{"id":13746482,"url":"https://github.com/alexhude/uemu","last_synced_at":"2025-04-08T10:31:05.436Z","repository":{"id":46137504,"uuid":"99681457","full_name":"alexhude/uEmu","owner":"alexhude","description":"Tiny cute emulator plugin for IDA based on unicorn.","archived":false,"fork":false,"pushed_at":"2024-08-13T10:50:52.000Z","size":2021,"stargazers_count":1151,"open_issues_count":5,"forks_count":179,"subscribers_count":41,"default_branch":"master","last_synced_at":"2025-03-25T06:17:13.637Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alexhude.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-08-08T10:37:23.000Z","updated_at":"2025-03-24T02:40:57.000Z","dependencies_parsed_at":"2024-10-25T05:26:57.775Z","dependency_job_id":"c7e54b9f-0972-413c-8351-3eb2a8bf03d2","html_url":"https://github.com/alexhude/uEmu","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexhude%2FuEmu","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexhude%2FuEmu/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexhude%2FuEmu/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexhude%2FuEmu/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alexhude","download_url":"https://codeload.github.com/alexhude/uEmu/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246612903,"owners_count":20805446,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T06:00:54.355Z","updated_at":"2025-04-01T09:22:56.387Z","avatar_url":"https://github.com/alexhude.png","language":"Python","funding_links":[],"categories":["使用","\u003ca id=\"b38dab81610be087bd5bc7785269b8cc\"\u003e\u003c/a\u003e模拟器集成"],"sub_categories":["\u003ca id=\"b38dab81610be087bd5bc7785269b8cc\"\u003e\u003c/a\u003e模拟器集成","\u003ca id=\"1c698e298f6112a86c12881fbd8173c7\"\u003e\u003c/a\u003eSwift"],"readme":"## Overview\n\n**uEmu** is a tiny cute emulator plugin for IDA based on unicorn engine.\n\nSupports following architectures out of the box: **x86**, **x64**, **ARM**, **ARM64**, **MIPS**, **MIPS64**\n\n![](./Resources/screenshots/doc_overview.png)\n\n### What is it GOOD for?\n\n- Emulate bare metal code (bootloaders, embedded firmware etc)\n- Emulate standalone functions\n\n### What is it BAD for?\n\n- Emulate complex OS code (dynamic libraries, processes etc)\n- Emulate code with many syscalls\n\n### What can be improved?\n\n- Find a way to emulate vendor specific register access (like `MSR S3_x, X0` for ARM64)\n- Add more registers to track\n\n## Installation\n\n- Configure IDAPython via [`idapyswitch`](https://github.com/idapython/src/blob/master/README_python3.txt)\n- `brew install unicorn` to install Unicorn binaries\n- `pip install unicorn` to install Unicorn python bindings\n- Use `File / Script file...` or `ALT+F7` in IDA to load **uEmu.py**\n\nOptionally **uEmu** can be loaded automatically as IDA plugin. In this case put it into [IDA]/Plugins folder and change `USE_AS_SCRIPT` to `False` inside **uEmu.py**\n\n## Features\n\n### Popup Menu\n\n![](./Resources/screenshots/doc_popup.png)\n\n- **Start** command initializes emulator by mapping all segments and setting up Unicorn\n- **Run** command emulates instructions until breakpoint is reached or error occurs\n- **Step** emulates one or N instruction (hold `ALT`/`OPTION` to specify a number)\n- **Stop** interrupts emulation\n- **Reset** resets emulation engine and unmaps all memory regions\n- **Jump To PC** simply jumps to current PC\n- **Set PC** moves PC to cursor\n- It is possible to **Update CPU Context** manually or via JSON file (see below)\n- **Show Controls** displays window with Start/Run/Step/Stop buttons\n- **Show CPU Context** displays window with available registers\n- **Show CPU Extended Context** displays window with extended registers (FP/SIMD)\n- **Show Stack** displays window with current Stack\n- **Show Memory Range** allows to display specific memory region\n\n### Start\n\nStart emulation from cursor. It is necessary to provide initial CPU context first (see _Update CPU Context_)\nAfter that all segments from IDA database will be mapped to emulator (initialized data will be copied as well).\n\n### Run\n\nExecute code until code or memory breakpoint is reached or there is an event which requires user action.