sha0coder / scemu Goto Github PK
View Code? Open in Web Editor NEWx86 malware emulator
Home Page: https://jolmos.blogspot.com
License: GNU General Public License v3.0
scemu's People
Contributors
Stargazers
Watchers
Forkers
run0nceex mak- parkjunmin zha0 apt-37 cybermonitor killvxk 5l1v3r1 lindainfosec hm200958 hellgatecorp gmh5225 ureshinop wuyadie airahc clayne brandonros ze3ter hxlxmjxbbxs hipepper vvelitkn iq-scm ogre2007 cossinadevil2kscemu's Issues
btc rax, 24 broken
{
"i": 44,
"x64dbgLine": {
"rawLine": {
"Index": "0002C",
"Address": "0000000144FF9578",
"Bytes": "48:0FBAF8 24",
"Disassembly": "btc rax,24",
"Registers": "rax: 200-> 1000000200",
"Memory": "",
"Comments": ""
},
"rip": "144ff9578",
"registerChanges": [
{
"registerName": "rax",
"previousValue": "200",
"newValue": "1000000200"
}
],
"memoryChanges": []
},
"scemuLine": {
"rawLine": "diff_reg: rip = 144ff9578",
"rip": "144ff9578",
"registerChanges": [],
"memoryChanges": []
},
"instructionErrors": [
{
"index": 0,
"message": "unmatchedRegisterChange mismatch (x64dbg but not scemu)",
"x64dbg": "rax"
}
]
},
thread 'main' panicked at 'not implemented: unimplemented register SIL', src/emu/regs64.rs:943:18
RUST_BACKTRACE=1 cargo run --release -- -6 -f /Users/brandonros/Downloads/redacted.exe
Finished release [optimized] target(s) in 0.08s
Running `target/release/scemu -6 -f /Users/brandonros/Downloads/redacted.exe`
use -vv to see the assembly code emulated, and -v to see the messages
initializing regs
loading memory maps
memory test Ok.
PE64 header detected.
no import directory at va 0xc4f.
IAT Bound started ...
IAT Bound.
Loaded /Users/brandonros/Downloads/redacted.exe
11 sections base addr 0x140000000
created pe32 map for section `.text` at 0x140001000 size: 10524854
entry point at 0x144901722 0x4901722
created pe32 map for section `.rdata` at 0x140a0b000 size: 32899160
created pe32 map for section `.data` at 0x14296c000 size: 371428
created pe32 map for section `.pdata` at 0x1429c7000 size: 232872
created pe32 map for section `.qtmetad` at 0x142a00000 size: 1334
created pe32 map for section `.qtmimed` at 0x142a01000 size: 322789
created pe32 map for section `.tls` at 0x142a50000 size: 24
created pe32 map for section `.jPc0` at 0x142a51000 size: 5392274
created pe32 map for section `.jPc1` at 0x142f76000 size: 6456
created pe32 map for section `.jPc2` at 0x142f78000 size: 34504780
/!\ warning: raw sz:34786304 off:34512896 sz:273408 off+sz:34786304
created pe32 map for section `.rsrc` at 0x145061000 size: 273368
----- emulation -----
thread 'main' panicked at 'not implemented: unimplemented register SIL', src/emu/regs64.rs:943:18
stack backtrace:
0: rust_begin_unwind
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/std/src/panicking.rs:584:5
1: core::panicking::panic_fmt
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/core/src/panicking.rs:143:14
2: scemu::emu::regs64::Regs64::get_reg
3: scemu::emu::Emu::get_operand_value
4: scemu::emu::Emu::run
5: scemu::main
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
pull libscemu into scemu
thoughts? big effort?
bswap not calling pre/post op diff
RUST_BACKTRACE=1 cargo run --target x86_64-apple-darwin --release -- -6 -vvv --regs --nocolors -f /Users/brandonros/Downloads/DTS9_PatcherV.exe > output.txt
4 0x144f84072: bswap r9d
rip: 0x144f84075 rax: 0x2192f626456f880d rbx: 0x652864ca3b113faf rcx: 0xdb1645f914f0b98c rdx: 0x1b92e33c4d2d70d2 rsi: 0x7a6be331cd9f0db8 rdi: 0x91eaf67c1ab84c06 rbp: 0x0
5 0x144f84075: movzx r9w,al
diff_reg: rip = 144f84075 r9 0 -> d;
rip: 0x144f8407a rax: 0x2192f626456f880d rbx: 0x652864ca3b113faf rcx: 0xdb1645f914f0b98c rdx: 0x1b92e33c4d2d70d2 rsi: 0x7a6be331cd9f0db8 rdi: 0x91eaf67c1ab84c06 rbp: 0x0
6 0x144f8407a: push r13 ;0x0
diff_reg: rip = 144f8407a rsp 14f490 -> 14f488;
shr setting f_zf when it shouldn't?
56 0x144ff95a7: shr r9b,cl
shr: value0 = 0 value1 = 0 sz = 8
diff_flags: rip = 144ff95a7 f_zf 0 -> 1;
diff_reg: rip = 144ff95a7
rax: 0xe6668424 rbx: 0x0 rcx: 0x140000000 rdx: 0x1bc2b rsi: 0x20a4 rdi: 0x44e4725a rbp: 0x7ffe0000
shr is setting it to 1 in scemu but x64dbg says it shouldn't be (should be 0)?
bswap r9w (undefined behavior/bad operand) needs to always be 0x00
RUST_BACKTRACE=1 cargo run --target x86_64-apple-darwin --release -- -6 -vvv --regs --nocolors -f /Users/brandonros/Downloads/DTS9_PatcherV.exe > output.txt{
"message": "newValue mismatch",
"i": 4,
"x64dbgLine": {
"rawLine": {
"Index": "00004",
"Address": "0000000144F84075",
"Bytes": "6644:0FB6C8",
"Disassembly": "movzx r9w,al",
"Registers": "r9: 0-> A4",
"Memory": "",
"Comments": ""
},
"rip": "144f84075",
"registerChanges": [
{
"registerName": "r9",
"previousValue": "0",
"newValue": "a4"
}
],
"memoryChanges": [
""
]
},
"scemuLine": {
"rip": "144f84075",
"registerChanges": [
{
"registerName": "r9",
"previousValue": "0",
"newValue": "8a"
}
],
"memoryChanges": []
}
},fix ROR ROl, RCL RCR
Do you need x32dbg trace to compare?
