Skip to content

nullze/emulator

BranchesTags
ย 
ย 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

970 Commits
.github
.github
ย 
ย 
cmake
cmake
ย 
ย 
deps
deps
ย 
ย 
docs/images
docs/images
ย 
ย 
src
src
ย 
ย 
.clang-tidy
.clang-tidy
ย 
ย 
.gitignore
.gitignore
ย 
ย 
.gitmodules
.gitmodules
ย 
ย 
CMakeLists.txt
CMakeLists.txt
ย 
ย 
CMakePresets.json
CMakePresets.json
ย 
ย 
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 

Repository files navigation

Windows User Space Emulator

A high-performance Windows process emulator that operates at syscall level, providing full control over process execution through comprehensive hooking capabilities.

Perfect for security research, malware analysis, and DRM research where fine-grained control over process execution is required.

Built in C++ and powered by the Unicorn Engine (or the icicle-emu ๐Ÿ†•).

Key Features

  • ๐Ÿ”„ Syscall-Level Emulation
    • Instead of reimplementing Windows APIs, the emulator operates at the syscall level, allowing it to leverage existing system DLLs
  • ๐Ÿ“ Advanced Memory Management
    • Supports Windows-specific memory types including reserved, committed, built on top of Unicorn's memory management
  • ๐Ÿ“ฆ Complete PE Loading
    • Handles executable and DLL loading with proper memory mapping, relocations, and TLS
  • โšก Exception Handling
    • Implements Windows structured exception handling (SEH) with proper exception dispatcher and unwinding support
  • ๐Ÿงต Threading Support
    • Provides a scheduled (round-robin) threading model
  • ๐Ÿ’พ State Management
    • Supports both full state serialization and fast in-memory snapshots (currently broken ๐Ÿ˜•)
  • ๐Ÿ’ป Debugging Interface
    • Implements GDB serial protocol for integration with common debugging tools (IDA Pro, GDB, LLDB, VS Code, ...)

Note

The project is still in a very early, prototypical state. The code still needs a lot of cleanup and many features and syscalls need to be implemented. However, constant progress is being made :)

Preview

Preview

YouTube Overview

YouTube video

Click here for the slides.

Build Instructions

Prerequisites

  • Windows 64-bit (click here for cross-platform status)
  • CMake
  • Git
  • Rust (pass -DMOMO_ENABLE_RUST_CODE=0 to cmake to disable requirement)

Getting Started

Clone the repository with submodules:

git clone https://github.com/momo5502/emulator.git
cd emulator
git submodule update --init --recursive

Run the following commands in an x64 Development Command Prompt

Visual Studio 2022

cmake --preset=vs2022

Solution will be generated at build/vs2022/emulator.sln

Ninja

Debug build:

cmake --workflow --preset=debug

Release build:

cmake --workflow --preset=release

Dumping the Registry

The emulator needs a registry dump to run, otherwise it will print Bad hive file errors.
You can create one by running the src/tools/grab-registry.bat script as administrator.
This will create a registry folder that needs to be placed in the working directory of the emulator.

Running Tests

The project uses CTest for testing. Choose your preferred method:

Visual Studio:

  • Build the RUN_TESTS target

Ninja:

cd build/release  # or build/debug
ctest

About

๐Ÿช… Windows User Space Emulator

Resources

Readme

License

GPL-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 93.9%
  • Rust 4.0%
  • CMake 1.8%
  • Other 0.3%