alexhude / uemu Goto Github PK

View Code? Open in Web Editor NEW

1.1K 41.0 168.0 1.96 MB

Tiny cute emulator plugin for IDA based on unicorn.

Python 100.00%

uemu's Introduction

Overview

uEmu is a tiny cute emulator plugin for IDA based on unicorn engine.

Supports following architectures out of the box: x86, x64, ARM, ARM64, MIPS, MIPS64

What is it GOOD for?

Emulate bare metal code (bootloaders, embedded firmware etc)
Emulate standalone functions

What is it BAD for?

Emulate complex OS code (dynamic libraries, processes etc)
Emulate code with many syscalls

What can be improved?

Find a way to emulate vendor specific register access (like MSR S3_x, X0 for ARM64)
Add more registers to track

Installation

Configure IDAPython via idapyswitch
brew install unicorn to install Unicorn binaries
pip install unicorn to install Unicorn python bindings
Use File / Script file... or ALT+F7 in IDA to load uEmu.py

Optionally uEmu can be loaded automatically as IDA plugin. In this case put it into [IDA]/Plugins folder and change USE_AS_SCRIPT to False inside uEmu.py

Features

Popup Menu

Start command initializes emulator by mapping all segments and setting up Unicorn
Run command emulates instructions until breakpoint is reached or error occurs
Step emulates one or N instruction (hold ALT/OPTION to specify a number)
Stop interrupts emulation
Reset resets emulation engine and unmaps all memory regions
Jump To PC simply jumps to current PC
Set PC moves PC to cursor
It is possible to Update CPU Context manually or via JSON file (see below)
Show Controls displays window with Start/Run/Step/Stop buttons
Show CPU Context displays window with available registers
Show CPU Extended Context displays window with extended registers (FP/SIMD)
Show Stack displays window with current Stack
Show Memory Range allows to display specific memory region

Start

Start emulation from cursor. It is necessary to provide initial CPU context first (see Update CPU Context) After that all segments from IDA database will be mapped to emulator (initialized data will be copied as well).

Run

Execute code until code or memory breakpoint is reached or there is an event which requires user action.

Step

Perform a single step execution. Hold ALT/OPTION to specify number of steps to perform.

Stop

When emulation is in progress this command can be used to interrupt execution.

Reset

Resets emulator instance and unmaps all memory regions.

Breakpoints

You can use IDA breakpoints to indicate locations where emulation should be interrupted. This includes code and memory breakpoints. Usually used together with Run command.

Runtime actions

Unmapped memory

When emulator needs to access memory which is not yet mapped, plugin will show a following dialog.

Press YES to provide memory dump to be loaded to memory.

Press NO to map one empty page (0x1000) filled with zeroes
Press Cancel to stop emulation

Unknown instructions

When emulator runs into unknown instruction it is possible to skip it and restore CPU context manually.

Views

Controls

Just a panel to control execution.

CPU Context

Current CPU context.

Every time emulation stops, changed registers will be highlighted. Registers can be displayed in 1, 2 or 3 columns via popup menu.

It is possible to update CPU context via popup menu (see below).

CPU Extended Context

Current CPU Extended context.

Every time emulation stops, changed registers will be highlighted. Registers can be displayed in 1, 2 or 3 columns via popup menu.

It is possible to update CPU context via popup menu (see below).

Memory

Use this view to observe memory regions for specified address and size. Comment will be displayed in a title for convenience.

Every time emulation stops, changed memory blocks will be highlighted.

Update CPU Context

Register Values can be changed individually or all at once with JSON file via popup menu. Current context can also be saved in JSON file for future use.

Main Plugin Menu

Apart from all the functions listed in Popup Menu, there are couple of new commands.

Show Mapped Memory

Display all mapped regions. Use popup menu to display memory for particular region or dump it to a file.

Fetch Segments

This command tries to sync IDA segments with mapped memory by creating new mappings or merging with existing ones if possible. This helps to add new IDA segments to emulator in runtime without restarting emulator.