Linux User Mode Adventure
@sha0coder and I have weird, silly, sick, twisted idea from aarch64 Apple M1/M2 Mac to be able to "cross compile" to x86_64-apple-darwin Rust triple and then see how far we can get running Linux User Mode kernel ELF
https://en.wikipedia.org/wiki/User-mode_Linux
https://www.kernel.org/doc/html/v5.9/virt/uml/user_mode_linux.html
Obviously we don't expect this to actually work very far but... it'll be interesting to see how close we can get/where it will fail.
MacBook-Air:scemu brandon 2023-07-24 17:01:26 $ ./target/x86_64-apple-darwin/debug/scemu -f '/Users/brandon/Downloads/linux-user-mode/linux-6.2.2-uml-vmlinux'
use -vv to see the assembly code emulated, and -v to see the messages
initializing regs
loading memory maps
Loaded nsi.dll
4 sections base addr 0x776c0000
created pe32 map for section `.text` at 0x776c1000 size: 5624
created pe32 map for section `.data` at 0x776c3000 size: 16
created pe32 map for section `.rsrc` at 0x776c4000 size: 1008
created pe32 map for section `.reloc` at 0x776c5000 size: 88
elf64 detected.
loading map elf64 0x0 sz:0
loading map elf64.interp 0x600002a8 sz:28
loading map elf64.init.text 0x60001000 sz:104002
loading map elf64.gnu.hash 0x6001b000 sz:1228
loading map elf64.dynsym 0x6001b4d0 sz:3456
loading map elf64.dynstr 0x6001c250 sz:1336
loading map elf64.gnu.version 0x6001c788 sz:288
loading map elf64.gnu.version_r 0x6001c8a8 sz:256
loading map elf64.rela.got 0x6001c9a8 sz:48
loading map elf64.rela.bss 0x6001c9d8 sz:48
loading map elf64.rela.plt 0x6001ca08 sz:3336
loading map elf64.init 0x6001d710 sz:23
loading map elf64.plt 0x6001d730 sz:2240
loading map code 0x6001dff0 sz:3534864
loading map elf64.syscall_stub 0x6037d000 sz:246
loading map elf64.fini 0x6037d0f8 sz:9
loading map elf64.rodata 0x6037e000 sz:876192
loading map elf64.eh_frame_hdr 0x60453ea0 sz:149524
loading map elf64__ksymtab 0x604786b8 sz:74448
loading map elf64__ksymtab_gpl 0x6048a988 sz:42168
loading map elf64__ksymtab_strings 0x60494e40 sz:86019
loading map elf64__param 0x604a9e48 sz:2200
loading map elf64__modver 0x604aa6e0 sz:72
loading map elf64.notes 0x604aa728 sz:116
loading map elf64__ex_table 0x604ab000 sz:48
loading map elf64.uml.setup.init 0x604ab030 sz:240
loading map elf64.uml.help.init 0x604ab120 sz:184
loading map elf64.uml.postsetup.init 0x604ab1d8 sz:8
loading map elf64.init.setup 0x604ab1e0 sz:2256
loading map elf64.data..percpu 0x604ac000 sz:0
loading map elf64.initcall.init 0x604ac000 sz:1808
loading map elf64.con_initcall.init 0x604ac710 sz:8
loading map elf64.uml.exitcall 0x604ac718 sz:72
loading map elf64.altinstructions 0x604ac760 sz:72
loading map elf64.altinstr_replacement 0x604ac7a8 sz:15
loading map elf64.init_array 0x604ac7b8 sz:8
loading map elf64init.data 0x604ad000 sz:46400
loading map elf64.data 0x604b8540 sz:309248
loading map elf64.eh_frame 0x60503d40 sz:652764
loading map elf64.dynamic 0x605a3320 sz:496
loading map elf64.got 0x605a3510 sz:1152
loading map elf64.bss 0x605a39c0 sz:170964
loading map elf64.debug_aranges 0x0 sz:56096
loading map elf64.debug_info 0x0 sz:49673760
loading map elf64.debug_abbrev 0x0 sz:1727486
loading map elf64.debug_line 0x0 sz:6710949
loading map elf64.debug_str 0x0 sz:1390110
loading map elf64.debug_loc 0x0 sz:13190828
loading map elf64.debug_ranges 0x0 sz:3700832
loading map elf64.comment 0x0 sz:39
loading map elf64.symtab 0x0 sz:1013112
loading map elf64.strtab 0x0 sz:758203
loading map elf64.shstrtab 0x0 sz:552
thread 'main' panicked at 'range start index 1610729190 out of range for slice of length 84138344', /Users/brandon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/libscemu-0.12.9/src/emu/elf64.rs:185:43
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
MacBook-Air:scemu brandon 2023-07-24 17:01:28 $
not implemented: unimplemented register SPL
thread 'main' panicked at 'not implemented: unimplemented register SPL', src/emu/regs64.rs:970:18
stack backtrace:
0: rust_begin_unwind
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/std/src/panicking.rs:584:5
1: core::panicking::panic_fmt
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/core/src/panicking.rs:143:14
2: scemu::emu::regs64::Regs64::get_reg
3: scemu::emu::Emu::get_operand_value
4: scemu::emu::Emu::run
5: scemu::emu::Emu::load_code
6: scemu::main
just to track our latest progress
error: invalid asm template modifier for this register class
$ RUST_BACKTRACE=1 cargo run --release -- -6 -vvv -f /Users/brandonros/Downloads/DTS9_PatcherV.exe
Compiling scemu v0.4.4 (/Users/brandonros/Desktop/scemu)
error: invalid asm template modifier for this register class
--> src/emu/inline.rs:43:27
|
43 | asm!("not {:e}", inout(reg) rr);
| ^^^^ ------------- argument
| |
| template modifier
|
= note: the `reg` register class supports the following template modifiers: `w`, `x`
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:57:32
|
57 | asm!("not {}", inout(reg_byte) rr);
