Can't emulate ntdll code with fxsave instruction

Use following command line
```
python ShellcodeEmulator\emulator.py "33312f916c5904670f6c3b624b43516e87ebb9e3.bin" -d MemoryDumps\notepad64.dmp > 33312f916c5904670f6c3b624b43516e87ebb9e3.log
pause
```

```
Traceback (most recent call last):
  File "ShellcodeEmulator\emulator.py", line 140, in Run
    self.Emulator.Start(self.CodeStart, self.CodeStart+self.CodeLen)
  File "ShellcodeEmulator\emulator.py", line 71, in Start
    self.uc.emu_start(start, end)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37-32\lib\site-packages\unicorn\unicorn.py", line 288, in emu_start
    raise UcError(status)
unicorn.unicorn.UcError: Unhandled CPU exception (UC_ERR_EXCEPTION)
ntdll!RtlCaptureContext+0x30:	 7FFFA2E625C0: 0f ae 81 00 01 00 00 	fxsave	[rcx + 0x100]
rax: 754D87A0F8 ebx: 754D87A668 ecx: 754D87A0F8 edx: 00000000
rsp: 754D87A008 rbp: 754D87BE38 rsi: 00000000 rdi: 754D87A0F8
rip: 7FFFA2E625C0
```

* Artifacts are shared [here](https://drive.google.com/drive/folders/1LSyTh15fwBT2FgpxKhxvvLbZzh8Ta4OX?usp=sharing)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Can't emulate ntdll code with fxsave instruction #1

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Can't emulate ntdll code with fxsave instruction #1

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions