Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-11 08:36:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
488 Commits 2 Branches 0 Tags
8d5f561ccffe890e3ad71fd1d5b3fa9b4d0aadb2
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Maurice Heumann 8d5f561ccf Bump deps/mini-gdbstub from 2b8a5aa to 632ebd3 (#61) 
Bumps [deps/mini-gdbstub](https://github.com/momo5502/mini-gdbstub) from
`2b8a5aa` to `632ebd3`.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="632ebd3892"><code>632ebd3</code></a>
Merge pull request <a
href="https://redirect.github.com/momo5502/mini-gdbstub/issues/1">#1</a>
from momo5502/platform-fixes</li>
<li>See full diff in <a
href="2b8a5aade4...632ebd3892">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
2025-01-08 13:32:53 +01:00
.github
Verify formatting using clang-format
2025-01-06 15:53:29 +01:00
cmake
Ignore conversion warnings for now
2025-01-05 20:35:10 +01:00
deps
Bump deps/mini-gdbstub from 2b8a5aa to 632ebd3
2025-01-08 12:27:13 +00:00
docs/images
Update thumbnail
2024-10-30 08:43:10 +01:00
src
Small formatting fixes
2025-01-08 11:14:08 +01:00
.clang-format
Add clang-format file
2025-01-06 17:09:36 +01:00
.gitignore
Initial commit
2024-08-15 19:00:01 +02:00
.gitmodules
abstract windows structures
2024-12-12 10:26:56 +01:00
CMakeLists.txt
Quick & dirty test execution #16
2024-10-25 17:40:53 +02:00
CMakePresets.json
Initial commit
2024-08-15 19:00:01 +02:00
LICENSE
Switch to GPL as unicorn requires it
2024-10-23 19:10:13 +02:00
README.md
Update README.md
2025-01-06 15:45:48 +01:00

README.md

Windows User Space Emulator

A high-performance Windows process emulator that operates at syscall level, providing full control over process execution through comprehensive hooking capabilities.

Perfect for security research, malware analysis, and DRM research where fine-grained control over process execution is required.

Built in C++ and powered by the Unicorn Engine.

Key Features

  • 🔄 Syscall-Level Emulation
    • Instead of reimplementing Windows APIs, the emulator operates at the syscall level, allowing it to leverage existing system DLLs
  • 📝 Advanced Memory Management
    • Supports Windows-specific memory types including reserved, committed, built on top of Unicorn's memory management
  • 📦 Complete PE Loading
    • Handles executable and DLL loading with proper memory mapping, relocations, and TLS
  • Exception Handling
    • Implements Windows structured exception handling (SEH) with proper exception dispatcher and unwinding support
  • 🧵 Threading Support
    • Provides a scheduled (round-robin) threading model
  • 💾 State Management
    • Supports both full state serialization and fast in-memory snapshots
  • 💻 Debugging Interface
    • Implements GDB serial protocol for integration with common debugging tools (IDA Pro, GDB, LLDB, VS Code, ...)

Note

The project is still in a very early, prototypy state. The code still needs a lot of cleanup and many features and syscalls need to be implemented. However, constant progress is being made :)

Preview

Preview

YouTube Overview

YouTube video

Click here for the slides.

Build Instructions

Prerequisites

  • Windows 64-bit (click here for cross-platform status)
  • CMake
  • Git

Getting Started

Clone the repository with submodules:

git clone https://github.com/momo5502/emulator.git
cd emulator
git submodule update --init --recursive

Run the following commands in an x64 Development Command Prompt

Visual Studio 2022

cmake --preset=vs2022

Solution will be generated at build/vs2022/emulator.sln

Ninja

Debug build:

cmake --workflow --preset=debug

Release build:

cmake --workflow --preset=release

Dumping the Registry

The emulator needs a registry dump to run, otherwise it will print Bad hive file errors.
You can create one by running the src/grab-registry.bat script as administrator.
This will create a registry folder that needs to be placed in the working directory of the emulator.

Running Tests

The project uses CTest for testing. Choose your preferred method:

Visual Studio:

  • Build the RUN_TESTS target

Ninja:

cd build/release  # or build/debug
ctest
Description
🪅 Windows User Space Emulator
emulatorhacktoberfestreverse-engineeringwindows
Readme GPL-2.0 15 MiB
Languages
C++ 85%
TypeScript 10%
Rust 2.7%
CMake 1.5%
CSS 0.3%
Other 0.4%