| ^^^^^^^^^^^^^^^^^^
error: invalid asm template modifier for this register class
--> src/emu/inline.rs:78:27
|
78 | asm!("neg {:e}", inout(reg) rr);
| ^^^^ ------------- argument
| |
| template modifier
|
= note: the `reg` register class supports the following template modifiers: `w`, `x`
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:92:32
|
92 | asm!("neg {}", inout(reg_byte) rr);
| ^^^^^^^^^^^^^^^^^^
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:110:36
|
110 | asm!("mov cl, {}", in(reg_byte) bb);
| ^^^^^^^^^^^^^^^
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:118:36
|
118 | asm!("mov cl, {}", in(reg_byte) bb);
| ^^^^^^^^^^^^^^^
error: invalid asm template modifier for this register class
--> src/emu/inline.rs:119:32
|
119 | asm!("mov eax, {:e}", in(reg) a32);
| ^^^^ ----------- argument
| |
| template modifier
|
= note: the `reg` register class supports the following template modifiers: `w`, `x`
error: invalid asm template modifier for this register class
--> src/emu/inline.rs:121:27
|
121 | asm!("mov {:e}, eax", out(reg) rr);
| ^^^^ ----------- argument
| |
| template modifier
|
= note: the `reg` register class supports the following template modifiers: `w`, `x`
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:129:36
|
129 | asm!("mov cl, {}", in(reg_byte) bb);
| ^^^^^^^^^^^^^^^
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:140:36
|
140 | asm!("mov cl, {}", in(reg_byte) bb);
| ^^^^^^^^^^^^^^^
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:141:36
|
141 | asm!("mov al, {}", in(reg_byte) a8);
| ^^^^^^^^^^^^^^^
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:143:36
|
143 | asm!("mov {}, al", out(reg_byte) rr);
| ^^^^^^^^^^^^^^^^
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:160:36
|
160 | asm!("mov cl, {}", in(reg_byte) bb);
| ^^^^^^^^^^^^^^^
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:167:36
|
167 | asm!("mov cl, {}", in(reg_byte) bb);
| ^^^^^^^^^^^^^^^
error: invalid asm template modifier for this register class
--> src/emu/inline.rs:168:27
|
168 | asm!("rol {:e}, cl", inout(reg) rr);
| ^^^^ ------------- argument
| |
| template modifier
|
= note: the `reg` register class supports the following template modifiers: `w`, `x`
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:175:36
|
175 | asm!("mov cl, {}", in(reg_byte) bb);
| ^^^^^^^^^^^^^^^
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:183:36
|
183 | asm!("mov cl, {}", in(reg_byte) bb);
| ^^^^^^^^^^^^^^^
error: invalid register class `reg_byte`: unknown register class
--> src/emu/inline.rs:184:36
|
184 | asm!("rol {}, cl", inout(reg_byte) rr);
| ^^^^^^^^^^^^^^^^^^
error: could not compile `scemu` due to 18 previous errors
rdtsc (read timestamp counter) broken
{
"i": 53,
"x64dbgLine": {
"rawLine": {
"Index": "00035",
"Address": "0000000144FF95A0",
"Bytes": "0F31",
"Disassembly": "rdtsc ",
"Registers": "rax: 100000FDFF-> E6668424 rdx: 0-> 1BC2B",
"Memory": "",
"Comments": ""
},
"rip": "144ff95a0",
"registerChanges": [
{
"registerName": "rax",
"previousValue": "100000fdff",
"newValue": "e6668424"
},
{
"registerName": "rdx",
"previousValue": "0",
"newValue": "1bc2b"
}
],
"memoryChanges": []
},
"scemuLine": {
"rawLine": "diff_reg: rip = 144ff95a0 rax 100000fdff -> 0;",
"rip": "144ff95a0",
"registerChanges": [
{
"registerName": "rax",
"previousValue": "100000fdff",
"newValue": "0"
}
],
"memoryChanges": []
},
"instructionErrors": [
{
"index": 0,
"message": "newValue mismatch",
"x64dbg": "e6668424",
"scemu": "0"
},
{
"index": 1,
"message": "unmatchedRegisterChange mismatch (x64dbg but not scemu)",
"x64dbg": "rdx"
}
]
},
thread 'main' panicked at 'attempt to subtract with overflow', src\emu.rs:1533:44
initializing regs
loading memory maps
Loaded nsi.dll
4 sections base addr 0x776c0000
created pe32 map for section .text at 0x776c1000 size: 5624
created pe32 map for section .data at 0x776c3000 size: 16
created pe32 map for section .rsrc at 0x776c4000 size: 1008
/!\ warning: raw sz:8704 off:8192 sz:512 off+sz:8704
created pe32 map for section .reloc at 0x776c5000 size: 88
thread 'main' panicked at 'attempt to subtract with overflow', src\emu.rs:1533:44
stack backtrace:
0: 0x7ff698d578af - std::backtrace_rs::backtrace::dbghelp::trace
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src....\backtrace\src\backtrace\dbghelp.rs:98
1: 0x7ff698d578af - std::backtrace_rs::backtrace::trace_unsynchronized
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src....\backtrace\src\backtrace\mod.rs:66
2: 0x7ff698d578af - std::sys_common::backtrace::_print_fmt
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\sys_common\backtrace.rs:66
3: 0x7ff698d578af - std::sys_common::backtrace::_print::impl$0::fmt
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\sys_common\backtrace.rs:45
4: 0x7ff698d6f14a - core::fmt::write
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\core\src\fmt\mod.rs:1194
