I had an idea to make our analysis much more robust using Unicorn Engine (https://www.unicorn-engine.org/), a lightweight CPU emulator platform.

Here's the idea:

Given that the Instruction Pointer is at a given location. We can take a "snapshot" of the CPU regs and memory (ideally doing some sort of copy on write concept to avoid too much copying). And feed it to Unicorn Engine.

Then we can emulate the CPU up until the next "unpredictable jump/call", or the next N instructions, whichever comes first.

The most obvious feature this would offer would be the ability to predict the parameters to calls further down the execution pipeline.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.