Hello Mr.Edwin, >OK, so in that sense it is like libemu (they have the exports table >included in their code).
it uses only the dlls that you need to emulate its apis but the others (like user32.dll and so on) you don't need them so you can not write a dll for them I don't know many about libemu but it seems good with one exception that it doesn't have a PELoader >Why do you need to generate assembly code to compare Thread.ecx with >something? Is it that much faster? >You could simply put a function pointer in your structure, a pointer to >the value you want to compare, and the constant to compare to. >Then compare using C code, not assembly. >.func = compare_values >.lhs = (char*)&Thread.ecx - (char*)&Thread >.rhs = 0x5678 >Then call ->func(bp->lhs, bp->rhs), and compare_values would >do *(uint32_t*)((char*)Thread + bp->lhs) == bp->rhs. why?? because I don't need to decrease the performance . if you have a breakpoint like : "eip >=0x00401000 && eip <=0x00405000 && __isdirty(Eip) && (__read(Eip) & 0xFF) != 0xC3" if I create a parser parses these condition every time you emulate an instruction that's will decrease the performance surely. also if you try to do something like that : process->emulatecommand(); if (thread->Eip <= xxxx && Thread-> Eip >= xxx .... ){ break; } you will lose many of the features of the emulator and could not emulate the SEH perfectly and will surely decrease the performance you can do that and ignore the debugger breakpoints but it's more faster and more easy to use and also the debugger has up to 10 functions for easy to add your own breakpoint like __isdirty(Eip) execution on Modified Data __islastaccessed() get the last accessed place on memory __isapiequal("GetProcAddress") __isapi() __islastmodified() and many more you will lose them if you try to ignore the debugger breakpoints >The code doesn't crash when run under valgrind (because it prints the >error, and continues). Once you fix the valgrind warnings I'm sure >it'll work better without it too. really we could fix most of the problems together :) >Another hint: valid indexes for Thread::dword Exx[7] are from 0 to 6, >you have for loops that go from 0 to 7 (inclusive). >You should review your code and make sure you declare and use >appropriate bounds. Will be fixed surely :) >I agree about the testing part, but bugfixing should be done by the >emulator's author. surely but I only demand from you is to read the Manual of The emulator in x86emu-docs.zip it's not so big maybe 5 pages to 10 maximum I think it will make you easy to detect the bug and maybe for small bugs you fix it by yourself :) libemu will take more time for you to add a PE Loader and add the functions you need for breakpoints and so on .. also Pokas x86 Emulator will take a time for bug fixing but surely less time I think Best Regards, Amr Thabet _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net