![Page 1: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/1.jpg)
Unicorn: Next Generation CPU Emulator Frameworkwww.unicorn-engine.org
NGUYEN Anh Quynh <aquynh -at- gmail.com>DANG Hoang Vu <danghvu -at- gmail.com>
BlackHat USA, August 5th 2015
1 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 2: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/2.jpg)
Self-introduction
Nguyen Anh Quynh (aquynh -at- gmail.com)I PhD in Computer Science, security researcherI Operating System, Virtual Machine, Binary analysis, Forensic, etcI Capstone disassembly framework (capstone-engine.org)
Dang Hoang Vu (danghvu -at- gmail.com)I PhD candidate in Computer Science at UIUC, security hobyistI Member of VNSecurity.NET, casual CTF player, exploit writerI Capstone, Peda contributor
2 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 3: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/3.jpg)
Agenda
1 CPU EmulatorBackgroundProblems of existing CPU emulators
2 Unicorn engine: demands, ideas, design & implementationGoals of UnicornDesign & implementationWrite applications with Unicorn API
3 Live demo
4 Conclusions
3 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 4: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/4.jpg)
CPU Emulator
DefinitionEmulate physical CPU - using software only.Focus on CPU operations only, but ignore machine devices.
ApplicationsEmulate the code without needing to have a real CPU.
I Cross-architecture emulator for console game.
Safely analyze malware code, detect virus signature.Verify code semantics in reversing.
4 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 5: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/5.jpg)
ExampleEmulate to understand code semantics.
5 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 6: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/6.jpg)
Internals of CPU emulator
Given input code in binary formDecode binary into separate instructionsEmulate exactly what each instruction does
I Instruction-Set-Architecture manual referenced is neededI Handle memory access & I/O upon requested
Update CPU context (regisers/memory/etc) after each step
6 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 7: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/7.jpg)
Example of emulating X86 32bit instructions
Ex: 50 → push eaxI load eax registerI copy eax value to stack bottomI decrease esp by 4, and update esp
Ex: 01D1 → add eax, ebxI load eax & ebx registersI add values of eax & ebx, then copy result to eaxI update flags OF, SF, ZF, AF, CF, PF accordingly
7 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 8: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/8.jpg)
Challenges of building CPU emulator
Huge amount of works!Good understanding of CPU architectureGood understanding of instruction setInstructions with various side-effect (sometimes undocumented, likeex: Intel X86)Tough to support all kind of code existed
8 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 9: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/9.jpg)
Good CPU emulator?
Multi-arch?I X86, Arm, Arm64, Mips, PowerPC, Sparc, etc
Multi-platform?I *nix, Windows, Android, iOS, etc
Updated?I Keep up with latest CPU extensions
Independent?I Support to build independent tools
Good performance?I Just-In-Time (JIT) compiler technique vs Interpreter
9 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 10: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/10.jpg)
Existing CPU emulators
Features libemu PyEmu IDA-x86emu libCPU DreamMulti-arch X X X X 1 XUpdated X X X X XIndependent X 2 X 3 X 4 X XJIT X X X X X
Multi-arch: existing tools only support X86Updated: existing tools do not supports X86_64
1Possible by design, but nothing actually works2Focus only on detecting Windows shellcode3Python only4For IDA only
10 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 11: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/11.jpg)
Dream a good emulator
Multi-architecturesI Arm, Arm64, Mips, PowerPC, Sparc, X86 (+X86_64) + more
Multi-platform: *nix, Windows, Android, iOS, etcUpdated: latest extensions of all hardware architecturesIndependent with multiple bindings
I Low-level framework to support all kind of OS and toolsI Core in pure C, and support multiple binding languages
Good performance with JIT compiler techniqueI Dynamic compilation vs Interpreter
Allow instrumentation at various levelsI Single-step/isntruction/memory access
11 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 12: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/12.jpg)
Problems
No reasonable CPU emulator even in 2015!Apparently nobody wants to fix the issuesNo light at the end of the dark tunnelUntil Unicorn was born!
