{"id":13746435,"url":"https://github.com/cseagle/sk3wldbg","last_synced_at":"2025-05-09T07:30:49.853Z","repository":{"id":81453182,"uuid":"56670353","full_name":"cseagle/sk3wldbg","owner":"cseagle","description":"Debugger plugin for IDA Pro backed by the Unicorn Engine","archived":false,"fork":false,"pushed_at":"2024-06-20T17:21:27.000Z","size":97459,"stargazers_count":547,"open_issues_count":8,"forks_count":112,"subscribers_count":39,"default_branch":"master","last_synced_at":"2024-11-15T19:37:34.937Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cseagle.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-04-20T08:38:00.000Z","updated_at":"2024-10-20T21:36:14.000Z","dependencies_parsed_at":null,"dependency_job_id":"28639a24-907c-42bd-be9f-4af550ee4996","html_url":"https://github.com/cseagle/sk3wldbg","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cseagle%2Fsk3wldbg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cseagle%2Fsk3wldbg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cseagle%2Fsk3wldbg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cseagle%2Fsk3wldbg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cseagle","download_url":"https://codeload.github.com/cseagle/sk3wldbg/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253209259,"owners_count":21871622,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T06:00:53.583Z","updated_at":"2025-05-09T07:30:44.829Z","avatar_url":"https://github.com/cseagle.png","language":"C++","funding_links":[],"categories":["使用","\u003ca id=\"b38dab81610be087bd5bc7785269b8cc\"\u003e\u003c/a\u003e模拟器集成"],"sub_categories":["\u003ca id=\"b38dab81610be087bd5bc7785269b8cc\"\u003e\u003c/a\u003e模拟器集成","\u003ca id=\"1c698e298f6112a86c12881fbd8173c7\"\u003e\u003c/a\u003eSwift"],"readme":"## WARNING: THIS CODE IS VERY RAW AND PROBABLY VERY BUGGY!\n\n## Introduction\n\nThis is the Sk3wlDbg plugin for IDA Pro. It's purpose is to provide a front\nend for using the Unicorn Engine to emulate machine code that you are viewing\nwith IDA.\n\nThe plugin installs as an IDA debugger which you may select whenever you open\nan IDA database containing code supported by Unicorn. Currently supported\narchitectures include:\n\n* x86\n* x86-64\n* ARM\n* ARM64\n* MIPS\n* MIPS64\n* SPARC\n* SPARC64\n* M68K\n\n## BUILDING:\n\nThe plugin is dependent on the Unicorn engine. IDA versions 6.x and older (pre 7.0)\nare buit as 32-bit binaries. If you are using one of these versions of IDA you MUST\nhave a 32-bit build of the Unicorn library for your IDA platform (Windows,\nLinux, OS X). If you are using IDA version 7.0 or later, you MUST have a 64-bit build\nof Unicorn.\n\nOn all platforms you should clone sk3wldbg into your IDA SDK plugins sub-directory\nso that you end up with $IDASDKDIR/plugins/sk3wldbg because the build files all use\nrelative paths to find the IDA header files.\n\n### Building Unicorn for Linux / OSX\n\n* If building Unicorn for IDA 6.x on Linux use: ./make.sh linux32\n* If building Unicorn for IDA 7.x on Linux use: ./make.sh linux64\n* If building Unicorn for OS X use: ./make.sh macos-universal\n\nFollow `make.sh` with `make install`\n\n### Build sk3wldbg for Linux / OS X:\n\nUse the include Makefile to build the plugin. You may need to adjust the paths\nthat get searched to find your IDA installation (\"/Applications/IDA Pro N.NN\" is\nassumed on OSX and /opt/ida-N.NN is assumed on Linux, were N.NN is derived from\nthe name of your IDA SDK directory eg idasdk695 and should match your IDA version\nnumber). This is required to successfully link the plugin. Note that the Makefile\nassumes that the Unicorn library headers have been copied into the sk3wldbg\ndirectory alongside the plugin source files (this is already done in the git repo).\nIf you want to switch to using the actual Unicorn headers, make sure you update the\nMakefile.\n\n$ cd $IDASDKDIR/plugins/sk3wldbg\n$ make\n\nCompiled binaries will end up in $IDASDKDIR/plugins/sk3wldbg/bin\n\n```\nLINUX\n -------------------------------------------\n | ida | ida64 |\n -------------------------------------------\nIDA 6.x | | |\n plugin | sk3wldbg_user.plx | sk3wldbg_user.plx64 |\n -------------------------------------------\nIDA 7.x | | |\n plugin | sk3wldbg_user.so | sk3wldbg_user64.so |\n -------------------------------------------\n\nOS/X\n ------------------------------------------------\n | ida | ida64 |\n ------------------------------------------------\nIDA 6.x | | |\n plugin | sk3wldbg_user.pmc | sk3wldbg_user.pmc64 |\n ------------------------------------------------\nIDA 7.x | | |\n plugin | sk3wldbg_user.dylib | sk3wldbg_user64.dylib |\n ------------------------------------------------\n```\n\nCopy the plugin(s) into your \u003cIDADIR\u003e/plugins directory and Sk3wlDbg will be\nlisted as an available debugger for all architectures supported by Unicorn.\n\n### Build Unicorn for Windows\n\nUnicorn include unicorn.sln which may be used to build both 32 and 64-bit versions\nof Unicorn. The necessary binaires end up in unicorn/msvc/distro/Win32 and \nunicorn/msvc/distro/x86. You will need unicorn.lib and unicorn.dll for your\nversion of IDA (32 or 64-bit). Copy the appropriate unicorn.lib into your \nsk3wldbg git tree at sk3wldbg/lib/x86 or sk3wldbg/lib/x64.