Lightemerald/windows-user-space-emulator

mirror of https://github.com/momo5502/emulator.git synced 2026-01-11 16:46:16 +00:00

Go to file

Maurice Heumann 0443b5a47c Bump deps/googletest from 35d0c36 to 7d76a23 (#39 )

Bumps [deps/googletest](https://github.com/google/googletest) from
`35d0c36` to `7d76a23`.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7d76a231b0"><code>7d76a23</code></a>
gtest: Output a canned test case for test suite setup / teardown
failures in ...</li>
<li><a
href="e54519b094"><code>e54519b</code></a>
Put the fake Fuchsia SDK in a module extension</li>
<li><a
href="f3c355f9dd"><code>f3c355f</code></a>
the public version already has the const qualifier</li>
<li><a
href="79219e26e0"><code>79219e2</code></a>
Update the links to ISTQB glossary.</li>
<li><a
href="d122c0d435"><code>d122c0d</code></a>
Add support for printing C++20 std::*_ordering types to gtest.</li>
<li>See full diff in <a
href="35d0c36560...7d76a231b0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

2025-01-02 13:51:23 +01:00

.github

Dump registry

2024-11-03 16:03:54 +01:00

cmake

Add hint comment

2024-11-18 16:57:51 +01:00

deps

Bump deps/googletest from 35d0c36 to 7d76a23

2025-01-01 17:22:26 +00:00

docs/images

Update thumbnail

2024-10-30 08:43:10 +01:00

src

Fix RtlPcToFileHeader calls (#38 )

2024-12-31 08:36:19 +01:00

.gitignore

Initial commit

2024-08-15 19:00:01 +02:00

.gitmodules

Remove hive parser submodule

2024-11-03 10:39:36 +01:00

CMakeLists.txt

Quick & dirty test execution #16

2024-10-25 17:40:53 +02:00

CMakePresets.json

Initial commit

2024-08-15 19:00:01 +02:00

LICENSE

Switch to GPL as unicorn requires it

2024-10-23 19:10:13 +02:00

README.md

Document registry dumping

2024-12-31 08:42:27 +01:00

README.md

Windows User Space Emulator

A high-performance Windows process emulator that operates at syscall level, providing full control over process execution through comprehensive hooking capabilities.

Built in C++ and powered by the Unicorn Engine.

Key Features

🔄 Syscall-Level Emulation
- Instead of reimplementing Windows APIs, the emulator operates at the syscall level, allowing it to leverage existing system DLLs
📝 Advanced Memory Management
- Supports Windows-specific memory types including reserved, committed, built on top of Unicorn's memory management
📦 Complete PE Loading
- Handles executable and DLL loading with proper memory mapping, relocations, and TLS
⚡ Exception Handling
- Implements Windows structured exception handling (SEH) with proper exception dispatcher and unwinding support
🧵 Threading Support
- Provides a scheduled (round-robin) threading model
💾 State Management
- Supports both full state serialization and fast in-memory snapshots
💻 Debugging Interface
- Implements GDB serial protocol for integration with common debugging tools (IDA Pro, GDB, LLDB, VS Code, ...)

Perfect for security research, malware analysis, and DRM research where fine-grained control over process execution is required.

Note

The project is still in a very early, prototypy state. The code still needs a lot of cleanup and many features and syscalls need to be implemented. However, constant progress is being made :)

Preview

YouTube Overview

Click here for the slides.

Build Instructions

Prerequisites

Windows 64-bit (see Issue 17 for cross-platform status)
CMake
Git

Getting Started

Clone the repository with submodules:

git clone https://github.com/momo5502/emulator.git
cd emulator
git submodule update --init --recursive

Run the following commands in an x64 Development Command Prompt

Visual Studio 2022

cmake --preset=vs2022

Solution will be generated at build/vs2022/emulator.sln

Ninja

Debug build:

cmake --workflow --preset=debug

Release build:

cmake --workflow --preset=release

Dumping the Registry

The emulator needs a registry dump to run, otherwise it will print Bad hive file errors.
You can create one by running the src/grab-registry.bat script as administrator.
This will create a registry folder that needs to be placed in the working directory of the emulator.

Running Tests

The project uses CTest for testing. Choose your preferred method:

Visual Studio:

Build the RUN_TESTS target

Ninja:

cd build/release  # or build/debug
ctest

Languages

C++ 85%

TypeScript 10%

Rust 2.7%

CMake 1.5%

CSS 0.3%

Other 0.4%