// New creates a new LinearDisassembler instance. func New(ws *w.Workspace) (*LinearDisassembler, error) { // maybe the disassembler shouldn't come from the workspace directly? d, e := ws.GetDisassembler() if e != nil { return nil, e } ev, e := function_analysis.NewFunctionEventDispatcher() if e != nil { return nil, e } return &LinearDisassembler{ FunctionEventDispatcher: *ev, disassembler: d, }, nil }
// New creates a new EmulatingDisassembler instance. func New(ws *W.Workspace) (*EmulatingDisassembler, error) { // maybe the disassembler shouldn't come from the workspace directly? d, e := ws.GetDisassembler() if e != nil { return nil, e } // note: we could easily emulate over a memory/debugger/emulator state // by using a different address space here. emu, e := emulator.New(ws) if e != nil { return nil, e } sman, e := emulator.NewSnapshotManager(emu) check(e) unmappedHook, e := emu.HookMemUnmapped(func(access int, addr AS.VA, size int, value int64) bool { logrus.Warnf("Unmapped: %d %s %d %d", access, addr, size, value) return true }) ev, e := function_analysis.NewFunctionEventDispatcher() if e != nil { return nil, e } ed := &EmulatingDisassembler{ ws: ws, symbolResolver: ws, disassembler: d, emulator: emu, sman: sman, FunctionEventDispatcher: *ev, unmappedHook: unmappedHook, } ed.codeHook, e = emu.HookCode(func(addr AS.VA, size uint32) { insn, e := ed.disassembler.ReadInstruction(ws, addr) check(e) ev.EmitInstruction(insn) }) check(e) return ed, nil }
func New(ws *W.Workspace) (*Emulator, error) { logrus.Debug("emulator: new") if ws.Arch != W.ARCH_X86 { return nil, W.InvalidArchError } if !(ws.Mode == W.MODE_32 || ws.Mode == W.MODE_64) { return nil, W.InvalidModeError } var u uc.Unicorn var e error if ws.Mode == W.MODE_32 { u, e = uc.NewUnicorn(uc.ARCH_X86, uc.MODE_32) } else if ws.Mode == W.MODE_64 { u, e = uc.NewUnicorn(uc.ARCH_X86, uc.MODE_64) } if e != nil { return nil, e } disassembler, e := ws.GetDisassembler() emu := &Emulator{ ws: ws, u: u, disassembler: disassembler, maps: make([]AS.MemoryRegion, 0), } e = AS.CopyAddressSpace(emu, ws) check(e) if e != nil { return nil, e } stackAddress := AS.VA(0x69690000) stackSize := uint64(0x40000) e = emu.MemMap(AS.VA(uint64(stackAddress)-(stackSize/2)), stackSize, "stack") check(e) emu.SetStackPointer(stackAddress) return emu, nil }