Hello Mr. Edwin No, you don't have to parse the condition each time. You parse it once and create a tree. When you need to evaluate, you evaluate the tree.
no problem I will support another debugger but until that time use process->emulatecommand() > also if you > try to do something like that : > > process->emulatecommand(); > > if (thread->Eip <= xxxx && Thread-> Eip >= xxx .... ){ > break; > } > you will lose many of the features of the emulator and could not Using assembly like this is not portable. It will only work on x86 (and with some work on x86-64). It won't work on Sparc. Currently it doesn't seem to work on x86 either. The reason is you allocate memory with malloc(), and then you execute it. That doesn't work due to NX protection. You will have to allocate using mmap and allow execution, but then SELinux won't allow your code to run (W^X protection). I didn't care about this at this time because it was designed first for Windows for PC-User but I'll write another debugger to work with substituting with the old debugger . nor problem What features does SEH need from the debugger to work? sorry for that . no problem the application will work perfectly I already wrote one, one month ago. after you read the manual .you will figure out what are the advantages and disadvantages of Pokas Emulator over libemu. you can at this time choose form libemu and Pokas x86 Emulator. because designing clamav with the two emulator will take a long time add to the Advantages of pokas emulator that it now support tls callbacks and now nearby all bugs in pe loader now fixed . many of EXE files are not easy to load like winpack.exe packed files and add to the disadvantages of pokas emulator that it will need some maintenance. at this project created in 2010 but libemu in 2007 so libemu most of its bugs now fixed compared to pokas emulator Best Regards, Amr Thabet _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net