sha0coder
diff --git a/‎Cargo.lock‎
Lines changed: 24 additions & 2 deletions b/‎Cargo.lock‎
Lines changed: 24 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 6 additions & 2 deletions b/‎README.md‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎crates/libmwemu/Cargo.toml‎
Lines changed: 4 additions & 1 deletion b/‎crates/libmwemu/Cargo.toml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎crates/libmwemu/README.md‎
Lines changed: 2 additions & 1 deletion b/‎crates/libmwemu/README.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎crates/libmwemu/src/config.rs‎
Lines changed: 8 additions & 2 deletions b/‎crates/libmwemu/src/config.rs‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎crates/libmwemu/src/console.rs‎
Lines changed: 1 addition & 1 deletion b/‎crates/libmwemu/src/console.rs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎crates/libmwemu/src/constants.rs‎
Lines changed: 16 additions & 24 deletions b/‎crates/libmwemu/src/constants.rs‎
Lines changed: 16 additions & 24 deletions
@@ -83,7 +83,7 @@ Rust apps https://crates.io/crates/libmwemu
 ## Usage
 
 ```
-MWEMU emulator for malware.
+MWEMU emulator for malware 0.7.11
 @sha0coder
 
 USAGE:
@@ -102,11 +102,13 @@ FLAGS:
     -r, --regs           print the register values in every step.
     -p, --stack_trace    trace stack on push/pop
     -t, --test           test mode
-    -V, --version        Prints version information
+        --version        Prints version information
     -v, --verbose        -vv for view the assembly, -v only messages, without verbose only see the api calls and goes
                          faster
 
 OPTIONS:
+    -A, --args <ARGS>                  provide arguments to the EXE like: --args '"aa" "bb"'
+        --cmd <COMMAND>                launch a console command
     -b, --base <ADDRESS>               set base address for code
     -c, --console <NUMBER>             select in which moment will spawn the console to inspect.
     -C, --console_addr <ADDRESS>       spawn console on first eip = address
@@ -141,6 +143,8 @@ OPTIONS:
     -s, --string <ADDRESS>             monitor string on a specific address
     -T, --trace <TRACE_FILENAME>       output trace to specified file
     -S, --trace_start <TRACE_START>    start trace at specified position
+    -V, --verbose_at <NUMBER>          start displaying assembly at specific position (is like -vv enabled in specific
+                                       moment)
 ```
 
 ## Command line examples
 
@@ -1,6 +1,6 @@
 [package]
 name = "libmwemu"
-version = "0.21.6"
+version = "0.22.1"
 edition = "2018"
 authors = ["sha0coder"]
 license = "MIT"
@@ -33,9 +33,12 @@ serde_arrays = "0.2.0"
 slab = { version = "0.4.10", features=["serde"] }
 bytemuck = "1.23.1"
 minidump = "0.26.0"
+serde_yaml = "0.9"
+fast_log = { version = "1.7" }
 
 [dev-dependencies]
 env_logger = "0.11.8"
+hex = "0.4.3"
 
 [features]
 default = []
 
@@ -18,13 +18,14 @@ use libmwemu::emu32;
 fn main() {
     let mut emu = emu32();
     emu.set_maps_folder("/tmp/maps32/");
-    emu.init(false, false);
+    emu.init_logger();
 ```
 
 Load your shellcode or PE binary and run the emulator.
 None parameter means emulate for-ever.
 
 ```rust
+// emu.init(false, false); needed if load_code is not called
 emu.load_code("shellcodes32/shikata.bin");
 emu.set_verbose(2);
 emu.run(None).unwrap(); 
 
@@ -1,5 +1,7 @@
+use std::collections::HashMap;
+
 use serde::{Deserialize, Serialize};
-use crate::constants;
+use crate::{constants, definitions::Definition};
 
 #[derive(Clone, Serialize, Deserialize)]
 pub struct Config {
@@ -40,6 +42,8 @@ pub struct Config {
     pub enable_threading: bool,  // Enable multi-threading support
     pub verbose_at: Option<u64>,
     pub command: Option<String>,
+    pub definitions: HashMap<u64, Definition>,
+    pub entropy: bool,
 }
 
 impl Default for Config {
@@ -87,7 +91,9 @@ impl Config {
             arguments: "".to_string(),
             enable_threading: false,  // Default to single-threaded for backward compatibility
             verbose_at: None,
-            command: None
+            command: None,
+            definitions: HashMap::new(),
+            entropy: false,
         }
     }
 }
@@ -183,7 +183,7 @@ impl Console {
         let precmd = format!("dr rax={}?; dr rbx={}?; dr rcx={}?; dr rdx={}?; dr rsi={}?;
                               dr rdi={}?; dr rbp={}?; dr rsp={}?; dr rip={}?; dr r8={}?
                               dr r9={}?; dr r10={}?; dr r11={}?; dr r12={}?; dr r13={}?; 
-                              dr r14={}?; dr r15={}?; decai -e model=qwen3-coder:30?",
+                              dr r14={}?; dr r15={}?; decai -e model=qwen3-coder:30b; r2ai -e r2ai.model=qwen3-coder:30b;",
                               emu.regs().rax, emu.regs().rbx, emu.regs().rcx, emu.regs().rdx,
                               emu.regs().rsi, emu.regs().rdi, emu.regs().rbp, emu.regs().rsp,
                               emu.regs().rip, emu.regs().r8, emu.regs().r9, emu.regs().r10,
 
