unicorn

Unicorn is a CPU emulation framework, meaning it lets software pretend to be a processor and execute code written for a different type of chip. It is used primarily by security researchers and reverse engineers who need to run or inspect small pieces of machine code in a controlled environment without booting an actual device or operating system.

The framework supports a wide range of processor types, including ARM, ARM64, x86 (in 16, 32, and 64-bit modes), MIPS, PowerPC, RISC-V, SPARC, and several others. This makes it useful when analyzing firmware or binary files that target hardware you do not physically own. It is built on top of QEMU, an established open-source machine emulator, but focuses specifically on CPU-level emulation rather than full system emulation.

Unicorn is written in C and provides bindings for a long list of other languages, including Python, Go, Rust, Java, Ruby, and many more, so it can be called from whatever language a researcher or developer prefers. It runs on Windows, Linux, macOS, and several other operating systems. The project uses just-in-time compilation internally to keep execution fast.

One notable feature is fine-grained instrumentation: you can attach callbacks to specific memory addresses or instruction types, which lets you observe exactly what a piece of code does at each step. This is a common need when analyzing malware or studying how unknown binaries behave.

The project is distributed under the GPLv2 license and is actively looking for contributors. Additional documentation for compiling and using the library lives in the docs folder rather than the main README.