Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-17-2022, 11:15
vic4key vic4key is offline
Family
 
Join Date: Apr 2010
Posts: 57
Rept. Given: 5
Rept. Rcvd 24 Times in 10 Posts
Thanks Given: 60
Thanks Rcvd at 94 Times in 21 Posts
vic4key Reputation: 24
C/C++ Library for Evaluate ASM Codes

Hi everyone.

I'm looking for a tiny library (very tiny or lightweight library - because, it's just for simple instructions like the sample below) in C/C++ (or binding) that able to:
- Evaluate simple x86/x64 assembly codes (execute codes from a string to get output).
- Each asm instruction has callback or hook (at least memory access instruction, for several special purposes, E.g. using ReadProcessMemory to read memory from other process, etc).
Maybe a little bit like a VM.

Code:
MOV RAX,$INPUT
ADD RAX,8
MOV RAX,[RAX] # eg. memory access instruction
MOV $OUTPUT,RAX
Hint me. Thanks.

Last edited by vic4key; 07-17-2022 at 01:21. Reason: for more clear
Reply With Quote
  #2  
Old 07-13-2022, 21:45
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 80
Rept. Given: 4
Rept. Rcvd 14 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 48 Times in 21 Posts
BlackWhite Reputation: 14
This may be what you want:
(1) Chinese introduction
https://tboox.org/cn/2016/07/26/x86-script-instruction-virtual-machine/
(2) Source code
https://github.com/tboox/vm86
Reply With Quote
The Following 3 Users Say Thank You to BlackWhite For This Useful Post:
niculaita (07-14-2022), sh3dow (07-17-2022), vic4key (07-16-2022)
  #3  
Old 07-14-2022, 11:15
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
If you are willing to do a bit of coding, ASMJit is a good choice. It's much powerful in capabilities than your needs, but flexible and let's you do anything including execute dynamically. It has an assembly parser called asmtk or the like. It's probably 30 lines of code to do everything you asked for that simple snippet. How inputs and outputs are dealt with would be the only tricky part...both parsing and binding it, but it's feasible
Reply With Quote
The Following 4 Users Say Thank You to chants For This Useful Post:
bigboss-62 (07-15-2022), niculaita (07-14-2022), sh3dow (07-17-2022), vic4key (07-16-2022)
  #4  
Old 07-15-2022, 12:39
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
well-known x64dbg is using asmjit, some examples of usage over here
https://github.com/x64dbg/x64dbg/blob/development/src/dbg/assemble.cpp
Reply With Quote
The Following 3 Users Say Thank You to sendersu For This Useful Post:
chants (07-16-2022), sh3dow (07-17-2022), vic4key (07-16-2022)
  #5  
Old 07-16-2022, 02:37
vic4key vic4key is offline
Family
 
Join Date: Apr 2010
Posts: 57
Rept. Given: 5
Rept. Rcvd 24 Times in 10 Posts
Thanks Given: 60
Thanks Rcvd at 94 Times in 21 Posts
vic4key Reputation: 24
Quote:
Originally Posted by sendersu View Post
well-known x64dbg is using asmjit, some examples of usage over here
https://github.com/x64dbg/x64dbg/blob/development/src/dbg/assemble.cpp
Thanks. I have checked x64dbg's source code before, and I found the file src/dbg/value.cpp#L1974 is the most similar to what I want.
I'd like to take advantage of the existing codes to avoid rewriting, but it's released under the GNU license, a bit inconvenient, although my software is open source.
Reply With Quote
  #6  
Old 07-16-2022, 02:55
vic4key vic4key is offline
Family
 
Join Date: Apr 2010
Posts: 57
Rept. Given: 5
Rept. Rcvd 24 Times in 10 Posts
Thanks Given: 60
Thanks Rcvd at 94 Times in 21 Posts
vic4key Reputation: 24
@BlackWhite @chants I created the topic long time, no one answer, so I think it's being in the hell now and I didn't come back to see your answers. Thank you guys.

Quote:
Originally Posted by BlackWhite View Post
This may be what you want:
(1) Chinese introduction
https://tboox.org/cn/2016/07/26/x86-script-instruction-virtual-machine/
(2) Source code
https://github.com/tboox/vm86
Sadly, it is x86 only, not supported x64.

Quote:
Originally Posted by chants View Post
If you are willing to do a bit of coding, ASMJit is a good choice. It's much powerful in capabilities than your needs, but flexible and let's you do anything including execute dynamically. It has an assembly parser called asmtk or the like. It's probably 30 lines of code to do everything you asked for that simple snippet. How inputs and outputs are dealt with would be the only tricky part...both parsing and binding it, but it's feasible
Seems it did not satisfy "Each asm instruction has callback or hook (at least memory access instruction, for several special purposes, E.g. using ReadProcessMemory to read memory from other process, etc)". If not, hint me more please.
Reply With Quote
  #7  
Old 07-16-2022, 19:08
0xall0c 0xall0c is offline
Friend
 
Join Date: Mar 2018
Posts: 67
Rept. Given: 0
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 25
Thanks Rcvd at 65 Times in 35 Posts
0xall0c Reputation: 4
you can use keystone https://github.com/keystone-engine/keystone for parsing the assembly and then use unicorn https://github.com/unicorn-engine/unicorn to execute the instructions, which have all the hooks you want on every instruction execution. if you want to emulate complete pe file then you can use qiling https://github.com/qilingframework/qiling.
Reply With Quote
The Following User Says Thank You to 0xall0c For This Useful Post:
h8er (07-21-2022)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 19:06.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )