uEmu is a tiny cute emulator plugin for IDA based on unicorn engine.
Supports following architectures out of the box: x86, x64, ARM, ARM64, MIPS, MIPS64
What is it BAD for?
- Emulate complex OS code (dynamic libraries, processes etc)
- Emulate code with many syscalls
What can be improved?
- Find a way to emulate vendor specific register access (like
MSR S3_x, X0
for ARM64) - Add more registers to track
Installation
brew install unicorn
to install Unicorn binariespip install unicorn
to install Unicorn python bindings- Use
File / Script file...
orALT+F7
in IDA to load uEmu.py
Optionally uEmu can be loaded automatically as IDA plugin. In this case put it into [IDA]/Plugins folder and change USE_AS_SCRIPT
to False
inside uEmu.py
Note: on Windows you might need to add IDA Pro Qt5 path
import sys
sys.path.append('D:\\Soft\\IDA Pro 7.x\\python\\3\\PyQt5')