@@ -18,8 +18,13 @@ pub const SYSTEM_DIRECTORY: &str = "C:\\Windows\\System32"; // randomize this
 pub const CFG_DEFAULT_BASE: u64 = 0x3c0000;
 
 pub const BLOCK_LEN: usize = 0x300;
+pub const ALLOC32_MIN: u64 = 0x60000000;
+pub const ALLOC32_MAX: u64 = 0x6FFFFFFF;
 pub const LIBS32_MIN: u64 = 0x70000000;
 pub const LIBS32_MAX: u64 = 0x7FFFFFFF;
+
+pub const ALLOC64_MIN: u64 = 0x7fe000000000;
+pub const ALLOC64_MAX: u64 = 0x7fefffffffff;
 pub const LIBS64_MIN: u64 = 0x7FF000000000;
 pub const LIBS64_MAX: u64 = 0x7FFFFFFFFFFF;
 
@@ -90,11 +95,15 @@ pub const INTERNET_OPTION_DATA_SEND_TIMEOUT: u32 = 7;
 // https://docs.microsoft.com/en-us/windows/win32/wininet/api-flags
 pub const INTERNET_FLAG_SECURE: u64 = 0x00800000;
 
-pub const ERROR_NO_MORE_FILES: u64 = 18;
-pub const CREATE_SUSPENDED: u64 = 0x00000004;
-pub const EXCEPTION_CONTINUE_EXECUTION: u32 = 0xFFFFFFFF;
+// exceptions
+pub const EXCEPTION_CONTINUE_EXECUTION32: u32 = 0xffffffff;
+pub const EXCEPTION_CONTINUE_EXECUTION64: u64 = 0xffffffff_ffffffff;
 pub const EXCEPTION_CONTINUE_SEARCH:    u32 = 0x00000000;
 pub const EXCEPTION_EXECUTE_HANDLER:    u32 = 0x00000001;
+
+
+pub const ERROR_NO_MORE_FILES: u64 = 18;
+pub const CREATE_SUSPENDED: u64 = 0x00000004;
 pub const STATUS_BREAKPOINT: u32 = 0x80000003;
 pub const STATUS_INTEGER_DIVIDE_BY_ZERO: u32 = 0xc0000094;
 pub const STATUS_INTEGER_OVERFLOW: u32 = 0xc0000095;
@@ -344,6 +353,10 @@ pub fn get_crypto_key_len(value: u32) -> usize {
 pub const PT_LOAD: u32 = 1;
 pub const ELF_PAGE_SIZE: u64 = 4096;
 pub const ELF_PAGE_MASK: u64 = ELF_PAGE_SIZE - 1;
+pub const ELF64_DYN_BASE: u64 = 0x555555554000;
+pub const ELF64_STA_BASE: u64 = 0x400000;
+pub const LIBC_BASE: u64 = 0x7ffff7da7000;
+pub const LD_BASE: u64 = 0x7ffff7fd2000;
 
 // linux errors
 pub const ENOTSOCK: u64 = -1i64 as u64; /* not open sock */
@@ -772,27 +785,6 @@ pub const ARCH_GET_FS: u64 = 0x1003;
 pub const ARCH_GET_GS: u64 = 0x1004;
 
 pub const LOCALE_USER_DEFAULT: u64 = 0x400;
-pub const LOCALE_SABBREVMONTHNAME1: u64 = 68;
-pub const LOCALE_SABBREVMONTHNAME2: u64 = 69;
-pub const LOCALE_SABBREVMONTHNAME3: u64 = 70;
-pub const LOCALE_SABBREVMONTHNAME4: u64 = 71;
-pub const LOCALE_SABBREVMONTHNAME5: u64 = 72;
-pub const LOCALE_SABBREVMONTHNAME6: u64 = 73;
-pub const LOCALE_SABBREVMONTHNAME7: u64 = 74;
-pub const LOCALE_SABBREVMONTHNAME8: u64 = 75;
-pub const LOCALE_SABBREVMONTHNAME9: u64 = 76;
-pub const LOCALE_SABBREVMONTHNAME10: u64 = 77;
-pub const LOCALE_SABBREVMONTHNAME11: u64 = 78;
-pub const LOCALE_SABBREVMONTHNAME12: u64 = 79;
-pub const LOCALE_SLANGUAGE: u64 = 0x00000002;
-pub const LOCALE_SCOUNTRY: u64 = 0x00000006;
-pub const LOCALE_SLIST: u64 = 0x0000000C;
-pub const LOCALE_SDECIMAL: u64 = 0x0000000E;
-pub const LOCALE_STHOUSAND: u64 = 0x0000000F;
-pub const LOCALE_SCURRENCY: u64 = 0x00000014;
-pub const LOCALE_SDATE: u64 = 0x0000001D;
-pub const LOCALE_STIME: u64 = 0x0000001E;
-pub const LOCALE_RETURN_NUMBER: u64 = 0x20000000;
 
 pub const HEAP_GENERATE_EXCEPTIONS: u64 = 0x00000004;
 pub const HEAP_NO_SERIALIZE: u64 = 0x00000001;