5: 0x7ff698d51cd9 - std::io::Write::write_fmtstd::sys::windows::stdio::Stderr
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\io\mod.rs:1655
6: 0x7ff698d59bbb - std::sys_common::backtrace::_print
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\sys_common\backtrace.rs:48
7: 0x7ff698d59bbb - std::sys_common::backtrace::print
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\sys_common\backtrace.rs:35
8: 0x7ff698d59bbb - std::panicking::default_hook::closure$1
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panicking.rs:295
9: 0x7ff698d597ae - std::panicking::default_hook
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panicking.rs:314
10: 0x7ff698d5a1b1 - std::panicking::rust_panic_with_hook
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panicking.rs:698
11: 0x7ff698d5a032 - std::panicking::begin_panic_handler::closure$0
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panicking.rs:586
12: 0x7ff698d581b7 - std::sys_common::backtrace::__rust_end_short_backtracestd::panicking::begin_panic_handler::closure_env$0,never$
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\sys_common\backtrace.rs:138
13: 0x7ff698d59d49 - std::panicking::begin_panic_handler
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panicking.rs:584
14: 0x7ff698d77b75 - core::panicking::panic_fmt
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\core\src\panicking.rs:143
15: 0x7ff698d77a1c - core::panicking::panic
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\core\src\panicking.rs:48
16: 0x7ff698919327 - scemu::emu::Emu::shld
at D:\Users\fix\Documents\GitHub\scemu\src\emu.rs:1533
17: 0x7ff698910545 - scemu::emu::Emu::init_tests
at D:\Users\fix\Documents\GitHub\scemu\src\emu.rs:561
18: 0x7ff69890e5bf - scemu::emu::Emu::init
at D:\Users\fix\Documents\GitHub\scemu\src\emu.rs:191
19: 0x7ff6988af422 - scemu::main
at D:\Users\fix\Documents\GitHub\scemu\src\main.rs:189
20: 0x7ff69896b63b - core::ops::function::FnOnce::call_once<void ()(),tuple$<> >
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\library\core\src\ops\function.rs:227
21: 0x7ff6988d90fb - std::sys_common::backtrace::__rust_begin_short_backtrace<void ()(),tuple$<> >
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\library\std\src\sys_common\backtrace.rs:122
22: 0x7ff69896f521 - std::rt::lang_start::closure$0<tuple$<> >
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\library\std\src\rt.rs:145
23: 0x7ff698d4b47e - core::ops::function::impls::impl$2::call_once
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\library\core\src\ops\function.rs:259
24: 0x7ff698d4b47e - std::panicking::try::do_call
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panicking.rs:492
25: 0x7ff698d4b47e - std::panicking::try
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panicking.rs:456
26: 0x7ff698d4b47e - std::panic::catch_unwind
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panic.rs:137
27: 0x7ff698d4b47e - std::rt::lang_start_internal::closure$2
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\rt.rs:128
28: 0x7ff698d4b47e - std::panicking::try::do_call
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panicking.rs:492
29: 0x7ff698d4b47e - std::panicking::try
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panicking.rs:456
30: 0x7ff698d4b47e - std::panic::catch_unwind
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\panic.rs:137
31: 0x7ff698d4b47e - std::rt::lang_start_internal
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library\std\src\rt.rs:128
32: 0x7ff69896f4ef - std::rt::lang_start<tuple$<> >
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\library\std\src\rt.rs:144
33: 0x7ff6988afb96 - main
34: 0x7ff698d75b7c - invoke_main
at D:\a_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
35: 0x7ff698d75b7c - __scrt_common_main_seh
at D:\a_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
36: 0x7ffecc7a6fd4 - BaseThreadInitThunk
37: 0x7ffeccb3cec1 - RtlUserThreadStart
thread 'main' panicked at 'cannot found the library WINSPOOL.DRV on maps32/', src/emu/pe32.rs:848:17
thread 'main' panicked at 'cannot found the library WINSPOOL.DRV on maps32/', src/emu/pe32.rs:848:17
stack backtrace:
0: rust_begin_unwind
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/std/src/panicking.rs:584:5
1: core::panicking::panic_fmt
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/core/src/panicking.rs:143:14
2: scemu::emu::pe32::PE32::iat_binding
3: scemu::emu::Emu::load_pe32
4: scemu::main
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
TLS callbacks not being executed
$ RUST_BACKTRACE=1 cargo run --release -- -vv -6 -f /Users/brandonros/Downloads/redacted.exe
Finished release [optimized] target(s) in 0.04s
Running `target/release/scemu -vv -6 -f /Users/brandonros/Downloads/redacted.exe`
initializing regs
loading memory maps
memory test Ok.
PE64 header detected.
no import directory at va 0xc4f.
IAT Bound started ...
IAT Bound.
