Documentation
¶
Overview ¶
Package util package provides some helper functions for interacting with unicorn emulator that are independent from any of the process emulation happening
Index ¶
- func ASCIIToWinWChar(s string) []byte
- func CreateSelector(index, flags uint32) uint64
- func GetPointer(u uc.Unicorn, ptrSize uint64, where uint64) (uint64, error)
- func GetStackEntryByIndex(u uc.Unicorn, mode int, n int) uint64
- func NewGdtEntry(base, limit, access, flags uint32) uint64
- func ParseFormatter(format string) []string
- func PushStack(u uc.Unicorn, mode int, val uint64)
- func PutPointer(u uc.Unicorn, ptrSize uint64, where uint64, ptr uint64) error
- func RandomName(l int) string
- func ReadASCII(u uc.Unicorn, addr uint64, size int) string
- func ReadPeFile(u uc.Unicorn, addr uint64) (pefile.PeFile, error)
- func ReadWideChar(u uc.Unicorn, addr uint64, size int) string
- func ResolveRegisterByName(name string) (int, error)
- func RoundUp(addr, mask uint64) uint64
- func SearchFile(searchPaths []string, filename string) (string, error)
- func StructWrite(u uc.Unicorn, addr uint64, data interface{}) error
- type GenericConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ASCIIToWinWChar ¶
ASCIIToWinWChar will convert an ascii string to a windows sized wchar (2 byte width)
func CreateSelector ¶
func GetPointer ¶
GetPointer will retrieve a pointer value from unicorn memory from the where argument address
func GetStackEntryByIndex ¶
GetStackEntryByIndex gets a single entry (pointer) off the stack at a given depth
func NewGdtEntry ¶
NewGdtEntry initializes a gdt table entry https://github.com/unicorn-engine/unicorn/blob/master/samples/sample_x86_32_gdt_and_seg_regs.c github.com/lunixbochs/usercorn/blob/981730e3cd6b4a4186eb91d51d6c1a907fe44b6f/go/arch/x86/linux.go#L64 scoding.de/setting-global-descriptor-table-unicorn
func ParseFormatter ¶
ParseFormatter will take a format string specifier and returns the individual formatters
func PushStack ¶
PushStack will push some value of some Unincorn Mode (uc.MODE_32, uc.MODE_64) onto the call stack located at ESP or RSP
func PutPointer ¶
PutPointer will take a pointer uint64 and write that pointer as little endian bytes into the emulator address specified by the where argument
func RandomName ¶
RandomName will generate a random string name of l length. This is primarily used for saving temporary files to the host file system
func ReadASCII ¶
ReadASCII will read an ascii string from memory, ending at a null byte. The null byte is also included in the return result
func ReadPeFile ¶
ReadPeFile will attempt to read a PE file from unicorn memory looking for specific headers
func ReadWideChar ¶
ReadWideChar will read a windows 2 byte wchar from an address, terminating at two null bytes. The return value will not include the null bytes.
func ResolveRegisterByName ¶
ResolveRegisterByName takes a register name like 'eax' or 'rax' and returns the unicorn enumeration value coorisponding to that register.
func SearchFile ¶
SearchFile is the primary function for searching the host/mock system for files for use in the emulator
Types ¶
type GenericConfig ¶
type GenericConfig struct {
Root string `yaml:"root"`
}
func ReadGenericConfig ¶
func ReadGenericConfig(config string) (conf GenericConfig, err error)
Source Files