1#!/usr/bin/env ruby 2require 'unicorn_engine' 3require 'unicorn_engine/x86_const' 4require 'weakref' 5 6include UnicornEngine 7 8X86_CODE32 = "\x41" # INC ecx; DEC edx 9 10# memory address where emulation starts 11ADDRESS = 0x1000000 12 13# callback for tracing instructions 14hook_code = Proc.new do |uc, address, size, user_data| 15 puts("proc was run") 16end 17 18hook_code_weak = WeakRef.new hook_code 19 20begin 21 # Initialize emulator in X86-32bit mode 22 mu = Uc.new UC_ARCH_X86, UC_MODE_32 23 # map 2MB memory for this emulation 24 mu.mem_map(ADDRESS, 2 * 1024 * 1024) 25 26 # write machine code to be emulated to memory 27 mu.mem_write(ADDRESS, X86_CODE32) 28 29 # initialize machine registers 30 mu.reg_write(UC_X86_REG_ECX, 0x1234) 31 mu.reg_write(UC_X86_REG_EDX, 0x7890) 32 33 # tracing all instructions with customized callback 34 mu.hook_add(UC_HOOK_CODE, hook_code) 35 36 hook_code = nil # erase reference to proc 37 38 GC.start() # force garbage collection to test if proc is garbage collected 39 40 # emulate machine code in infinite time 41 mu.emu_start(ADDRESS, ADDRESS + X86_CODE32.bytesize) 42 43 mu = nil # erase reference to Uc because apparently it doesn't go out of scope after this? 44rescue UcError => e 45 puts("ERROR: %s" % e) 46 exit 1 47rescue NoMethodError => e 48 puts("proc was garbage collected and we tried to invoke `call` on something strange") 49 exit 1 50end 51 52GC.start() 53 54if hook_code_weak.weakref_alive?() then 55 puts("proc was not garbage collected") 56 exit 1 57end 58 59puts "test passed" 60exit 0 61