Loaded /Users/brandonros/Downloads/redacted.exe
11 sections base addr 0x140000000
created pe32 map for section `.text` at 0x140001000 size: 10524854
entry point at 0x144901722 0x4901722
created pe32 map for section `.rdata` at 0x140a0b000 size: 32899160
created pe32 map for section `.data` at 0x14296c000 size: 371428
created pe32 map for section `.pdata` at 0x1429c7000 size: 232872
created pe32 map for section `.qtmetad` at 0x142a00000 size: 1334
created pe32 map for section `.qtmimed` at 0x142a01000 size: 322789
created pe32 map for section `.tls` at 0x142a50000 size: 24
created pe32 map for section `.jPc0` at 0x142a51000 size: 5392274
created pe32 map for section `.jPc1` at 0x142f76000 size: 6456
created pe32 map for section `.jPc2` at 0x142f78000 size: 34504780
/!\ warning: raw sz:34786304 off:34512896 sz:273408 off+sz:34786304
created pe32 map for section `.rsrc` at 0x145061000 size: 273368
----- emulation -----
1 0x144901722: push 0FFFFFFFFA2F395ECh ;0xffffffffa2f395ec
2 0x144901727: call 0000000144F2FAF1h
3 0x144f2faf1: push r11 ;0x0
4 0x144f2faf3: movzx r11,sp
5 0x144f2faf7: push rbx ;0xda6f566156ae77e1
6 0x144f2faf8: movsx ebx,si
7 0x144f2fafb: push rax ;0x7b106ba6af5f7353
8 0x144f2fafc: pushfq
9 0x144f2fafd: rcr bx,cl
10 0x144f2fb00: cmc
11 0x144f2fb01: bsf ebx,r15d
12 0x144f2fb05: push rsi ;0x3105dab61acd9c89
13 0x144f2fb06: push rdi ;0xf7b3fc465af8e94
14 0x144f2fb07: clc
15 0x144f2fb08: shld r11w,r14w,46h
16 0x144f2fb0e: shr rbx,94h
17 0x144f2fb12: push rbp ;0x22f000
18 0x144f2fb13: push r8 ;0x0
19 0x144f2fb15: push r13 ;0x0
20 0x144f2fb17: cmp r13b,0D6h
cmp: 0x0 < 0xd6
21 0x144f2fb1b: push r14 ;0x0
22 0x144f2fb1d: btc si,16h
23 0x144f2fb22: cmp rbx,4AD720F8h
cmp: 0x0 < 0x4ad720f8
24 0x144f2fb29: push r15 ;0x0
25 0x144f2fb2b: push r12 ;0x0
26 0x144f2fb2d: shl sil,cl
27 0x144f2fb30: inc si
28 0x144f2fb33: push r10 ;0x0
29 0x144f2fb35: btr bx,4Fh
30 0x144f2fb3a: push rcx ;0x1e52b41f0aaefa99
31 0x144f2fb3b: push rdx ;0x52f6cbf049453185
32 0x144f2fb3c: sar eax,cl
33 0x144f2fb3e: push r9 ;0x0
34 0x144f2fb40: xchg dh,bh
35 0x144f2fb42: shl rdx,cl
36 0x144f2fb45: cwd
37 0x144f2fb47: mov r9,0
38 0x144f2fb51: cmova bx,di
39 0x144f2fb55: push r9 ;0x0
40 0x144f2fb57: sar r11w,0A9h
41 0x144f2fb5c: cmc
42 0x144f2fb5d: mov rsi,[rsp+90h]
43 0x144f2fb65: rcr r11,0C3h
44 0x144f2fb69: add esi,7EF34DA5h
45 0x144f2fb6f: cqo
46 0x144f2fb71: rcl dx,69h
47 0x144f2fb75: rol esi,2
48 0x144f2fb78: movzx edx,bp
49 0x144f2fb7b: rdtsc
50 0x144f2fb7d: bswap esi
51 0x144f2fb7f: movsx r11d,bp
52 0x144f2fb83: cmovnp ebx,r15d
53 0x144f2fb87: inc esi
54 0x144f2fb89: movsx r8w,bl
55 0x144f2fb8e: btc r8w,r8w
56 0x144f2fb93: add rsi,r9
57 0x144f2fb96: mov r9,100000000h
58 0x144f2fba0: ror r8,cl
59 0x144f2fba3: rcr r8b,48h
60 0x144f2fba7: lea rsi,[rsi+r9]
61 0x144f2fbab: test di,17CEh
62 0x144f2fbb0: clc
63 0x144f2fbb1: bt r8,0CDh
64 0x144f2fbb6: mov rbx,rsp
65 0x144f2fbb9: dec r11b
66 0x144f2fbbc: sub rsp,180h
67 0x144f2fbc3: or r11b,3Ch
68 0x144f2fbc7: shl r11,cl
69 0x144f2fbca: and rsp,0FFFFFFFFFFFFFFF0h
70 0x144f2fbd1: bsr dx,dx
71 0x144f2fbd5: xor al,r14b
72 0x144f2fbd8: shrd ax,r9w,0FBh
73 0x144f2fbde: mov r11,rsi
74 0x144f2fbe1: xadd r8b,dl
75 0x144f2fbe5: mov rdx,0
76 0x144f2fbef: bswap r8d
77 0x144f2fbf2: shl rax,cl
78 0x144f2fbf5: sub r11,rdx
79 0x144f2fbf8: lea r8,[144F2FBF8h]
80 0x144f2fbff: cwde
81 0x144f2fc00: ror ax,cl
82 0x144f2fc03: sub rsi,4
83 0x144f2fc0a: add al,0A8h
84 0x144f2fc0c: movsx eax,bp
85 0x144f2fc0f: movzx eax,di
86 0x144f2fc12: mov eax,[rsi]
/!\ error dereferencing dword on 0x22718e41
exception without any SEH handler nor vector configured.
