{"id":27708469,"url":"https://github.com/momo5502/sogen","last_synced_at":"2025-04-26T10:02:07.151Z","repository":{"id":258823084,"uuid":"842883987","full_name":"momo5502/sogen","owner":"momo5502","description":"๐Ÿช… Windows User Space Emulator ","archived":false,"fork":false,"pushed_at":"2025-04-22T09:21:24.000Z","size":3404,"stargazers_count":2069,"open_issues_count":18,"forks_count":122,"subscribers_count":29,"default_branch":"main","last_synced_at":"2025-04-22T09:27:10.828Z","etag":null,"topics":["emulator","hacktoberfest","reverse-engineering","windows"],"latest_commit_sha":null,"homepage":"https://sogen.dev/","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/momo5502.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-08-15T10:00:56.000Z","updated_at":"2025-04-22T09:21:27.000Z","dependencies_parsed_at":"2025-02-15T09:20:43.366Z","dependency_job_id":"32393310-3640-4052-b05e-42594df3c379","html_url":"https://github.com/momo5502/sogen","commit_stats":null,"previous_names":["momo5502/emulator","momo5502/sogen"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/momo5502%2Fsogen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/momo5502%2Fsogen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/momo5502%2Fsogen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/momo5502%2Fsogen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/momo5502","download_url":"https://codeload.github.com/momo5502/sogen/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250968874,"owners_count":21515680,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["emulator","hacktoberfest","reverse-engineering","windows"],"created_at":"2025-04-26T10:02:06.170Z","updated_at":"2025-04-26T10:02:07.145Z","avatar_url":"https://github.com/momo5502.png","language":"C++","readme":"\u003cimg src=\"./docs/images/cover.png\" /\u003e\n\u003ch1 align=\"center\"\u003e\n\tSogen\n\t\u003cbr\u003e\n\t\u003ca href=\"https://github.com/momo5502/sogen?tab=GPL-2.0-1-ov-file\"\u003e\u003cimg src=\"https://img.shields.io/github/license/momo5502/sogen?color=00B0F8\"/\u003e\u003c/a\u003e\n\t\u003ca href=\"https://github.com/momo5502/sogen/actions\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/momo5502/sogen/build.yml?branch=main\u0026label=build\"/\u003e\u003c/a\u003e\n\t\u003ca href=\"https://github.com/momo5502/sogen/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/momo5502/sogen?color=F8B000\"/\u003e\u003c/a\u003e\n\t\u003cimg src=\"https://img.shields.io/github/commit-activity/m/momo5502/sogen?color=FF3131\"/\u003e \n\u003c/h1\u003e\n\nSogen is a high-performance Windows user space emulator that operates at syscall level, providing full control over process execution through comprehensive hooking capabilities.\n\nPerfect for security research, malware analysis, and DRM research where fine-grained control over process execution is required.\n\nBuilt in C++ and powered by the [Unicorn Engine](https://github.com/unicorn-engine/unicorn) (or the [icicle-emu](https://github.com/icicle-emu/icicle-emu) ๐Ÿ†•).\n\nTry it out: \u003ca href=\"https://sogen.dev\"\u003esogen.dev\u003c/a\u003e\n\n## Key Features\n\n* ๐Ÿ”„ __Syscall-Level Emulation__\n\t* Instead of reimplementing Windows APIs, the emulator operates at the syscall level, allowing it to leverage existing system DLLs\n* ๐Ÿ“ __Advanced Memory Management__\n\t* Supports Windows-specific memory types including reserved, committed, built on top of Unicorn's memory management\n* ๐Ÿ“ฆ __Complete PE Loading__\n\t* Handles executable and DLL loading with proper memory mapping, relocations, and TLS\n* โšก __Exception Handling__\n\t* Implements Windows structured exception handling (SEH) with proper exception dispatcher and unwinding support\n* ๐Ÿงต __Threading Support__\n\t* Provides a scheduled (round-robin) threading model\n* ๐Ÿ’พ __State Management__\n\t* Supports both full state serialization and ~~fast in-memory snapshots~~ (currently broken ๐Ÿ˜•)\n* ๐Ÿ’ป __Debugging Interface__\n\t* Implements GDB serial protocol for integration with common debugging tools (IDA Pro, GDB, LLDB, VS Code, ...)\n\n##\n\u003e [!NOTE] \n\u003e The project is still in a very early, prototypical state. The code still needs a lot of cleanup and many features and syscalls need to be implemented. However, constant progress is being made :)\n\n## Preview\n\n![Preview](./docs/images/preview.jpg)\n\n## YouTube Overview\n\n[![YouTube video](./docs/images/yt.jpg)](https://www.youtube.com/watch?v=wY9Q0DhodOQ)\n\nClick \u003ca href=\"https://docs.google.com/presentation/d/1pha4tFfDMpVzJ_ehJJ21SA_HAWkufQBVYQvh1IFhVls/edit\"\u003ehere\u003c/a\u003e for the slides.\n\n## Quick Start (Windows + Visual Studio)\n\n\u003e [!TIP] \n\u003e Checkout the [Wiki](https://github.com/momo5502/sogen/wiki) for more details on how to build \u0026 run the emulator on Windows, Linux, macOS, ...\n\n1\\. Checkout the code:\n\n```bash\ngit clone --recurse-submodules https://github.com/momo5502/sogen.git\n```\n\n2\\. Run the following command in an x64 Development Command Prompt in the cloned directory:\n\n```bash\ncmake --preset=vs2022\n```\n\n3\\. Build the solution that was generated at `build/vs2022/emulator.sln`\n\n4\\. Create a registry dump by running the [grab-registry.bat](https://github.com/momo5502/sogen/blob/main/src/tools/grab-registry.bat) as administrator and place it in the artifacts folder next to the `analyzer.exe`\n\n5\\. Run the program of your choice:\n\n```bash\nanalyzer.exe C:\\example.exe\n```\n","funding_links":[],"categories":["C++","cpp"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmomo5502%2Fsogen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmomo5502%2Fsogen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmomo5502%2Fsogen/lists"}