{"id":20718182,"url":"https://github.com/hzqst/unicorn_pe","last_synced_at":"2025-05-16T11:04:08.035Z","repository":{"id":39179599,"uuid":"163785951","full_name":"hzqst/unicorn_pe","owner":"hzqst","description":"Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.","archived":false,"fork":false,"pushed_at":"2024-05-09T15:38:14.000Z","size":36416,"stargazers_count":833,"open_issues_count":19,"forks_count":204,"subscribers_count":41,"default_branch":"master","last_synced_at":"2025-04-09T05:05:27.277Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hzqst.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-02T02:41:15.000Z","updated_at":"2025-04-01T16:05:11.000Z","dependencies_parsed_at":"2024-11-17T04:00:25.637Z","dependency_job_id":null,"html_url":"https://github.com/hzqst/unicorn_pe","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hzqst%2Funicorn_pe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hzqst%2Funicorn_pe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hzqst%2Funicorn_pe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hzqst%2Funicorn_pe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hzqst","download_url":"https://codeload.github.com/hzqst/unicorn_pe/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254518384,"owners_count":22084374,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-17T03:12:36.268Z","updated_at":"2025-05-16T11:04:06.189Z","avatar_url":"https://github.com/hzqst.png","language":"C","funding_links":[],"categories":["\u003ca id=\"b478e9a9a324c963da11437d18f04998\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"1afda3039b4ab9a3a1f60b179ccb3e76\"\u003e\u003c/a\u003e其他"],"readme":"# Unicorn PE\nUnicorn PE is an [unicorn](https://github.com/unicorn-engine/unicorn) based instrumentation project/framework designed to emulate code execution for windows PE files, especially packed ones.\n\n## Feature\n\nDump PE image from emu-memory into file, fix import table, decrypt VMProtect strings, decrypt VMProtect imports.\n\nPartial support for exception. (only #DB and #BP)\n\nShow disasm for all instructions that is being executed.\n\nUpdate BlackBone to latest ver (2020.4.5).\n\n## TODO\n\nFeature: x86 (low priority) -- 0%\n\n## Build\nVisual Studio 2017 or 2019\n\nOpen unicorn_pe.sln with Visual Studio\n\nBuild project \"unicorn_pe\" as x64/Release or x64/Debug. (No x86 support for now)\n\n## Usage\n\nunicorn_pe (filename or filepath) [-k for kernel mode driver emulation] [-disasm for displaying disasm] [-dump for binary dump] [-packed for packed binary] [-boundcheck for memory access bound check, may slower the execution]\n\n## Programming\n\n...to be documented\n\n## Snapshots\n\n### original driver\n![1](https://github.com/hzqst/unicorn_pe/raw/master/img/img1.png)\n\n### vmprotect packed driver\n![2](https://github.com/hzqst/unicorn_pe/raw/master/img/img2.png)\n\n### vmprotect is fixing encrypted IAT\n![3](https://github.com/hzqst/unicorn_pe/raw/master/img/img3.png)\n\n### vmprotect goes back to original entry point\n![4](https://github.com/hzqst/unicorn_pe/raw/master/img/img4.png)\n\n### vmprotect packed DLL, full user-mode emulation.\n![4](https://github.com/hzqst/unicorn_pe/raw/master/img/img5.png)\n\n## License\nThis software is released under the MIT License, see LICENSE.\n\n## Dependencies \nA modification of https://github.com/DarthTon/Blackbone is done for PE manual-mapping.\n\nhttps://github.com/unicorn-engine/unicorn for emulation.\n\nhttps://github.com/aquynh/capstone for disasm.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhzqst%2Funicorn_pe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhzqst%2Funicorn_pe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhzqst%2Funicorn_pe/lists"}