Load Project

Load uEmu state from file.

Save Project

Save uEmu state to file. Please note that only registers defined in a plugin are saved.

Settings

Follow PC scrolls IDA View to current PC during emulation
Convert to Code automatically is IDA data under cursor is not code
Trace instructions prints every instruction emulator is executing
Lazy mapping adds pages on demand instead of maping all existing regions on start

Extensions

It is also possible to add new functionality or build your project on top of uEmu using extension system.
Please find description with example here

crauEmu - extension for developing and analyzing payloads for code-reuse attacks.

uemu's People

Contributors

Stargazers

Watchers

Forkers

idkwim chubbymaggie redragonvn rtzbyte crystalboy sanguinawer wanchouchou ggonzalez techlord-rce fjh658 xmoezzz de8gman1990 amoulu nxgr crackercat brendantay sigtran fatgrass zhkl0228 heruix wcq062821 gabe-k ykankaya seth1002 louwangzhiyuy fcccode h4ckl4bm3 hgabignon canghaiwuhen nimdakey unforeseenocean bkerler minhtranca hansonzhang peta909 zbx91 woozoo86 harmmachine chago p0prxx bronxc waterman178 tchernicum elmelik marsoft gregcopenhaver vallejocc freemanzyq colorlight lallouslab kokole m4rm0k dcbz hnyaoqingping cpkt9762 thomasking2014 sigma-random melonjack kernullist a1exdandy tata19884 reversetools lagogo loudy2000 h4lo 5l1v3r1 asuralove lin1man loy2000 ilyamogilin dazhix antizy0 okandok ghluzhiyuan wzj1695224 enginelabs eugenosm clayne zha0 rajivraj hercul3s dnasdw wow4ysl a627414850 luorui110120 virminions yufengzjj wbaby ahora57 thegreenplanet cherishlee fangyushuma darkersquirrel maskelihileci deelmind anywhereyang crewcutbro alessiomarotta droogie xzhao23

uemu's Issues

uEmu spawns a new thread on every instruction

The code for step starts a new thread to do the step, probably to keep the simulation asynchronous, which is fair enough and useful. But the step function is only capable of executing one instruction at a time. The run functionality also uses step, just with a special constant kStepCount_Run which means "keep going". The issue is that step_thread_main will call step recursively, which will spawn a brand new thread.. on every instruction. Unicorn is slower than hardware, but not that slow, so this control flow makes emulation orders of magnitude slower than it needs to be. Proposed fix: call emu_start with an indefinite count in the step_thread_main thread and use Unicorn hooks (UC_HOOK_CODE) to do the tracing, breakpoint handling and IDAAPI_MakeCode.

Nice plugin but not useful

Some features are needed

Automatic eip tracking
Instruction tracing and Function tracing
Trace windows
Trace color
5.General registers list

https://github.com/alexhude/uEmu/blob/master/uEmu.py#L1234-L1237

find_inited = IDAAPI_IsLoaded(start)

problem with using uEmu in ida 7.6

How can I fix this?

I have the path
C:\Users\lolxd\Downloads\Ida 7.6\python\3\PyQt5\python_3.9
Specified in the PATH system variable.

Feature request: Map memory ranges.

Allow a reverse engineer to map and emulate metal code separately from IDA memory ranges.

load warning: no modular ida_hexrays

Hi,
when I load the plugin in IDA Pro, it alerts that there is no modular named ida_hexrays, ida_kernwin and ida_allins. uEmu.py locates in ida's /plugins directory.
Would you please give me a clue how to fix this problem? thanks.

