntroX86.html