Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-18 11:13:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,114 Commits 2 Branches 0 Tags
36650bca8cd7bc3a8324b48c18bc7d0dfb7c9ac9
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Maurice Heumann 36650bca8c Bump deps/googletest from e90fe24 to 155b337 (#210) 
Bumps [deps/googletest](https://github.com/google/googletest) from
`e90fe24` to `155b337`.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="155b337c93"><code>155b337</code></a>
Bump RE2 dependency to 2024-07-02.bcr.1</li>
<li>See full diff in <a
href="e90fe24856...155b337c93">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
2025-04-19 09:25:25 +02:00
.github
Remove unnecessary permissions
2025-04-18 20:11:27 +02:00
cmake
Add nodejs support
2025-04-18 16:59:04 +02:00
deps
Bump deps/googletest from e90fe24 to 155b337 (#210)
2025-04-19 09:25:25 +02:00
docs/images
Add cover image
2025-01-10 21:13:15 +01:00
page
Fix layout
2025-04-18 12:23:51 +02:00
src
Save another DLL
2025-04-19 09:23:11 +02:00
.clang-tidy
Fix more warnings
2025-03-18 20:58:26 +01:00
.gitignore
Initial commit
2024-08-15 19:00:01 +02:00
.gitmodules
Fixes for emscripten
2025-04-17 19:40:20 +02:00
CMakeLists.txt
Add nodejs support
2025-04-18 16:59:04 +02:00
CMakePresets.json
Initial commit
2024-08-15 19:00:01 +02:00
LICENSE
Switch to GPL as unicorn requires it
2024-10-23 19:10:13 +02:00
README.md
Add quick start
2025-04-12 09:55:52 +02:00

README.md

Windows User Space Emulator

A high-performance Windows process emulator that operates at syscall level, providing full control over process execution through comprehensive hooking capabilities.

Perfect for security research, malware analysis, and DRM research where fine-grained control over process execution is required.

Built in C++ and powered by the Unicorn Engine (or the icicle-emu 🆕).

Key Features

  • 🔄 Syscall-Level Emulation
    • Instead of reimplementing Windows APIs, the emulator operates at the syscall level, allowing it to leverage existing system DLLs
  • 📝 Advanced Memory Management
    • Supports Windows-specific memory types including reserved, committed, built on top of Unicorn's memory management
  • 📦 Complete PE Loading
    • Handles executable and DLL loading with proper memory mapping, relocations, and TLS
  • Exception Handling
    • Implements Windows structured exception handling (SEH) with proper exception dispatcher and unwinding support
  • 🧵 Threading Support
    • Provides a scheduled (round-robin) threading model
  • 💾 State Management
    • Supports both full state serialization and fast in-memory snapshots (currently broken 😕)
  • 💻 Debugging Interface
    • Implements GDB serial protocol for integration with common debugging tools (IDA Pro, GDB, LLDB, VS Code, ...)

Note

The project is still in a very early, prototypical state. The code still needs a lot of cleanup and many features and syscalls need to be implemented. However, constant progress is being made :)

Preview

Preview

YouTube Overview

YouTube video

Click here for the slides.

Quick Start (Windows + Visual Studio)

Tip

Checkout the Wiki for more details on how to build & run the emulator on Windows, Linux, macOS, ...

1. Checkout the code:

git clone --recurse-submodules https://github.com/momo5502/emulator.git

2. Run the following command in an x64 Development Command Prompt in the cloned directory:

cmake --preset=vs2022

3. Build the solution that was generated at build/vs2022/emulator.sln

4. Create a registry dump by running the grab-registry.bat as administrator and place it in the artifacts folder next to the analyzer.exe

5. Run the program of your choice:

analyzer.exe C:\example.exe
Description
🪅 Windows User Space Emulator
emulatorhacktoberfestreverse-engineeringwindows
Readme GPL-2.0 16 MiB
Languages
C++ 85.1%
TypeScript 9.9%
Rust 2.6%
CMake 1.5%
CSS 0.3%
Other 0.5%