change ip on “Uc(UC_ARCH_X86, UC_MODE_16) ” may no work?

Question

change ip on “Uc(UC_ARCH_X86, UC_MODE_16) ” may no work?

Opened this issue 5 months ago · 1 comments

from unicorn import *
from unicorn.x86_const import *
#Uc(UC_ARCH_X86, UC_MODE_16) can't change ip usefully?
# 16-bit code to be executed (example: simple infinite loop)

# Memory address where emulation starts
ADDRESS = 0x1000

def hook_code(uc, address, size, user_data):
    # Read the current instruction pointer
    ip = uc.reg_read(UC_X86_REG_IP)
    print(f"IP: {ip:#04x}")

    # Hook condition: jump to a new address if IP is at specific location
    if ip == ADDRESS:
        new_ip = 0x1002
        uc.reg_write(UC_X86_REG_IP, new_ip)
        print('ok?')

def main():
    CODE = b'\xeb\xfe'*1024  # JMP $
    mu = Uc(UC_ARCH_X86, UC_MODE_16)
    mu.mem_map(ADDRESS, 2 * 1024 * 1024)
    mu.mem_write(ADDRESS, CODE)
    mu.hook_add(UC_HOOK_CODE, hook_code)
    try:
        mu.emu_start(ADDRESS, ADDRESS + len(CODE))
    except UcError as e:
        print(f"ERROR: {e}")

if __name__ == '__main__':
    main()

maybe i just make a mistake
environment:win10,x86.
PS D:\Vscode\spark> pip show unicorn
Name: unicorn
Version: 2.0.1.post1

Answer 1 · 2024-12-26T23:07:00.000Z

from unicorn import *
from unicorn.x86_const import *

# Memory address where emulation starts
ADDRESS = 0x1000

def hook_code(uc, address, size, user_data):
    # Here, we're reading the current IP, but remember this might be after the instruction has started
    ip = uc.reg_read(UC_X86_REG_IP)
    print(f"Current IP: {ip:#04x}")

    # Condition to change IP - for example, we'll jump after first instruction
    if ip == ADDRESS:
        new_ip = 0x1002  # Jump to next instruction after the JMP
        uc.reg_write(UC_X86_REG_IP, new_ip)
        print(f'Jumped to IP: {new_ip:#04x}')
    else:
        print(f"IP unchanged, current: {ip:#04x}")

def main():
    # Simple code: JMP to next instruction followed by a NOP
    CODE = b'\xeb\x02\x90'  # JMP +2, NOP (0x90)
    mu = Uc(UC_ARCH_X86, UC_MODE_16)
    mu.mem_map(ADDRESS, 2 * 1024 * 1024)
    mu.mem_write(ADDRESS, CODE)
    
    # Hook every code execution
    mu.hook_add(UC_HOOK_CODE, hook_code)
    
    try:
        # Emulate for a short duration to see if jump works
        mu.emu_start(ADDRESS, ADDRESS + len(CODE), count=3)  # Emulate 3 instructions
    except UcError as e:
        print(f"ERROR: {e}")

if __name__ == '__main__':
    main()