mirror of
https://github.com/momo5502/emulator.git
synced 2026-01-18 11:13:57 +00:00
d6329bb37a
Bumps [deps/reflect](https://github.com/qlibs/reflect) from `e85c958` to `68d8fd0`. <details> <summary>Commits</summary> <ul> <li><a href="68d8fd0913"><code>68d8fd0</code></a> 🎨 [style] formatting</li> <li><a href="1e497a9d7a"><code>1e497a9</code></a> 🔧 [cppm] C++ mode</li> <li><a href="f03e4052dd"><code>f03e405</code></a> 📚 [README]</li> <li><a href="809d8506e7"><code>809d850</code></a> 🔧 LICENSE</li> <li><a href="fe39b8f0f4"><code>fe39b8f</code></a> 📚 [README]</li> <li><a href="aa7121a971"><code>aa7121a</code></a> 📚 [README]</li> <li><a href="aed8253baf"><code>aed8253</code></a> 📚 [README]</li> <li><a href="4ca8ce1976"><code>4ca8ce1</code></a> 🔧 [cppm] license</li> <li><a href="1dbce7ae71"><code>1dbce7a</code></a> 🆕 Support C++20 module - original commit by <a href="https://github.com/stripe2933"><code>@stripe2933</code></a> - <a href="https://github">https://github</a>....</li> <li>See full diff in <a href="e85c958d22...68d8fd0913">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Windows User Space Emulator
A high-performance Windows process emulator that operates at syscall level, providing full control over process execution through comprehensive hooking capabilities.
Perfect for security research, malware analysis, and DRM research where fine-grained control over process execution is required.
Built in C++ and powered by the Unicorn Engine (or the icicle-emu 🆕).
Key Features
- 🔄 Syscall-Level Emulation
- Instead of reimplementing Windows APIs, the emulator operates at the syscall level, allowing it to leverage existing system DLLs
- 📝 Advanced Memory Management
- Supports Windows-specific memory types including reserved, committed, built on top of Unicorn's memory management
- 📦 Complete PE Loading
- Handles executable and DLL loading with proper memory mapping, relocations, and TLS
- ⚡ Exception Handling
- Implements Windows structured exception handling (SEH) with proper exception dispatcher and unwinding support
- 🧵 Threading Support
- Provides a scheduled (round-robin) threading model
- 💾 State Management
- Supports both full state serialization and
fast in-memory snapshots(currently broken 😕)
- Supports both full state serialization and
- 💻 Debugging Interface
- Implements GDB serial protocol for integration with common debugging tools (IDA Pro, GDB, LLDB, VS Code, ...)
Note
The project is still in a very early, prototypical state. The code still needs a lot of cleanup and many features and syscalls need to be implemented. However, constant progress is being made :)
Preview
YouTube Overview
Click here for the slides.
Quick Start (Windows + Visual Studio)
Tip
Checkout the Wiki for more details on how to build & run the emulator on Windows, Linux, macOS, ...
1. Checkout the code:
git clone --recurse-submodules https://github.com/momo5502/emulator.git
2. Run the following command in an x64 Development Command Prompt in the cloned directory:
cmake --preset=vs2022
3. Build the solution that was generated at build/vs2022/emulator.sln
4. Create a registry dump by running the grab-registry.bat as administrator and place it in the artifacts folder next to the analyzer.exe
5. Run the program of your choice:
analyzer.exe C:\example.exe