uEmu is a tiny cute emulator plugin for IDA based on unicorn engine.
Supports following architectures out of the box: x86, x64, ARM, ARM64, MIPS, MIPS64
What is it GOOD for?
What is it BAD for?
- Emulate complex OS code (dynamic libraries, processes etc)
- Emulate code with many syscalls
What can be improved?
- Find a way to emulate vendor specific register access (like
MSR S3_x, X0for ARM64)
- Add more registers to track
brew install unicornto install Unicorn binaries
pip install unicornto install Unicorn python bindings
File / Script file...or
ALT+F7in IDA to load uEmu.py
Optionally uEmu can be loaded automatically as IDA plugin. In this case put it into [IDA]/Plugins folder and change
False inside uEmu.py
Note: on Windows you might need to add IDA Pro Qt5 path
sys.path.append('D:\\Soft\\IDA Pro 7.x\\python\\3\\PyQt5')
Source : KitPloit – PenTest Tools!