12 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 13: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/13.jpg)
Unicorn == Next Generation CPU Emulator
13 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 14: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/14.jpg)
Goals of Unicorn
Multi-architecturesI Arm, Arm64, Mips, PowerPC, Sparc, X86 (+X86_64) + more
Multi-platform: *nix, Windows, Android, iOS, etcUpdated: latest extensions of all hardware architecturesCore in pure C, and support multiple binding languagesGood performance with JIT compiler techniqueAllow instrumentation at various levels
I Single-step/instruction/memory access
14 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 15: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/15.jpg)
Unicorn vs others
Features libemu PyEmu IDA-x86emu libCPU UnicornMulti-arch X X X X XUpdated X X X X XIndependent X X X X XJIT X X X X X
Multi-arch: existing tools only support X86Updated: existing tools do not supports X86_64
15 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 16: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/16.jpg)
Challenges to build Unicorn engine
Huge amount of works!Too many hardware architecturesToo many instructionsInstructions with various side-effect (sometimes undocumented, likeIntel X86)Hard to to support all kind of code existedLimited resource
I Started as a personal for-fun in-spare-time project
16 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 17: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/17.jpg)
Unicorn design
17 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 18: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/18.jpg)
Ambitions & ideas
Have all features in months, not years!Stand on the shoulders of the giants at the initial phase.Open source project to get community involved & contributed.Idea: Qemu!
18 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 19: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/19.jpg)
Introduction on Qemu
Qemu projectOpen source project (GPL license) on system emulator:http://www.qemu.org
Huge community & highly activeMulti-arch
I X86, Arm, Arm64, Mips, PowerPC, Sparc, etc (18 architectures)Multi-platform
I Compile on *nix + cross-compile for Windows
19 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 20: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/20.jpg)
Qemu architecture
Courtesy of cmchao
20 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 21: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/21.jpg)
Why Qemu?
Support all kind of architectures and very updatedAlready implemented in pure C, so easy to immplement Unicorn coreon topAlready supported JIT in CPU emulation
21 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 22: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/22.jpg)
Are we done?
22 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 23: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/23.jpg)
Challenges to build Unicorn (1)
Qemu codebase is a challengeNot just emulate CPU, but also device models & ROM/BIOS to fullyemulate physical machinesQemu codebase is huge and mixed like spaghetti :-(Difficult to read, as contributed by many different people
Unicorn jobKeep only CPU emulation code & remove everything else (devices,ROM/BIOS, migration, etc)Keep supported subsystems like Qobject, QomRewrites some components but keep CPU emulation code intact (soeasy to sync with Qemu in future)
23 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 24: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/24.jpg)
Challenges to build Unicorn (2)
Qemu is set of emulatorsSet of emulators for individual architecture
I Independently built at compile timeI All archs code share a lot of internal data structures and global
variables
Unicorn wants a single emulator that supports all archs :-(
Unicorn jobIsolated common variables & structures
I Ensured thread-safe by design
Refactored to allow multiple instances of Unicorn at the same timeModified the build system to support multiple archs on demand
24 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 25: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/25.jpg)
Challenges to build Unicorn (3)
Qemu has no instrumentationInstrumentation for static compilation onlyJIT optimizes for performance with lots of fast-path tricks, makingcode instrumenting extremely hard :-(
Unicorn jobBuild dynamic fine-grained instrumentation layer from scratchSupport various levels of instrumentation
I Single-step or on particular instruction (TCG level)I Intrumentation of memory accesses (TLB level)I Dynamically read and write register or memory during emulation.I Handle exception, interrupt, syscall (arch-level) through user provided
callback.
25 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 26: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/26.jpg)
Challenges to build Unicorn (4)
Qemu is leaking memoryObjects is open (malloc) without closing (freeing) properly everywhereFine for a tool, but unacceptable for a framework
Unicorn jobFind and fix all the memory leak issuesRefactor various subsystems to keep track and cleanup danglingpointers.
