Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-18 03:13:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
316 Commits 2 Branches 0 Tags
6f8f840b57beae536a7d1c8eec2e0dee7200339d
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
momo5502 6f8f840b57 Move build instructions down
2024-11-10 12:37:21 +01:00
.github
Dump registry
2024-11-03 16:03:54 +01:00
cmake
Enable LTO
2024-09-08 16:12:19 +02:00
deps
Remove hive parser submodule
2024-11-03 10:39:36 +01:00
docs/images
Update thumbnail
2024-10-30 08:43:10 +01:00
src
Get rid of thread blocker
2024-11-10 09:16:53 +01:00
.gitignore
Initial commit
2024-08-15 19:00:01 +02:00
.gitmodules
Remove hive parser submodule
2024-11-03 10:39:36 +01:00
CMakeLists.txt
Quick & dirty test execution #16
2024-10-25 17:40:53 +02:00
CMakePresets.json
Initial commit
2024-08-15 19:00:01 +02:00
LICENSE
Switch to GPL as unicorn requires it
2024-10-23 19:10:13 +02:00
README.md
Move build instructions down
2024-11-10 12:37:21 +01:00

README.md

Windows User Space Emulator

A high-performance Windows process emulator that operates at the syscall level, providing full control over process execution through comprehensive hooking capabilities.

Built in C++ and powered by the Unicorn Engine.

Key Features

  • Syscall-Level Emulation: Instead of reimplementing Windows APIs, the emulator operates at the syscall level, allowing it to leverage existing system DLLs
  • Advanced Memory Management: Supports Windows-specific memory types including reserved, committed, built on top of Unicorn's memory management
  • Complete PE Loading: Handles executable and DLL loading with proper memory mapping, relocations, and TLS
  • Exception Handling: Implements Windows structured exception handling (SEH) with proper exception dispatcher and unwinding support
  • Threading Support: Provides a scheduled (round-robin) threading model
  • State Management: Supports both full state serialization and fast in-memory snapshots
  • Debugging Interface: Implements GDB serial protocol for integration with common debugging tools (IDA Pro, GDB, LLDB, VS Code, ...)

Perfect for security research, malware analysis, and DRM research where fine-grained control over process execution is required.

Note

The project is still in a very early, prototypy state. The code still needs a lot of cleanup and many features and syscalls need to be implemented. However, constant progress is being made :)

Preview

Preview

YouTube Overview

YouTube video

Click here for the slides.

Building

Make sure to clone the repo including all submodules.

git clone https://github.com/momo5502/emulator.git
cd emulator
git submodule update --init --recursive

At the moment, the project is only compatible with 64 bit Windows, but that is being worked on: Issue 17

It requires CMake and uses CMake presets. Make sure to open an x64 Dev Cmd before running any of the commands.

Visual Studio 2022

To generate a Visual Studio solution, execute the following command:

cmake --preset=vs2022

The solution will be at build/vs2022/emulator.sln.

Ninja

To build the debug version using Ninja run:

cmake --workflow --preset=debug

You can also build the release variant:

cmake --workflow --preset=release

Running Tests

CTest is used for testing.

In Visual Studio, build the RUN_TESTS target.

With Ninja, execute the CTest command in the ninja build folder (e.g. build/release/):

ctest
Description
🪅 Windows User Space Emulator
emulatorhacktoberfestreverse-engineeringwindows
Readme GPL-2.0 16 MiB
Languages
C++ 85.1%
TypeScript 9.9%
Rust 2.6%
CMake 1.5%
CSS 0.3%
Other 0.5%