Bug: self.mu.context_restore insteaad of self.set_context

I got some random error while executing code:

[uEmu]: Memory breakpoint [*****] reached from ******* : LDRB W5, [X4]
Exception in thread Thread-2646:
Traceback (most recent call last):
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner
    self.run()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 763, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/Users/admin/dev/tools/uEmu/uEmu.py", line 1032, in step_thread_main
    self.mu.context_restore(self.fix_context)
  File "/Library/Python/2.7/site-packages/unicorn/unicorn.py", line 563, in context_restore
    status = _uc.uc_context_restore(self._uch, context.po

Let's see what's happened on line 1032:
https://github.com/alexhude/uEmu/blob/master/uEmu.py#L1032

# vvv Workaround to fix issue when register are still updated even if emu_stop is called
if self.fix_context is not None:
    self.mu.context_restore(self.fix_context)
self.fix_context = None
# ^^^

And single place where fix_context is not equal to None:

# vvv Workaround to fix issue when register are still updated even if emu_stop is called
self.fix_context = self.get_context()
# ^^^

The problem here is that self.fix_context is 'dict' with 'cpu' and 'mem' fields, so I guess instead of mu.context_restore you want self.set_context. Because context_restore use another type:

def context_restore(self, context):
        status = _uc.uc_context_restore(self._uch, context.pointer)
        if status != uc.UC_ERR_OK:
            raise UcError(status)

What do you think?

IDA versions < 6.9

IDA changed from PySide to PyQt in 6.9. Perhaps it's worth adding a min version to the readme (or support for PySide 😄).

How can I run the script with python statement?

I wanna automated execute the script, is there any APIs?

https://github.com/alexhude/uEmu/blob/master/uEmu.py#L126

return res == 1

AttributeError: 'NoneType' object has no attribute 'init_context'

I have to emulate armle, thumb mode in ida 7.3

now i used this plugin, i have a error

Traceback (most recent call last):
File "C:/Users/JaeHong/Downloads/uEmu-master (1)/uEmu-master/uEmu.py", line 111, in activate
self.action_handler.handle_menu_action(self.action_type)
File "C:/Users/JaeHong/Downloads/uEmu-master (1)/uEmu-master/uEmu.py", line 1739, in handle_menu_action
[x.handler() for x in self.MENU_ITEMS if x.action == action]
File "C:/Users/JaeHong/Downloads/uEmu-master (1)/uEmu-master/uEmu.py", line 1855, in emu_start
self.unicornEngine.run_from(IDAAPI_ScreenEA())
File "C:/Users/JaeHong/Downloads/uEmu-master (1)/uEmu-master/uEmu.py", line 1429, in run_from
if self.init_cpu_context(address) == False:
File "C:/Users/JaeHong/Downloads/uEmu-master (1)/uEmu-master/uEmu.py", line 1385, in init_cpu_context
if self.owner.ext_hooks.init_context is not None:
AttributeError: 'NoneType' object has no attribute 'init_context'

Feature suggestion: appcalls

How about extending this emulation capability to IDAPython console? Like:

print hex(Appcall['some_hash']('hey!!'))
>> 0x12345678

It would be pretty cool

ARM emulator does not support thumb mode

Hi,

Thanks for your great plugin, it's very useful. However, it does not properly emulate ARM in thumb mode. In order to fix this, the following line should be added to the start of step_thread_main()

if get_arch()[0:3] == "arm" and GetReg(self.pc, "T"):
    self.pc |= 1

Possibly, it would be a good idea to store get_arch() in a class variable, as it is now frequently computed while it is a constant value. This negatively impacts emulation speed.

Kind regards,

Wouter

Unhandled CPU Exception in any instruction

I used this tool to emulate the source of a MIPS bootloader a few months ago, I didn't have any issue, it was working fine. Now I had to setup the environment again in IDA 7.7 and I'm getting problems when trying to emulate any instruction:

The output log won't show anything else. Just that weird message that won't let me emulate anything. I have tried to re-setup the entire project again, restarting IDA with the same result

Windows compatibility

Is there a way to use the uEmu plugin in Windows version of IDA?