26 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 27: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/27.jpg)
Unicorn vs Qemu
Forked Qemu, but go far beyond itIndependent frameworkMuch more compact in size, lightweight in memoryThread-safe with multiple architectures supported in a single binaryProvide interface for dynamic instrumentationMore resistant to exploitation (more secure)
I CPU emulation component is never exploited!I Easy to test and fuzz as an API.
27 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 28: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/28.jpg)
Qemu vulnerabilities
28 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 29: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/29.jpg)
Write applications with Unicorn
29 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 30: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/30.jpg)
Introduce Unicorn API
Clean/simple/lightweight/intuitive architecture-neutral API.The core provides API in C
I open & close Unicorn instanceI start & stop emulation (based on end-address, time or instructions
count)I read & write memoryI read & write registersI memory management: hook memory events, dynamically map memory
at runtimeF hook memory events for invalid memory accessF dynamically map memory at runtime (handle invalid/missing memory)
I instrument with user-defined callbacks forinstructions/single-step/memory event, etc
Python binding built around the core
30 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 31: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/31.jpg)
Sample code in C
31 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 32: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/32.jpg)
Sample code in Python
32 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 33: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/33.jpg)
Live demo
33 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 34: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/34.jpg)
Status & future works
StatusSupport Arm, Arm64, Mips, M68K, PowerPC, Sparc, X86 (+X86_64)Python binding availableBased on Qemu 2.3
Future worksSupport all the rest architectures of Qemu(alpha/s360x/microblaze/sh4/etc - totally 18)Stripping more ultility code from Qemu e.g. improve the disassembler(with potential integration with Capstone).More bindings promised by community!Synchronize with Qemu 2.4 (released soon)
I Future of Unicorn is guaranteed by Qemu active development!
34 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 35: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/35.jpg)
Conclusions
Unicorn is an innovative next generation CPU emulatorI Multi-arch + multi-platformI Clean/simple/lightweight/intuitive architecture-neutral APII Implemented in pure C language, with bindings for Python available.I High performance with JIT compiler techniqueI Support fine-grained instrumentation at various levels.I Thread-safe by design.I Open source GPL license.I Future update guaranteed for all archs.
We are seriously committed to this project to make it the best CPUemulator.
35 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 36: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/36.jpg)
Call for beta testers
Run beta test before official releaseWilling to help? If you can code, contact us!
I Unicorn homepage: http://www.unicorn-engine.orgI Unicorn twitter: @unicorn_engineI Unicorn mailing list:
http://www.freelists.org/list/unicorn-engine
First public version to be released after the beta phase - in GPLlicense.
36 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 37: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/37.jpg)
Questions and answersUnicorn: Next Generation CPU Emulator Framework
NGUYEN Anh Quynh <aquynh -at- gmail.com>
DANG Hoang Vu <danghvu -at- gmail.com>
37 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 38: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/38.jpg)
References
Qemu: http://www.qemu.orglibemu: http://libemu.carnivore.itPyEmu: http://code.google.com/p/pyemulibcpu: https://github.com/libcpu/libcpuIDA-x86emu: http://www.idabook.com/x86emu/index.htmlUnicorn engine
I Homepage: http://www.unicorn-engine.orgI Mailing list: http://www.freelists.org/list/unicorn-engineI Twitter: @unicorn_engine
38 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework
![Page 39: Unicorn: Next Generation CPU Emulator Framework · Unicorn: Next Generation CPU Emulator Framework NGUYENAnhQuynh DANGHoangVu](https://reader036.vdocument.in/reader036/viewer/2022071106/5fe08bf973104e68f75570af/html5/thumbnails/39.jpg)
Acknowledgement
Nguyen Tan Cong for helped with the shellcode demo!Other beta testers helped to improve our code!
39 / 39 NGUYEN Anh Quynh, DANG Hoang Vu Unicorn: Next Generation CPU Emulator Framework