shrd ax, sp, D4 broken
{
"i": 32,
"x64dbgLine": {
"rawLine": {
"Index": "00020",
"Address": "0000000144FF954F",
"Bytes": "66:0FACE0 D4",
"Disassembly": "shrd ax,sp,D4",
"Registers": "rax: 1448A76A4-> 1448A4F43",
"Memory": "",
"Comments": ""
},
"rip": "144ff954f",
"registerChanges": [
{
"registerName": "rax",
"previousValue": "1448a76a4",
"newValue": "1448a4f43"
}
],
"memoryChanges": []
},
"scemuLine": {
"rawLine": "diff_reg: rip = 144ff954f",
"rip": "144ff954f",
"registerChanges": [],
"memoryChanges": []
},
"instructionErrors": [
{
"index": 0,
"message": "unmatchedRegisterChange mismatch (x64dbg but not scemu)",
"x64dbg": "rax"
}
]
},
bsf (bit scan forward) broken
{
"i": 70,
"x64dbgLine": {
"rawLine": {
"Index": "00046",
"Address": "0000000144FF95E9",
"Bytes": "49:0FBCED",
"Disassembly": "bsf rbp,r13",
"Registers": "",
"Memory": "",
"Comments": ""
},
"rip": "144ff95e9",
"registerChanges": [],
"memoryChanges": []
},
"scemuLine": {
"rawLine": "diff_reg: rip = 144ff95e9 rbp 7ffe0624 -> 3f;",
"rip": "144ff95e9",
"registerChanges": [
{
"registerName": "rbp",
"previousValue": "7ffe0624",
"newValue": "3f"
}
],
"memoryChanges": []
},
"instructionErrors": [
{
"index": 0,
"message": "unmatchedRegisterChange mismatch (scemu but not x64dbg)",
"scemu": "rbp"
}
]
},
rol incorrectly setting f_zf 1 -> 0
73 0x144ff95f0: rol bpl,91h
diff_flags: rip = 144ff95f0 f_zf 1 -> 0;
diff_reg: rip = 144ff95f0 rbp 7ffe0624 -> 7ffe0648;
rax: 0xe6660624 rbx: 0x0 rcx: 0x140000000 rdx: 0x100000000 rsi: 0x14f410 rdi: 0x144e4725a rbp: 0x7ffe0648
lahf broken
{
"i": 43,
"x64dbgLine": {
"rawLine": {
"Index": "0002B",
"Address": "0000000144FF9577",
"Bytes": "9F",
"Disassembly": "lahf ",
"Registers": "rax: 0-> 200",
"Memory": "",
"Comments": ""
},
"rip": "144ff9577",
"registerChanges": [
{
"registerName": "rax",
"previousValue": "0",
"newValue": "200"
}
],
"memoryChanges": []
},
"scemuLine": {
"rawLine": "diff_reg: rip = 144ff9577 rax 0 -> 400;",
"rip": "144ff9577",
"registerChanges": [
{
"registerName": "rax",
"previousValue": "0",
"newValue": "400"
}
],
"memoryChanges": []
},
"instructionErrors": [
{
"index": 0,
"message": "newValue mismatch",
"x64dbg": "200",
"scemu": "400"
},
{
"index": 0,
"message": "newValue mismatch",
"x64dbg": "200",
"scemu": "400"
}
]
},
thread 'main' panicked at 'attempt to subtract with overflow', src\emu.rs:1512:40
C:\Users\Brandon\Desktop\scemu>cargo run -- --64bits -f C:\Users\Brandon\Desktop\redacted.exe
Finished dev [unoptimized + debuginfo] target(s) in 0.15s
Running `target\debug\scemu.exe --64bits -f C:\Users\Brandon\Desktop\redacted.exe`
use -vv to see the assembly code emulated, and -v to see the messages
initializing regs
loading memory maps
thread 'main' panicked at 'attempt to subtract with overflow', src\emu.rs:1512:40
stack backtrace:
0: 0x7ff708f0174f - std::backtrace_rs::backtrace::dbghelp::trace
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\..\..\backtrace\src\backtrace\dbghelp.rs:98
1: 0x7ff708f0174f - std::backtrace_rs::backtrace::trace_unsynchronized
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\..\..\backtrace\src\backtrace\mod.rs:66
2: 0x7ff708f0174f - std::sys_common::backtrace::_print_fmt
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\sys_common\backtrace.rs:66
3: 0x7ff708f0174f - std::sys_common::backtrace::_print::impl$0::fmt
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\sys_common\backtrace.rs:45
4: 0x7ff708f18fea - core::fmt::write
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\core\src\fmt\mod.rs:1194
5: 0x7ff708efbb79 - std::io::Write::write_fmt<std::sys::windows::stdio::Stderr>
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\io\mod.rs:1655
6: 0x7ff708f03a5b - std::sys_common::backtrace::_print
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\sys_common\backtrace.rs:48
7: 0x7ff708f03a5b - std::sys_common::backtrace::print
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\sys_common\backtrace.rs:35
8: 0x7ff708f03a5b - std::panicking::default_hook::closure$1
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panicking.rs:295
9: 0x7ff708f0364e - std::panicking::default_hook
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panicking.rs:314
10: 0x7ff708f04051 - std::panicking::rust_panic_with_hook
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panicking.rs:698
11: 0x7ff708f03ed2 - std::panicking::begin_panic_handler::closure$0
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panicking.rs:586
12: 0x7ff708f02057 - std::sys_common::backtrace::__rust_end_short_backtrace<std::panicking::begin_panic_handler::closure_env$0,never$>
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\sys_common\backtrace.rs:138
13: 0x7ff708f03be9 - std::panicking::begin_panic_handler
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panicking.rs:584
14: 0x7ff708f21a05 - core::panicking::panic_fmt
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\core\src\panicking.rs:143
15: 0x7ff708f218ac - core::panicking::panic
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\core\src\panicking.rs:48
