libmwemu 0.24.3

x86 32/64bits and system internals emulator, for securely emulating malware and other stuff.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

use crate::emu;
use crate::emu::decoded_instruction::DecodedInstruction;
use crate::exception::types;

// Hook types using Box<dyn FnMut> for state capture instead of bare fn pointers.
// return: false will ignore interrupt handling like 0x80 -> linux
pub type TypeHookOnInterrupt =
    Box<dyn FnMut(&mut emu::Emu, u64, u64) -> bool>;
// return: allow handle exception?
pub type TypeHookOnException =
    Box<dyn FnMut(&mut emu::Emu, u64, types::ExceptionType) -> bool>;
// memory read is pre-read you can modify the value that is going to be read.
pub type TypeHookOnMemoryRead =
    Box<dyn FnMut(&mut emu::Emu, u64, u64, u32)>;
// the memory write is pre but you can change the value is going to be written.
pub type TypeHookOnMemoryWrite =
    Box<dyn FnMut(&mut emu::Emu, u64, u64, u32, u128) -> u128>;

// [BREAKING API CHANGE] returning false will skip the handling of the instruction
// Changed from &iced_x86::Instruction to &DecodedInstruction for arch parity.
// x86 hook users call ins.as_x86() to get the familiar type.
pub type TypeHookOnPreInstruction =
    Box<dyn FnMut(&mut emu::Emu, u64, &DecodedInstruction, usize) -> bool>;

pub type TypeHookOnPostInstruction =
    Box<dyn FnMut(&mut emu::Emu, u64, &DecodedInstruction, usize, bool)>;
pub type TypeHookOnWinApiCall =
    Box<dyn FnMut(&mut emu::Emu, u64, u64) -> bool>;

pub struct Hooks {
    pub hook_on_interrupt: Option<TypeHookOnInterrupt>,
    pub hook_on_exception: Option<TypeHookOnException>,
    pub hook_on_memory_read: Option<TypeHookOnMemoryRead>,
    pub hook_on_memory_write: Option<TypeHookOnMemoryWrite>,
    pub hook_on_pre_instruction: Option<TypeHookOnPreInstruction>,
    pub hook_on_post_instruction: Option<TypeHookOnPostInstruction>,
    pub hook_on_winapi_call: Option<TypeHookOnWinApiCall>,
}

impl Default for Hooks {
    fn default() -> Self {
        Self::new()
    }
}

impl Hooks {
    pub fn new() -> Hooks {
        Hooks {
            hook_on_interrupt: None,
            hook_on_exception: None,
            hook_on_memory_read: None,
            hook_on_memory_write: None,
            hook_on_pre_instruction: None,
            hook_on_post_instruction: None,
            hook_on_winapi_call: None,
        }
    }

    pub fn on_interrupt(&mut self, hook: impl FnMut(&mut emu::Emu, u64, u64) -> bool + 'static) {
        self.hook_on_interrupt = Some(Box::new(hook));
    }

    pub fn disable_interrupt(&mut self) {
        self.hook_on_interrupt = None;
    }

    pub fn on_exception(
        &mut self,
        hook: impl FnMut(&mut emu::Emu, u64, types::ExceptionType) -> bool + 'static,
    ) {
        self.hook_on_exception = Some(Box::new(hook));
    }

    pub fn disable_exception(&mut self) {
        self.hook_on_exception = None;
    }

    pub fn on_memory_read(
        &mut self,
        hook: impl FnMut(&mut emu::Emu, u64, u64, u32) + 'static,
    ) {
        self.hook_on_memory_read = Some(Box::new(hook));
    }

    pub fn disable_memory_read(&mut self) {
        self.hook_on_memory_read = None;
    }

    pub fn on_memory_write(
        &mut self,
        hook: impl FnMut(&mut emu::Emu, u64, u64, u32, u128) -> u128 + 'static,
    ) {
        self.hook_on_memory_write = Some(Box::new(hook));
    }

    pub fn disable_memory_write(&mut self) {
        self.hook_on_memory_write = None;
    }

    pub fn on_pre_instruction(
        &mut self,
        hook: impl FnMut(&mut emu::Emu, u64, &DecodedInstruction, usize) -> bool + 'static,
    ) {
        self.hook_on_pre_instruction = Some(Box::new(hook));
    }

    pub fn disable_pre_instruction(&mut self) {
        self.hook_on_pre_instruction = None;
    }

    pub fn on_post_instruction(
        &mut self,
        hook: impl FnMut(&mut emu::Emu, u64, &DecodedInstruction, usize, bool) + 'static,
    ) {
        self.hook_on_post_instruction = Some(Box::new(hook));
    }

    pub fn disable_post_instruction(&mut self) {
        self.hook_on_post_instruction = None;
    }

    pub fn on_winapi_call(
        &mut self,
        hook: impl FnMut(&mut emu::Emu, u64, u64) -> bool + 'static,
    ) {
        self.hook_on_winapi_call = Some(Box::new(hook));
    }

    pub fn disable_winapi_call(&mut self) {
        self.hook_on_winapi_call = None;
    }
}