\n\n### Step\n\nPerform a single step execution. Hold `ALT`/`OPTION` to specify number of steps to perform.\n\n![](./Resources/screenshots/doc_stepcnt.png)\n\n### Stop\n\nWhen emulation is in progress this command can be used to interrupt execution.\n\n### Reset\n\nResets emulator instance and unmaps all memory regions.\n\n### Breakpoints\n\nYou can use IDA breakpoints to indicate locations where emulation should be interrupted. \nThis includes code and memory breakpoints.\nUsually used together with **Run** command.\n\n### Runtime actions\n\n#### Unmapped memory\n\nWhen emulator needs to access memory which is not yet mapped, plugin will show a following dialog.\n\n![](./Resources/screenshots/doc_actmap.png)\n\n- Press **YES** to provide memory dump to be loaded to memory.\n\n![](./Resources/screenshots/doc_mapbin.png)\n\n- Press **NO** to map one empty page (0x1000) filled with zeroes\n- Press **Cancel** to stop emulation\n\n#### Unknown instructions\n\nWhen emulator runs into unknown instruction it is possible to skip it and restore CPU context manually.\n\n![](./Resources/screenshots/doc_actins.png)\n\n### Views\n\n#### Controls\n\nJust a panel to control execution.\n\n![](./Resources/screenshots/doc_controls.png)\n\n#### CPU Context\n\nCurrent CPU context.\n\n![](./Resources/screenshots/doc_regview.png)\n\nEvery time emulation stops, changed registers will be highlighted. Registers can be displayed in 1, 2 or 3 columns via popup menu.\n\nIt is possible to update CPU context via popup menu (see below).\n\n#### CPU Extended Context\n\nCurrent CPU Extended context.\n\n![](./Resources/screenshots/doc_regexview.png)\n\nEvery time emulation stops, changed registers will be highlighted. Registers can be displayed in 1, 2 or 3 columns via popup menu.\n\nIt is possible to update CPU context via popup menu (see below).\n\n\n#### Memory\n\nUse this view to observe memory regions for specified address and size. Comment will be displayed in a title for convenience.\n\n![](./Resources/screenshots/doc_showmem.png)\n\nEvery time emulation stops, changed memory blocks will be highlighted.\n\n![](./Resources/screenshots/doc_memview.png)\n\n### Update CPU Context\n\nRegister Values can be changed individually or all at once with JSON file via popup menu.\nCurrent context can also be saved in JSON file for future use.\n\n![](./Resources/screenshots/doc_changectx.png)\n\n![](./Resources/screenshots/doc_regupdate.png)![](./Resources/screenshots/doc_regexupdate.png)\n\n### Main Plugin Menu\n\nApart from all the functions listed in Popup Menu, there are couple of new commands.\n\n![](./Resources/screenshots/doc_main.png)\n\n#### Show Mapped Memory\n\nDisplay all mapped regions. Use popup menu to display memory for particular region or dump it to a file.\n\n![](./Resources/screenshots/doc_mappedmem.png)\n\n#### Fetch Segments\n\nThis command tries to sync IDA segments with mapped memory by creating new mappings or merging with existing ones if possible.\nThis helps to add new IDA segments to emulator in runtime without restarting emulator.\n\n#### Load Project\n\nLoad uEmu state from file.\n\n#### Save Project\n\nSave uEmu state to file.\nPlease note that only registers defined in a plugin are saved.\n\n#### Settings\n\n- **Follow PC** scrolls IDA View to current PC during emulation\n- **Convert to Code automatically** is IDA data under cursor is not code\n- **Trace instructions** prints every instruction emulator is executing\n- **Lazy mapping** adds pages on demand instead of maping all existing regions on start\n\n![](./Resources/screenshots/doc_settings.png)\n\n## Extensions\n\nIt is also possible to add new functionality or build your project on top of **uEmu** using extension system.  \nPlease find description with example [here](./Extensions/README.md)\n\n* [**crauEmu**](https://github.com/DSecurity/crauEmu) - extension for developing and analyzing payloads for code-reuse attacks.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexhude%2Fuemu","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falexhude%2Fuemu","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexhude%2Fuemu/lists"}