16: 0x7ff708b17a62 - scemu::emu::Emu::shld
at C:\Users\Brandon\Desktop\scemu\src\emu.rs:1512
17: 0x7ff708b0ee0a - scemu::emu::Emu::init_tests
at C:\Users\Brandon\Desktop\scemu\src\emu.rs:547
18: 0x7ff708b0cfdf - scemu::emu::Emu::init
at C:\Users\Brandon\Desktop\scemu\src\emu.rs:189
19: 0x7ff708acb51d - scemu::main
at C:\Users\Brandon\Desktop\scemu\src\main.rs:196
20: 0x7ff708a6542b - core::ops::function::FnOnce::call_once<void (*)(),tuple$<> >
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\library\core\src\ops\function.rs:227
21: 0x7ff708a5d43b - std::sys_common::backtrace::__rust_begin_short_backtrace<void (*)(),tuple$<> >
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\library\std\src\sys_common\backtrace.rs:122
22: 0x7ff708af39a1 - std::rt::lang_start::closure$0<tuple$<> >
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\library\std\src\rt.rs:145
23: 0x7ff708ef53ce - core::ops::function::impls::impl$2::call_once
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\library\core\src\ops\function.rs:259
24: 0x7ff708ef53ce - std::panicking::try::do_call
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panicking.rs:492
25: 0x7ff708ef53ce - std::panicking::try
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panicking.rs:456
26: 0x7ff708ef53ce - std::panic::catch_unwind
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panic.rs:137
27: 0x7ff708ef53ce - std::rt::lang_start_internal::closure$2
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\rt.rs:128
28: 0x7ff708ef53ce - std::panicking::try::do_call
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panicking.rs:492
29: 0x7ff708ef53ce - std::panicking::try
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panicking.rs:456
30: 0x7ff708ef53ce - std::panic::catch_unwind
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\panic.rs:137
31: 0x7ff708ef53ce - std::rt::lang_start_internal
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\/library\std\src\rt.rs:128
32: 0x7ff708af396f - std::rt::lang_start<tuple$<> >
at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e\library\std\src\rt.rs:144
33: 0x7ff708acbcc6 - main
34: 0x7ff708f1fa1c - invoke_main
at D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
35: 0x7ff708f1fa1c - __scrt_common_main_seh
at D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
36: 0x7ff862b87034 - BaseThreadInitThunk
37: 0x7ff8643e2651 - RtlUserThreadStart
error: process didn't exit successfully: `target\debug\scemu.exe --64bits -f C:\Users\Brandon\Desktop\redacted.exe` (exit code: 101)
fix neg64 + neg32 + sar + rep movsb
cleaning up from #14
RUST_BACKTRACE=1 cargo run --release -- -6 -vvv -f /Users/brandonros/Downloads/DTS9_PatcherV.exe
1354 0x144fad176: ret ; ret-addr: 0x1a2aa2115 ret-value: 0x5db9bfa4 let me see where that gets us on x64dbg
no way we can implement qemu testing of instructions easily + performantly, right?
pre-registers: rax: 0x4dbdd49 rbx: 0x0 rcx: 0x704f43db rdx: 0x100000000 rsi: 0x22dfe8 rdi: 0x144e471df rbp: 0x144f06171 rsp: 0x22dde0 rip: 0x14501058e
1338 0x14501058e: xor eax,596262EDh
post-registers: rax: 0x5db9bfa4 rbx: 0x0 rcx: 0x704f43db rdx: 0x100000000 rsi: 0x22dfe8 rdi: 0x144e471df rbp: 0x144f06171 rsp: 0x22dde0 rip: 0x14501058e
it's kind of worse than that because by the time we get to 14501058E rax is already wrong
I did very gross stuff (not PR worth) to your code where I talk pre-op reg + post-op reg and diff them
536 | 0000000144EE03AE | FFC8 | dec eax | rax: 5968D677-> 5968D676 | |
eax is wrong by the time we are here
this helps me track back against x64dbg trace
diff_reg: rip = 144f558ed rax ff98 -> ffffff98; good
diff_reg: rip = 144f558f5 rax ffffff98 -> 9b4a3d0; good
diff_reg: rip = 144f558fb rax 9b4a3d0 -> c43cb9ae; bad, should be F089AEA9
diff_reg: rip = 144f558fe rax c43cb9ae -> bafb4f23;
diff_reg: rip = 144f55903 rax bafb4f23 -> 4504b0dd;
diff_reg: rip = 144fcbe78 rax 4504b0dd -> 4504b0de;
diff_reg: rip = 144fcbe7f rax 4504b0de -> 4dbdd4a;
diff_reg: rip = 144ee03ae rax 4dbdd4a -> 4dbdd49;
diff_reg: rip = 14501058e rax 4dbdd49 -> 5db9bfa4;
so now problem with r11d? from 144F558FB
0000000144F558FB | 41:33C3 | xor eax,r11d |
Error in make process
When I do make after the git clone:
cargo build --release
Updating crates.io index
error: no matching package named libscemu found
location searched: registry crates-io
required by package scemu v0.5.2 (/root/Downloads/scemu/target/release/scemu)
make: *** [Makefile:2: all] Error 101
Error (I can send the shellcode but only in private)
use -vv to see the assembly code emulated, and -v to see the messages
initializing regs
loading memory maps
memory test Ok.
----- emulation -----
**** 277666 kernel32!VirtualAlloc sz: 524287 addr: 0x80063**
thread 'main' panicked at 'not implemented: /!\ kernel32!LoadLibraryA: lib not found dnsapi dllptr:0x22dff4', src/emu/winapi32/kernel32.rs:195:18
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
=====================================
initializing regs
loading memory maps
memory test Ok.
