Hello Mr.Edwin,
>OK, so in that sense it is like libemu (they have the exports table
>included in their code).
it uses only the dlls that you need to emulate its apis but the others (like
user32.dll and so on) you don't need them so you can not write a dll for
them
I don't know many about libemu but it seems good with one exception that it
doesn't have a PELoader
>Why do you need to generate assembly code to compare Thread.ecx with
>something? Is it that much faster?
>You could simply put a function pointer in your structure, a pointer to
>the value you want to compare, and the constant to compare to.
>Then compare using C code, not assembly.
>.func = compare_values
>.lhs = (char*)&Thread.ecx - (char*)&Thread
>.rhs = 0x5678
>Then call ->func(bp->lhs, bp->rhs), and compare_values would
>do *(uint32_t*)((char*)Thread + bp->lhs) == bp->rhs.
why??
because I don't need to decrease the performance . if you have a breakpoint
like :
"eip >=0x00401000 && eip <=0x00405000 && __isdirty(Eip) && (__read(Eip) &
0xFF) != 0xC3"
if I create a parser parses these condition every time you emulate an
instruction that's will decrease the performance surely. also if you try to
do something like that :
process->emulatecommand();
if (thread->Eip <= xxxx && Thread-> Eip >= xxx .... ){
break;
}
you will lose many of the features of the emulator and could not emulate the
SEH perfectly and will surely decrease the performance
you can do that and ignore the debugger breakpoints but it's more faster and
more easy to use and also the debugger has up to 10 functions for easy to
add your own breakpoint like
__isdirty(Eip) execution on Modified Data
__islastaccessed() get the last accessed place on memory
__isapiequal("GetProcAddress")
__isapi()
__islastmodified()
and many more
you will lose them if you try to ignore the debugger breakpoints
>The code doesn't crash when run under valgrind (because it prints the
>error, and continues). Once you fix the valgrind warnings I'm sure
>it'll work better without it too.
really we could fix most of the problems together :)
>Another hint: valid indexes for Thread::dword Exx[7] are from 0 to 6,
>you have for loops that go from 0 to 7 (inclusive).
>You should review your code and make sure you declare and use
>appropriate bounds.
Will be fixed surely :)
>I agree about the testing part, but bugfixing should be done by the
>emulator's author.
surely but I only demand from you is to read the Manual of The emulator in
x86emu-docs.zip it's not so big maybe 5 pages to 10 maximum I think
it will make you easy to detect the bug and maybe for small bugs you fix it
by yourself :)
libemu will take more time for you to add a PE Loader and add the functions
you need for breakpoints and so on .. also Pokas x86 Emulator will take a
time for bug fixing but surely less time I think
Best Regards,
Amr Thabet
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