New feature - Skip instruction

I added additional useful feature - skip instruction. I also found out that IDAAPI_NextHead() uses 2 parameters (IDA Pro 7.6).
If you will add this feature in main branch it would be great!
Thanks

https://github.com/alexhude/uEmu/blob/master/uEmu.py#L490-L494

return QtWidgets.QApplication.keyboardModifiers() & QtCore.Qt.AltModifier

show_cpu_context error

Hi, Nice plugin worked well with previous IDA but with latest IDA 7.4 when I try to show the CPU context (ARM32) I get an error:

WARNING: The method "ida_kernwin.UI_Hooks::finish_populating_tform_popup" won't be called (it has been replaced with "ida_kernwin.UI_Hooks::finish_populating_widget_popup")
[uEmu]: Init plugin uEmu

  File "C:/Program Files/IDA74/plugins/uEmu.py", line 1949, in show_cpu_context
    self.cpuContextView.SetContent(self.unicornEngine.pc, self.unicornEngine.mu)
  File "C:/Program Files/IDA74/plugins/uEmu.py", line 628, in SetContent
    for i in range(lines):
TypeError: 'float' object cannot be interpreted as an integer

IDA PRO 7.6 Pull request

I couldn't create pull request on the other side so I request code fix here.

This fixes the convert to code automatically error for 7.6.

https://hex-rays.com/products/ida/support/ida74_idapython_no_bc695_porting_guide.shtml

Typographical Error

https://github.com/alexhude/uEmu/blob/master/uEmu.py#L1444 ~~provious~~ previous

reset error

win10
ida7.6
python3.9.6

Ida crashes when click rest in uEmu.
After restarting IDA, I found that the IDA data file was occupied.
Try again many times and the same will happen again.

Not an issue. Setup question

Awesome plugin! Wish i knew how to use it. I placed the plugin in my ida pro plugin directory, but i dont see it appear either in the right click menu, or in the plugins menu. Using latest IDA7 for mac. Trying to run the script directly does throw a NameError is_code is not defined, but this could be due to me not setting it up properly.

Any suggestions on how to set it up besides what i am already trying?

Thanks!

Mips support planned ?

Hello,

do you plan to support mips ?
Thanks for you plugin.

IDA 7.2 bug due to calling function from non-main thread

Issue
When running uEmu as a plugin in IDA 7.2 and stepping over code I occasionally get the error:

Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 315, in 'calling callback function'
  File "C:\python27-x64\lib\site-packages\unicorn\unicorn.py", line 448, in _hook_mem_access_cb
    cb(self, access, address, size, value, data)
  File "C:/Program Files/IDA 7.2/plugins/uEmu.py", line 1169, in hook_mem_access
    if self.is_breakpoint_reached(address):
  File "C:/Program Files/IDA 7.2/plugins/uEmu.py", line 1422, in is_breakpoint_reached
    for idx in range(IDAAPI_GetBptQty()):
  File "C:\Program Files\IDA 7.2\python\idc.py", line 5796, in get_bpt_qty
    return ida_dbg.get_bpt_qty()
  File "C:\Program Files\IDA 7.2\python\ida_dbg.py", line 1907, in get_bpt_qty
    return _ida_dbg.get_bpt_qty(*args)
RuntimeError: Function can be called from the main thread only

Cause
I think it's because IDA 7.2 introduced checks for IDA API functions to make sure they can only be called from the main thread.

IDAPython: all functions not marked as THREAD_SAFE in the C++ SDK, will now check that they are being called from the main thread, avoiding possible corruption or crashes

No menu popup

No menu shows up for me, i've added qt path and no error either

QtWidgets is not defined

I was using the emulator successfully for a while, and now have managed to achieve a state where every time I try to step, I instead get an error:

