Skip to content

X86

x86

Variable with instruction set from 1 byte to 15 bytes

Weird x86 instructions caviots https://www.timdbg.com/posts/useless-x86-trivia/

Emulate with Unicorn

code = bytes.fromhex('b8 02 00 00 00 bb 03 00 00 00 03 c3')
    
from unicorn import *
from unicorn.x86_const import *

# Unicorn emulator setup
uc = Uc(UC_ARCH_X86, UC_MODE_32)

stack_base = 0x00100000
stack_size = 0x00100000

# Position the stack pointer in the middle of the stack
ESP = stack_base + (stack_size // 2)

# Map the stack memory into the emulator
uc.mem_map(stack_base, stack_size)

# Fill the stack memory with null bytes
uc.mem_write(stack_base, b"\x00" * stack_size)

# Set the stack pointer
uc.reg_write(UC_X86_REG_ESP, ESP)




target_base = 0x00400000
target_size = 0x00100000

# Map target memory with r/w/x permissions
uc.mem_map(target_base, target_size, UC_PROT_ALL)

# Fill the target memory with null bytes
uc.mem_write(target_base, b"\x00" * target_size)

# Write our code into the target memory
uc.mem_write(target_base, code)

target_end = target_base + len(code)

uc.emu_start(target_base, target_end, timeout=0, count=0)

print("done")

EAX = uc.reg_read(UC_X86_REG_EAX)
print(EAX)