libmwemu 0.24.1

x86 32/64bits and system internals emulator, for securely emulating malware and other stuff.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

use crate::color;
use crate::emu::Emu;
use iced_x86::Instruction;

pub fn execute(emu: &mut Emu, ins: &Instruction, instruction_sz: usize, _rep_step: bool) -> bool {
    emu.show_instruction(color!("Cyan"), ins);

    assert!(ins.op_count() == 2);

    let value0 = match emu.get_operand_value(ins, 0, true) {
        Some(v) => v,
        None => return false,
    };

    let value1 = match emu.get_operand_value(ins, 1, true) {
        Some(v) => v,
        None => return false,
    };

    /*
                if value0 == emu.regs().rsp {

    emu.show_instruction(color!("LightCyan"), ins);

                    if emu.cfg.is_64bits {
                        if value1 % 8 == 0 {
                            emu.stack_lvl[emu.stack_lvl_idx] -= value1 as i32 / 8;
                        }
                    } else {
                        if value1 % 4 == 0 {
                            emu.stack_lvl[emu.stack_lvl_idx] -= value1 as i32 / 4;
                        }
                    }
                }*/

    let res: u64 = match emu.get_operand_sz(ins, 0) {
        64 => emu.flags_mut().sub64(value0, value1),
        32 => emu.flags_mut().sub32(value0, value1),
        16 => emu.flags_mut().sub16(value0, value1),
        8 => emu.flags_mut().sub8(value0, value1),
        _ => panic!("weird size"),
    };

    if !emu.set_operand_value(ins, 0, res) {
        return false;
    }
    true
}