  File "uEmu/uEmu.py", line 111, in activate
    self.action_handler.handle_menu_action(self.action_type)
  File "uEmu/uEmu.py", line 1742, in handle_menu_action
    [x.handler() for x in self.MENU_ITEMS if x.action == action]
  File "uEmu/uEmu.py", line 1742, in <listcomp>
    [x.handler() for x in self.MENU_ITEMS if x.action == action]
  File "uEmu/uEmu.py", line 1881, in emu_step
    if UEMU_HELPERS.is_alt_pressed():
  File "uEmu/uEmu.py", line 491, in is_alt_pressed
    if QtWidgets.QApplication.keyboardModifiers() & QtCore.Qt.AltModifier:
NameError: name 'QtWidgets' is not defined

The controls window also stopped rendering altogether:

If I recall, things started going downhill after attempting to access the Settings menu via Edit > Plugins > uEmu > Settings.

This is on Ida version 7.7.220218.

I have of course tried closing and re-opening idapro fully, without success.

Any ideas?

"show memory range" TypeError

IDA PRO 7.4.191112
Python 3.7.6 x64
Win10

When I try to display memory I've this error :

Traceback (most recent call last):
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 111, in activate
    self.action_handler.handle_menu_action(self.action_type)
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 1737, in handle_menu_action
    [x.handler() for x in self.MENU_ITEMS if x.action == action]
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 1737, in <listcomp>
    [x.handler() for x in self.MENU_ITEMS if x.action == action]
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 1993, in show_memory
    self.memoryViews[mem_addr].Create("uEmu Memory [ " + mem_cmnt.encode('utf8') + " ]")
TypeError: can only concatenate str (not "bytes") to str

Full context :

BinDiff 6 (@297836223, Feb 28 2020), (c)2004-2011 zynamics GmbH, (c)2011-2020 Google LLC.
BinExport 11 (@297836223, Feb 28 2020), (c)2004-2011 zynamics GmbH, (c)2011-2020 Google LLC.

  bytes   pages size description
--------- ----- ---- --------------------------------------------
   942080   115 8192 allocating memory for b-tree...
   548864    67 8192 allocating memory for virtual array...
   262144    32 8192 allocating memory for name pointers...
-----------------------------------------------------------------
  1753088            total memory allocated

