Struct Unicorn

pub struct Unicorn { /* private fields */ }

Internal : A Unicorn emulator instance, use one of the Cpu structs instead.

Implementations

impl Unicorn

pub fn new(arch: Arch, mode: Mode) -> Result<Box<Unicorn>, Error>

Create a new instance of the unicorn engine for the specified architecture and hardware mode.

pub unsafe fn reg_write_generic<T: Sized>( &self, regid: i32, value: T, ) -> Result<(), Error>

Write a generic type to a register.

This is required in some special cases, such as when writing X86Mmr to the GDTR register in x86.

pub fn reg_write(&self, regid: i32, value: u64) -> Result<(), Error>

Write an unsigned value register.

Note : The register is defined as an i32 to be able to support the different register types (RegisterX86, RegisterARM, RegisterMIPS etc.). You need to cast the register with as i32.

pub fn reg_write_i32(&self, regid: i32, value: i32) -> Result<(), Error>

Write a signed 32-bit value to a register.

Note : The register is defined as an i32 to be able to support the different register types (RegisterX86, RegisterARM, RegisterMIPS etc.). You need to cast the register with as i32.

pub fn reg_read(&self, regid: i32) -> Result<u64, Error>

Read an unsigned value from a register.

Note : The register is defined as an i32 to be able to support the different register types (RegisterX86, RegisterARM, RegisterMIPS etc.). You need to cast the register with as i32.

pub fn reg_read_i32(&self, regid: i32) -> Result<i32, Error>

Read a signed 32-bit value from a register.

Note : The register is defined as an i32 to be able to support the different register types (RegisterX86, RegisterARM, RegisterMIPS etc.). You need to cast the register with as i32.

pub fn mem_map( &self, address: u64, size: size_t, perms: Protection, ) -> Result<(), Error>

Map a memory region in the emulator at the specified address.

address must be aligned to 4kb or this will return Error::ARG. size must be a multiple of 4kb or this will return Error::ARG.

pub unsafe fn mem_map_ptr<T>( &self, address: u64, size: size_t, perms: Protection, ptr: *mut T, ) -> Result<(), Error>

Map an existing memory region in the emulator at the specified address.

This function is marked unsafe because it is the responsibility of the caller to ensure that size matches the size of the passed buffer, an invalid size value will likely cause a crash in unicorn.

address must be aligned to 4kb or this will return Error::ARG.

size must be a multiple of 4kb or this will return Error::ARG.

ptr is a pointer to the provided memory region that will be used by the emulator.

pub fn mem_unmap(&self, address: u64, size: size_t) -> Result<(), Error>

Unmap a memory region.

address must be aligned to 4kb or this will return Error::ARG. size must be a multiple of 4kb or this will return Error::ARG.

pub fn mem_write(&self, address: u64, bytes: &[u8]) -> Result<(), Error>

Write a range of bytes to memory at the specified address.

pub fn mem_read(&self, address: u64, bytes: &mut [u8]) -> Result<(), Error>

Read a range of bytes from memory at the specified address.

pub fn mem_read_as_vec( &self, address: u64, size: usize, ) -> Result<Vec<u8>, Error>

Read a range of bytes from memory at the specified address; return the bytes read as a Vec.

pub fn mem_protect( &self, address: u64, size: usize, perms: Protection, ) -> Result<(), Error>

Set the memory permissions for an existing memory region.

address must be aligned to 4kb or this will return Error::ARG. size must be a multiple of 4kb or this will return Error::ARG.

pub fn mem_regions(&self) -> Result<Vec<MemRegion>, Error>

Returns a vector with the memory regions that are mapped in the emulator.

pub fn emu_start( &self, begin: u64, until: u64, timeout: u64, count: usize, ) -> Result<(), Error>

Emulate machine code for a specified duration.

begin is the address where to start the emulation. The emulation stops if until is hit. timeout specifies a duration in microseconds after which the emulation is stopped (infinite execution if set to 0). count is the maximum number of instructions to emulate (emulate all the available instructions if set to 0).

pub fn emu_stop(&self) -> Result<(), Error>

Stop the emulation.

This is usually called from callback function in hooks. NOTE: For now, this will stop the execution only after the current block.

pub fn add_code_hook<F>( &mut self, hook_type: CodeHookType, begin: u64, end: u64, callback: F, ) -> Result<uc_hook, Error>

where F: Fn(&Unicorn, u64, u32) + 'static,

Add a code hook.

pub fn add_intr_hook<F>(&mut self, callback: F) -> Result<uc_hook, Error>

where F: Fn(&Unicorn, u32) + 'static,

Add an interrupt hook.

pub fn add_mem_hook<F>( &mut self, hook_type: MemHookType, begin: u64, end: u64, callback: F, ) -> Result<uc_hook, Error>

where F: Fn(&Unicorn, MemType, u64, usize, i64) -> bool + 'static,

Add a memory hook.

pub fn add_insn_in_hook<F>(&mut self, callback: F) -> Result<uc_hook, Error>

where F: Fn(&Unicorn, u32, usize) -> u32 + 'static,

Add an “in” instruction hook.

pub fn add_insn_out_hook<F>(&mut self, callback: F) -> Result<uc_hook, Error>

where F: Fn(&Unicorn, u32, usize, u32) + 'static,

Add an “out” instruction hook.

pub fn add_insn_sys_hook<F>( &mut self, insn_type: InsnSysX86, begin: u64, end: u64, callback: F, ) -> Result<uc_hook, Error>

where F: Fn(&Unicorn) + 'static,

Add a “syscall” or “sysenter” instruction hook.

pub fn remove_hook(&mut self, hook: uc_hook) -> Result<(), Error>

Remove a hook.

hook is the value returned by either add_code_hook or add_mem_hook.

pub fn errno(&self) -> Error

Return the last error code when an API function failed.

Like glibc errno(), this function might not retain its old value once accessed.

pub fn query(&self, query: Query) -> Result<usize, Error>

Query the internal status of the engine.

Supported queries :

• Query::PAGE_SIZE : the page size used by the emulator.
• Query::MODE : the current hardware mode.

pub fn context_save(&self) -> Result<Context, Error>

Save and return the current CPU Context, which can later be passed to restore_context to roll back changes in the emulator.

pub fn context_restore(&self, context: &Context) -> Result<(), Error>

Restore a saved context. This can be used to roll back changes in a CPU’s register state (but not memory), or to duplicate a register state across multiple CPUs.

Trait Implementations

impl Drop for Unicorn

fn drop(&mut self)

Executes the destructor for this type.