Execute internal function in a binary
from unicorn import *
from unicorn.x86_const import *
from pwn import *
BASE = 0x400000
STACK_ADDR = 0x0
STACK_SIZE = 1024 * 1024
def hook_code(emu, address, size, userdata) :
print(">>> Tracing at %i" % address)
machine_code = mu.mem_read(address, size)
# print(disasm(machine_code))
mu = Uc(UC_ARCH_X86, UC_MODE_32)
# map memory
mu.mem_map(BASE, 1024 * 1024)
mu.mem_map(STACK_ADDR, STACK_SIZE)
mu.mem_write(BASE, read("./function")) # load binary into memory
mu.mem_write(STACK_ADDR, "batman\\x00") # write String into stack to use later on
# Set stack
r_rsp = STACK_SIZE / 2
mu.reg_write(UC_X86_REG_ESP, r_rsp)
# Set arguments
mu.mem_write(r_rsp + 4, p32(5)) # argument 1
mu.mem_write(r_rsp + 8, p32(0)) # argument 2
mu.hook_add(UC_HOOK_CODE, hook_code)
start_function = BASE + 0x57b
end_function = BASE + 0x5b1
mu.emu_start(start_function, end_function)
eax = mu.reg_read(UC_X86_REG_EAX)
print("Result : %i" % eax)