Loading processor module C:\Program Files\IDA Pro 7.4\procs\pc.dll for metapc...OK
Loading type libraries...
Autoanalysis subsystem has been initialized.
WARNING: The method "ida_kernwin.UI_Hooks::finish_populating_tform_popup" won't be called (it has been replaced with "ida_kernwin.UI_Hooks::finish_populating_widget_popup")
[uEmu]: Init plugin uEmu
Database for file 'XXXXX.exe' has been loaded.
Hex-Rays Decompiler plugin has been loaded (v7.4.0.191112)
  License: XXXXXXXXXXXXXXXXX (1 user)
  The hotkeys are F5: decompile, Ctrl-F5: decompile all.
  Please check the Edit/Plugins menu for more informaton.
IDAPython Hex-Rays bindings initialized.
================================================================================
WARNING: The method "ida_kernwin.UI_Hooks::finish_populating_tform_popup" won't be called (it has been replaced with "ida_kernwin.UI_Hooks::finish_populating_widget_popup")
[uEmu]: Init plugin uEmu
40BD7A: restored microcode from idb
40D92D: using guessed type int __thiscall WinMain(_DWORD);
420BB0: using guessed type void *off_420BB0;
[uEmu]: UI ready. Run plugin
[uEmu]: Unicorn version [ 1.0.1 ]
[uEmu]: CPU arch set to [ x86 ]
------------------------------------------------------------------------------------------
Python 3.7.6 (tags/v3.7.6:43364a7ae0, Dec 19 2019, 00:42:30) [MSC v.1916 64 bit (AMD64)] 
IDAPython v7.4.0 final (serial 0) (c) The IDAPython Team <[email protected]>
------------------------------------------------------------------------------------------
[uEmu]: Mapping segments...
[uEmu]: * seg [401000:414000]
[uEmu]:   map [401000:413FFF] -> [401000:413FFF]
[uEmu]:   cpy [401000:413FFF]
[uEmu]: * seg [414000:414408]
[uEmu]:   map [414000:414FFF] -> [414000:414FFF]
[uEmu]:   skp [414000:41400F]
[uEmu]:   cpy [414010:414013]
[uEmu]:   skp [414010:414017]
[uEmu]:   cpy [414018:41401B]
[uEmu]:   skp [414018:41409B]
[uEmu]:   cpy [41409C:41409F]
[uEmu]:   skp [41409C:414207]
[uEmu]:   cpy [414208:41420B]
[uEmu]:   skp [414208:4143CF]
[uEmu]:   cpy [4143D0:4143D3]
[uEmu]:   skp [4143D0:4143F3]
[uEmu]:   cpy [4143F4:4143F7]
[uEmu]:   skp [4143F4:414403]
[uEmu]:   cpy [414404:414407]
[uEmu]: * seg [414408:419000]
[uEmu]:   map [415000:418FFF] -> [415000:418FFF]
[uEmu]:   cpy [414408:418FFF]
[uEmu]: * seg [419000:426000]
[uEmu]:   map [419000:425FFF] -> [419000:425FFF]
[uEmu]:   cpy [419000:42364F]
[uEmu]: Emulation started
[uEmu]: ! <M> Missing memory at 0xfffffffc, data size = 4, data value = 0xf
[uEmu]: ! <C> execute_sync(<function uEmuUnicornEngine.hook_mem_invalid.<locals>.result_handler at 0x000001F0973BF8B8>) failed
[uEmu]: ! <M> Missing memory at 0xfffffffc, data size = 4, data value = 0xf
[uEmu]:   map [FFFFFFFC:FFFFFFFF] -> [FFFFF000:FFFFFFFF]
[uEmu]:   unmap [401000:413FFF]
[uEmu]:   unmap [414000:414FFF]
[uEmu]:   unmap [415000:418FFF]
[uEmu]:   unmap [419000:425FFF]
[uEmu]:   unmap [FFFFF000:FFFFFFFF]
[uEmu]: Emulation reset
[uEmu]: Mapping segments...
[uEmu]: * seg [401000:414000]
[uEmu]:   map [401000:413FFF] -> [401000:413FFF]
[uEmu]:   cpy [401000:413FFF]
[uEmu]: * seg [414000:414408]
[uEmu]:   map [414000:414FFF] -> [414000:414FFF]
[uEmu]:   skp [414000:41400F]
[uEmu]:   cpy [414010:414013]
[uEmu]:   skp [414010:414017]
[uEmu]:   cpy [414018:41401B]
[uEmu]:   skp [414018:41409B]
[uEmu]:   cpy [41409C:41409F]
[uEmu]:   skp [41409C:414207]
[uEmu]:   cpy [414208:41420B]
[uEmu]:   skp [414208:4143CF]
[uEmu]:   cpy [4143D0:4143D3]
