I'm trying to emulate a MIPS 32 big-endian binary. Unfortunately, it throws an exception on the first instructions. I tried to start it from the second, and third instructions as well:
#!/bin/python3
from unicorn import *
from unicorn.mips_const import *
stack_size = 3 * 4096
load_address = 0x80023000
stack_base = load_address + 24*1024*1024 + 4096
def load_unicorn():
mu = Uc(UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_BIG_ENDIAN)
er = open(r"blob", "rb")
emulate_blob = er.read()
mu.mem_map(load_address, 0x1000 + 24 * 1024 * 1024)
mu.mem_map(stack_base, stack_size)
mu.reg_write(UC_MIPS_REG_SP, stack_base + stack_size)
mu.mem_write(load_address + 0xf00, emulate_blob)
er.close()
return mu
def decompress(mu):
decompress_start = 0x800246AC
decompress_end = 0x80024730
buffer_address = 0x20000000
buffer_size = 20 * 1024 * 1024 * 4 #0x2000000
mu.mem_map(buffer_address, buffer_size)
dest_buffer_address = buffer_address
mu.reg_write(UC_MIPS_REG_A0, 0x8002917c)
mu.reg_write(UC_MIPS_REG_A1, 0xD4AAEBC)
mu.reg_write(UC_MIPS_REG_A2, dest_buffer_address)
mu.reg_write(UC_MIPS_REG_A3, buffer_size)
#mu.reg_write(UC_MIPS_REG_PC, decompress_start)
mu.mem_write(stack_base, b"\x00" * stack_size)
try:
mu.emu_start(decompress_start, decompress_end)
except Exception as e:
print(e)
print("IP: 0x{:x}".format(mu.reg_read(UC_MIPS_REG_PC)))
total_size = mu.reg_read(UC_MIPS_REG_S5)
decompressed_data = mu.mem_read(dest_buffer_address, total_size)
return decompressed_data
memory_unit = load_unicorn()
data = decompress(memory_unit)
When I read the memory at decompress_start (print(mu.mem_read(decompress_start,1024))), I get the following:
bytearray(b'\'\xbd\x00(\'\xbd\xff\xb8\x8f\xa3...
which corresponds correctly to the instructions in this code (\x27\xbd\xff\xb8 is addiu sp, sp, -0x48)
What could be wrong here? thanks!