I'm currently using Unicorn in a little project to run old Windows games on
I've got it loading an executable and emulating the TEB/PEB etc, I am
having some issues finding a decent way to hook the imported DLL calls
I understand the __stdcall ABI and know how to marshal various data between
the emulated process space and the host process space but I can't seem to
work out what type of hook I should use to call the host code.
My attempts at hooking memory access at the import thunk address results in
me getting access before the call actually takes place.
I have a feeling I need some sort of trampoline function in the emulated
process to handle me getting clean access etc, is this correct or are there
known ways to handle something like this?
Chromalabs | Developer