Any thoughts regarding an scemu lib? about scemu HOT 14 CLOSED

Just wanted to let you know that my simple use for this seems to work. I wrapped pretty much all of the outputs with verbose tests and fiddled around with returning instead of termination/console spawning but it wasn't bad at all.

I initialize once and then re-use it to load chunks and get my value.

fn init_emu() -> Emu {
    let map_path = PathBuf::from("./src/client_commands/emu/maps64")
        .as_os_str()
        .to_str()
        .unwrap()
        .to_string();

    let mut emu = Emu::new();
    let mut cfg = emu::Config::new();
    cfg.maps_folder = map_path;
    cfg.is_64bits = true;
    emu.set_config(cfg);
    emu.init();

    emu
}

fn get_code(
    emu: &mut Emu,
    code_bytes: &[u8],
    start_addr: u64,
    stop_addr: u64,
) -> Result<u32, Box<dyn std::error::Error>> {
    emu.cfg.code_base_addr = start_addr;
    emu.cfg.entry_point = start_addr;
    emu.cfg.console_addr = stop_addr;

    emu.regs.clear::<64>();
    emu.load_code_bytes(code_bytes);
    emu.run();

    let code: u32 = emu.regs.get_r8d().try_into()?;
    Ok(code)
}

from scemu.

Hello Thell, looks really interesting this would allow the people do their implementations, I thought about doing a scripting language for automating the binary analysis, but for now I'm busy implementing more API, and windows internals, and I also have to implement 64bits PE loading.

I'm focused on using this for malware analysis mainly, the most automatically possible, but for sure can be used for other purposes and also can be forked to do cool modifications.

from scemu.

I adapted the code a bit for being used programatically. People can modify the main.rs and emulate specific malware functions.

I managed to generate the crypto-key of Xloader malware with a program using scemu :)

from scemu.

Cool! I'll have to take a look at that.
And this reminds me that one other thing I ended up doing while using scemu as a lib was to make the maps embed into the executable so it'd be usable without install dependencies. I used RustEmbed and it worked nicely. Since only the x64 was needed I used...

use rust_embed::RustEmbed;
#[derive(RustEmbed)]
#[folder = "src/client_commands/emu/maps64"]
struct EmuAsset;

from scemu.

from scemu.

I have the lib in local ok passing tests for 32bits and 64bits with the embedding thing working ok.
Im going to publish it soon.

from scemu.

crates.io don't allow that size, probably because of the maps.
"the remote server responded with an error: max upload size is: 10485760"

from scemu.

To use the lib, the developer will have to download the maps from a github release maps32.zip and maps64.zip and put them on specific place.
Is the unique solution i see :/

from scemu.

https://crates.io/crates/libscemu

from scemu.

Could the embed be compressed?

from scemu.

yes i could embed just two zips and decompress from rust, but it would make slower the initialization. And not sure if fits the size allowed on crates.io

from scemu.

btw there is a bug in github and all my commits appear like the user wit00 by error, when github will solve the ticket i will publish the code of the lib.

from scemu.

https://github.com/sha0coder/libscemu

from scemu.

🥳 Looking forward to trying it out!
I guess we can close this now... woot!

from scemu.