[uEmu]:   skp [4143D0:4143F3]
[uEmu]:   cpy [4143F4:4143F7]
[uEmu]:   skp [4143F4:414403]
[uEmu]:   cpy [414404:414407]
[uEmu]: * seg [414408:419000]
[uEmu]:   map [415000:418FFF] -> [415000:418FFF]
[uEmu]:   cpy [414408:418FFF]
[uEmu]: * seg [419000:426000]
[uEmu]:   map [419000:425FFF] -> [419000:425FFF]
[uEmu]:   cpy [419000:42364F]
[uEmu]: Emulation started
[uEmu]: Emulator is already active
[uEmu]: ! <M> Missing memory at 0xfffffffc, data size = 4, data value = 0xf
Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 232, in 'calling callback function'
  File "C:\Program Files\IDA Pro 7.4\python\3\ida_kernwin.py", line 6849, in helper_cb
    r = self.handler(fid)
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 1000, in OnFormChange
    self.SetControlValue(self.total_label, "Total: %d (0x%X)" % (size, size))
  File "C:\Program Files\IDA Pro 7.4\python\3\ida_kernwin.py", line 7532, in SetControlValue
    tid, _ = self.ControlToFieldTypeIdAndSize(ctrl)
  File "C:\Program Files\IDA Pro 7.4\python\3\ida_kernwin.py", line 7559, in ControlToFieldTypeIdAndSize
    return (3, min(_ida_kernwin.MAXSTR, ctrl.size))
AttributeError: module '_ida_kernwin' has no attribute 'MAXSTR'
Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 232, in 'calling callback function'
  File "C:\Program Files\IDA Pro 7.4\python\3\ida_kernwin.py", line 6849, in helper_cb
    r = self.handler(fid)
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 1000, in OnFormChange
    self.SetControlValue(self.total_label, "Total: %d (0x%X)" % (size, size))
  File "C:\Program Files\IDA Pro 7.4\python\3\ida_kernwin.py", line 7532, in SetControlValue
    tid, _ = self.ControlToFieldTypeIdAndSize(ctrl)
  File "C:\Program Files\IDA Pro 7.4\python\3\ida_kernwin.py", line 7559, in ControlToFieldTypeIdAndSize
    return (3, min(_ida_kernwin.MAXSTR, ctrl.size))
AttributeError: module '_ida_kernwin' has no attribute 'MAXSTR'
Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 232, in 'calling callback function'
  File "C:\Program Files\IDA Pro 7.4\python\3\ida_kernwin.py", line 6849, in helper_cb
    r = self.handler(fid)
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 1000, in OnFormChange
    self.SetControlValue(self.total_label, "Total: %d (0x%X)" % (size, size))
  File "C:\Program Files\IDA Pro 7.4\python\3\ida_kernwin.py", line 7532, in SetControlValue
    tid, _ = self.ControlToFieldTypeIdAndSize(ctrl)
  File "C:\Program Files\IDA Pro 7.4\python\3\ida_kernwin.py", line 7559, in ControlToFieldTypeIdAndSize
    return (3, min(_ida_kernwin.MAXSTR, ctrl.size))
AttributeError: module '_ida_kernwin' has no attribute 'MAXSTR'
[uEmu]:   map [FFFFFFFC:FFFFFFFF] -> [FFFFF000:FFFFFFFF]
[uEmu]: Breakpoint reached at 0x4012F6 : push ebp; bRevert
Traceback (most recent call last):
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 111, in activate
    self.action_handler.handle_menu_action(self.action_type)
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 1737, in handle_menu_action
    [x.handler() for x in self.MENU_ITEMS if x.action == action]
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 1737, in <listcomp>
    [x.handler() for x in self.MENU_ITEMS if x.action == action]
  File "C:/Program Files/IDA Pro 7.4/plugins/uEmu.py", line 1993, in show_memory
    self.memoryViews[mem_addr].Create("uEmu Memory [ " + mem_cmnt.encode('utf8') + " ]")
TypeError: can only concatenate str (not "bytes") to str

