Lightemerald/windows-user-space-emulator

mirror of https://github.com/momo5502/emulator.git synced 2026-01-11 08:36:16 +00:00

Go to file

Elias Bachaalany 8053889d20 introducing reflection concept into core components

the idea is to allow as much internal information into inner components.
to not burden all builds, the reflection level can be controlled
via the MOMO_REFLECTION_LEVEL (where 0 means no reflection code is
included).

more reflection variables will be introduced as needed.

for now, the memory manager's layout version is used to track whether
the memory layout is changed or not (at the lowest level).
the API consumer can use this to decide to refresh or not expensive
computations

2025-01-18 21:10:28 -08:00

.github

add optional apiset dump tool

2025-01-15 20:55:15 +01:00

cmake

Add android build

2025-01-13 08:04:33 +01:00

deps

Refactor GDB stub (#88 )

2025-01-18 20:34:20 +01:00

docs/images

Add cover image

2025-01-10 21:13:15 +01:00

src

introducing reflection concept into core components

2025-01-18 21:10:28 -08:00

.gitignore

Initial commit

2024-08-15 19:00:01 +02:00

.gitmodules

add compression utils

2025-01-15 20:42:02 +01:00

CMakeLists.txt

introducing reflection concept into core components

2025-01-18 21:10:28 -08:00

CMakePresets.json

Initial commit

2024-08-15 19:00:01 +02:00

LICENSE

Switch to GPL as unicorn requires it

2024-10-23 19:10:13 +02:00

README.md

add optional apiset dump tool

2025-01-15 20:55:15 +01:00

README.md

Windows User Space Emulator

A high-performance Windows process emulator that operates at syscall level, providing full control over process execution through comprehensive hooking capabilities.

Perfect for security research, malware analysis, and DRM research where fine-grained control over process execution is required.

Built in C++ and powered by the Unicorn Engine.

Key Features

🔄 Syscall-Level Emulation
- Instead of reimplementing Windows APIs, the emulator operates at the syscall level, allowing it to leverage existing system DLLs
📝 Advanced Memory Management
- Supports Windows-specific memory types including reserved, committed, built on top of Unicorn's memory management
📦 Complete PE Loading
- Handles executable and DLL loading with proper memory mapping, relocations, and TLS
⚡ Exception Handling
- Implements Windows structured exception handling (SEH) with proper exception dispatcher and unwinding support
🧵 Threading Support
- Provides a scheduled (round-robin) threading model
💾 State Management
- Supports both full state serialization and fast in-memory snapshots
💻 Debugging Interface
- Implements GDB serial protocol for integration with common debugging tools (IDA Pro, GDB, LLDB, VS Code, ...)

Note

The project is still in a very early, prototypy state. The code still needs a lot of cleanup and many features and syscalls need to be implemented. However, constant progress is being made :)

Preview

YouTube Overview

Click here for the slides.

Build Instructions

Prerequisites

Windows 64-bit (click here for cross-platform status)
CMake
Git

Getting Started

Clone the repository with submodules:

git clone https://github.com/momo5502/emulator.git
cd emulator
git submodule update --init --recursive

Run the following commands in an x64 Development Command Prompt

Visual Studio 2022

cmake --preset=vs2022

Solution will be generated at build/vs2022/emulator.sln

Ninja

Debug build:

cmake --workflow --preset=debug

Release build:

cmake --workflow --preset=release

Dumping the Registry

The emulator needs a registry dump to run, otherwise it will print Bad hive file errors.
You can create one by running the src/tools/grab-registry.bat script as administrator.
This will create a registry folder that needs to be placed in the working directory of the emulator.

Running Tests

The project uses CTest for testing. Choose your preferred method:

Visual Studio:

Build the RUN_TESTS target

Ninja:

cd build/release  # or build/debug
ctest

Languages

C++ 85%

TypeScript 10%

Rust 2.7%

CMake 1.5%

CSS 0.3%

Other 0.4%