----- emulation -----
/!\ poping a code address 0x3c0006
15 Reading PEB 0x7ffdf000
/!\ poping a code address 0x3c00a9
/!\ changing EIP to kernel32_text
** 277666 kernel32!VirtualAlloc sz: 524287 addr: 0x80063
277681 Reading PEB 0x7ffdf000
/!\ poping a code address 0x3c00c3
/!\ changing EIP to kernel32_text
thread 'main' panicked at 'not implemented: /!\ kernel32!LoadLibraryA: lib not found dnsapi dllptr:0x22dff4', src/emu/winapi32/kernel32.rs:195:18
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
suggestion: kernel impl
In some time this git will have any kind of fully kernel emulation or something like that?
Ik this is a lot more deep but it will be a lot interesting to have or know if it will happen or not sometime
Thanks for your time reading my suggestion!
cdq in 64-bit mode broken for 32-bit registers
x86_64 CWD/CDQ/CQO โ Convert Word to Doubleword/Convert Doubleword to Quadword not implemented
https://www.felixcloutier.com/x86/cwd:cdq:cqo
RUST_BACKTRACE=1 cargo run --release -- -6 -f /Users/brandonros/Downloads/redacted.exe
Compiling scemu v0.4.0 (/Users/brandonros/Desktop/scemu)
Finished release [optimized] target(s) in 6.34s
Running `target/release/scemu -6 -f /Users/brandonros/Downloads/redacted.exe`
use -vv to see the assembly code emulated, and -v to see the messages
initializing regs
loading memory maps
memory test Ok.
PE64 header detected.
no import directory at va 0xc4f.
IAT Bound started ...
IAT Bound.
Loaded /Users/brandonros/Downloads/redacted.exe
11 sections base addr 0x140000000
created pe32 map for section `.text` at 0x140001000 size: 10524854
entry point at 0x144901722 0x4901722
created pe32 map for section `.rdata` at 0x140a0b000 size: 32899160
created pe32 map for section `.data` at 0x14296c000 size: 371428
created pe32 map for section `.pdata` at 0x1429c7000 size: 232872
created pe32 map for section `.qtmetad` at 0x142a00000 size: 1334
created pe32 map for section `.qtmimed` at 0x142a01000 size: 322789
created pe32 map for section `.tls` at 0x142a50000 size: 24
created pe32 map for section `.jPc0` at 0x142a51000 size: 5392274
created pe32 map for section `.jPc1` at 0x142f76000 size: 6456
created pe32 map for section `.jPc2` at 0x142f78000 size: 34504780
/!\ warning: raw sz:34786304 off:34512896 sz:273408 off+sz:34786304
created pe32 map for section `.rsrc` at 0x145061000 size: 273368
----- emulation -----
36 0x144f2fb45: cwd
unimplemented or invalid instruction.
--- console ---
Sorry, that one sounds painful/not fun.
Any thoughts regarding an scemu lib?
Hi,
Thanks for making and releasing this! Being as light weight and fast as this is I'm thinking of using it in a lil project that needs to analyze some chunks of iced-x86 disassembled code and then read some register values. It works fine from the command line for exploration but would be nicer (in my case) to use as a lib where I could run and then query the state as needed. I was thinking of just pulling out the non console oriented bits but thought you might want to know that there is a use-case for your code as a lib as an alternative to working with the likes of unicorn within other projects.
It looks like you kept the code nicely separated... is it possible you already had that thought and have some input on why it would/wouldn't be a good thing to do?
thread 'main' panicked at 'no import directory at va 0x0', src\emu\pe32.rs:634:13
vs 2022 build 64bits exe
cargo build --release
Finished release [optimized] target(s) in 0.08s
target\release\scemu.exe --64bits -f exe.exe
use -vv to see the assembly code emulated, and -v to see the messages
initializing regs
loading memory maps
memory test Ok.
PE32 header detected.
thread 'main' panicked at 'no import directory at va 0x0', src\emu\pe32.rs:634:13
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
detect if we are piping to a file and do not pop console if so at end
leads to awkward behavior in my opinion
pushfq unimplemented
RUST_BACKTRACE=1 cargo run --release -- -6 -f /Users/brandonros/Downloads/redacted.exe
Finished release [optimized] target(s) in 0.01s
Running `target/release/scemu -6 -f /Users/brandonros/Downloads/redacted.exe`
use -vv to see the assembly code emulated, and -v to see the messages
initializing regs
loading memory maps
memory test Ok.
PE64 header detected.
no import directory at va 0xc4f.
IAT Bound started ...
IAT Bound.
Loaded /Users/brandonros/Downloads/redacted.exe
11 sections base addr 0x140000000
created pe32 map for section `.text` at 0x140001000 size: 10524854
entry point at 0x144901722 0x4901722
created pe32 map for section `.rdata` at 0x140a0b000 size: 32899160
created pe32 map for section `.data` at 0x14296c000 size: 371428
created pe32 map for section `.pdata` at 0x1429c7000 size: 232872
created pe32 map for section `.qtmetad` at 0x142a00000 size: 1334
created pe32 map for section `.qtmimed` at 0x142a01000 size: 322789
created pe32 map for section `.tls` at 0x142a50000 size: 24
created pe32 map for section `.jPc0` at 0x142a51000 size: 5392274
created pe32 map for section `.jPc1` at 0x142f76000 size: 6456
created pe32 map for section `.jPc2` at 0x142f78000 size: 34504780
/!\ warning: raw sz:34786304 off:34512896 sz:273408 off+sz:34786304
created pe32 map for section `.rsrc` at 0x145061000 size: 273368
----- emulation -----
8 0x144f2fafc: pushfq
unimplemented or invalid instruction.
--- console ---
=>
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.