\n\n### Build sk3wldbg for Windows\n\nBuild with Visual Studio C++ 2013 or later using the included solution (.sln)\nfile (sk3wlbdg.sln). Several build targets are available depending on which version\nof IDA you are using:\n\n```\n -------------------------------------------\n | ida | ida64 |\n -------------------------------------------\nIDA 6.x | Release/Win32 | Release64/Win32 |\n plugin | sk3wldbg_user.plw | sk3wldbg_user.p64 |\n -------------------------------------------\nIDA 7.x | Release/x64 | Release64/x64 |\n plugin | sk3wldbg_user.dll | sk3wldbg_user64.dll |\n -----------------------------------------\n```\n\nNote that the project configuration assumes that the Unicorn library headers have\nbeen copied into the sk3wldbg directory alongside the solution file (this is\nalready done in the git repo). If you want to switch to using the actual Unicorn\nheaders, make sure you update the Visual Studio project settings.\n\nCopy the plugin(s) into your \u003cIDADIR\u003e/plugins directory and Sk3wlDbg will be\nlisted as an available debugger for all architectures supported by Unicorn.\n\nNote that the unicorn dll needs to be found in your PATH or copied into your\nIDA installation directory.\n\n## INSTALLATION\n\nAssuming you have installed IDA to $IDADIR, install the plugin by copying the\ncompiled binaries from $IDASDKDIR/bin/plugins to $IDADIR/plugins (Linux/Windows)\nor $IDADIR/idabin/plugins (OS X). Windows users should also copy unicorn.dll into\n$IDADIR. Linux and OS X users should make sure they have installed the Unicorn\nshared library into an appropriate location on their respective systems\n(/usr/local/lib often works). This should already be taken care of if you build\nand install Unicorn from source.\n\n### Pre-built binaries:\n\nAs an alternative to building the plugin yourself, pre-built binaries for \nIDA 6.95 (Windows, Linux, OS X) are available in the bins directory.\nMake sure that you have a suitable Unicorn installed for your platform.\n\n## USING THE PLUGIN\n\nWith the plugin installed, open a binary of interest in IDA and select Sk3wlDbg\nas your debugger (Debugger/Switch debugger). If Sk3wlDbg does not appear as an \navailable debugger, it has either not been installed correctly, the Unicorn\nshared library can't be found, or the current processor type is not supported\nby the plugin.\n\nNo options are currently recognized by the plugin. When you launch the debugger\nyou will be asked whether you wish to begin execution at the cursor location or\nat the program's advertised entry point. You should probably also set some\nbreakpoints to make sure you gain control of the debugger at some point.\n\nThe plugin contains very minimalist ELF32/64 and PE/PE32+ loaders to\nload the file image into the Unicorn emulator instance. Outside of these formats\nthe plugin simply copies the contents of your IDA sections into the emulator.\nYou currently also get a stack and that's about it.\n\nFor ELF64/x86_64, the emulator assumes Linux and sets up a minimal trampoline \nfrom ring 0 to ring 3 at debug start. Additionaly ring 0 code is installed to \nhandle sysenter and provide a sysexit back to ring 3. A conditional breakpoint\ncan be installed at the tail end of the systenter code (marked by a nop) to \nexamine the syscall arguments and, if desired, manipulate the process state\nbefore resuming execution. See linux_kernel_x64.asm and linux_x64_syscall_bpcond.py\nfor ideas.\n\nFuture updates will provide similar ring 0 stubs for ELF32/x86/Linux and \nPE32+/x86_64/Windows.\n\n## THINGS THAT WORK (\u003e 0% of the time)\n\n* Basic debugger operations such as step and run\n* Breakpoints are just implemented as a set against which the current program counter is compared.\n Software breakpoints (such as INT 3) are not used.\n* IDA's \"Take memory snapshot\" feature works.\n* Conditional breakpoints handled by IDA\n* Installed IDC functions allow for mapping additional memory into a Unicorn process\n\n```\n int64 sk3wl_mmap(int64 base, long size, int perms) where perms are a combination of:\n #define SEGPERM_EXEC 1 ///\u003c Execute\n #define SEGPERM_WRITE 2 ///\u003c Write\n #define SEGPERM_READ 4 ///\u003c Read\n void sk3wl_munmap(int64 base, long size)\n```\n\n`sk3wl_mmap` may be used to map new regions of memory into an emulated unicorn process.\nThese may be invoked from python via the `eval_idc_expr` function:\n\n```\n idaapi.eval_idc_expr(idaapi.idc_value_t(), BADADDR, \"sk3wl_mmap(0x41414000, 0x1000, 7)\")\n```\n\n## THINGS THAT DON'T WORK (because they are not yet implemented)\n\n* IDA Appcalls\n* Exception handling (as in the debugger catching exception that happen in the emulated code like out of bounds memory accesses or illegal instructions)\n* Tracing\n* Stack traces\n* Many other features I have not yet thought of\n\n## OTHER FUTURE WORK\n\n* Extensible hooking interface to hook system calls and other exceptions\n* Extensible hooking interface to hook library function calls\n* Support for loading required shared libraries into the emulated process\n* PEB/TEB and fs segment setup for PE based processes\n* Many other features I have not yet thought of\n\n \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcseagle%2Fsk3wldbg","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcseagle%2Fsk3wldbg","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcseagle%2Fsk3wldbg/lists"}