OSError: [WinError -1073741795] Windows Error 0xc000001d

Use this tool with IDA7.7_pro + python3.11.3 under win10_64bit ,Simulate any function ,Encounter the following Err:

E:/IDA_Pro_7.7/plugins/uEmu.py:494: SyntaxWarning: "is not" with a literal. Did you mean "!="?
return t is not BADSEL and t is not 0
WARNING: The method "ida_kernwin.UI_Hooks::finish_populating_tform_popup" won't be called (it has been replaced with "ida_kernwin.UI_Hooks::finish_populating_widget_popup")
[uEmu]: Init plugin uEmu
IDA is analysing the input file...
You may start to explore the input file right now.
[uEmu]: UI ready. Run plugin
[uEmu]: Unicorn version [ 2.0.1 ]
[uEmu]: CPU arch set to [ armle ]
[Patching] Loaded v0.1.2 - (c) Markus Gaasedelen - 2022

Python 3.11.3 (tags/v3.11.3:f3909b8, Apr 4 2023, 23:49:59) [MSC v.1934 64 bit (AMD64)]
IDAPython v7.4.0 final (serial 0) (c) The IDAPython Team [email protected]

Propagating type information...
Function argument information has been propagated
The initial autoanalysis has been finished.
File "E:/IDA_Pro_7.7/plugins/uEmu.py", line 110, in activate
if ctx.form_type == BWN_DISASM:
Please use "widget_type" instead of "form_type" ("form_type" is kept for backward-compatibility, and will be removed soon.)
[uEmu]: VFP enabled
[uEmu]: Mapping segments...
[uEmu]: * seg [0:174]
[uEmu]: map [0:FFF] -> [0:FFF]
[uEmu]: cpy [0:173]
[uEmu]: * seg [174:4EEE4C]
[uEmu]: map [1000:4EEFFF] -> [1000:4EEFFF]
[uEmu]: cpy [174:4EEE4B]
[uEmu]: * seg [4EEE4C:51557C]
[uEmu]: map [4EF000:515FFF] -> [4EF000:515FFF]
[uEmu]: cpy [4EEE4C:51557B]
[uEmu]: * seg [51557C:531A3C]
[uEmu]: map [516000:531FFF] -> [516000:531FFF]
[uEmu]: cpy [51557C:531A3B]
[uEmu]: * seg [531A3C:5BC000]
[uEmu]: map [532000:5BBFFF] -> [532000:5BBFFF]
[uEmu]: cpy [531A3C:5BBFFF]
[uEmu]: * seg [5BC000:63A000]
[uEmu]: map [5BC000:639FFF] -> [5BC000:639FFF]
[uEmu]: * seg [63A000:63A008]
[uEmu]: map [63A000:63AFFF] -> [63A000:63AFFF]
[uEmu]: cpy [63A000:63A007]
[uEmu]: * seg [63A008:63A01C]
[uEmu]: cpy [63A008:63A01B]
[uEmu]: * seg [63A01C:63A02C]
[uEmu]: cpy [63A01C:63A02B]
[uEmu]: * seg [63A02C:6487F8]
[uEmu]: map [63B000:648FFF] -> [63B000:648FFF]
[uEmu]: cpy [63A02C:6487F7]
[uEmu]: * seg [649D9C:64B77C]
[uEmu]: map [649D9C:64BFFF] -> [649000:64BFFF]
[uEmu]: cpy [649D9C:64B77B]
[uEmu]: * seg [64B77C:7A2578]
[uEmu]: map [64C000:7A2FFF] -> [64C000:7A2FFF]
[uEmu]: cpy [64B77C:7A2577]
[uEmu]: * seg [7A2578:80FF54]
[uEmu]: map [7A3000:80FFFF] -> [7A3000:80FFFF]
[uEmu]: cpy [7A2578:80FF53]
[uEmu]: * seg [80FF54:810098]
[uEmu]: map [810000:810FFF] -> [810000:810FFF]
[uEmu]: cpy [80FF54:810097]
[uEmu]: Emulation started
Exception in thread Thread-1 (step_thread_main):
Traceback (most recent call last):
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\threading.py", line 1038, in _bootstrap_inner
self.run()
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\threading.py", line 975, in run
self._target(*self._args, **self._kwargs)
File "E:/IDA_Pro_7.7/plugins/uEmu.py", line 1508, in step_thread_main
self.mu.emu_start(self.pc | 1 if UEMU_HELPERS.is_thumb_ea(self.pc) else self.pc, -1, count=1)
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Lib\site-packages\unicorn\unicorn.py", line 545, in emu_start
status = _uc.uc_emu_start(self._uch, begin, until, timeout, count)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OSError: [WinError -1073741795] Windows Error 0xc000001d

Have tested on win7_64bit, different version of python,Same issue.