Hello Mr. Edwin
No, you don't have to parse the condition each time. You parse it once
and create a tree. When you need to evaluate, you evaluate the tree.
no problem I will support another debugger but until that time use
process->emulatecommand()
> also if you
> try to do something like that :
>
> process->emulatecommand();
>
> if (thread->Eip <= xxxx && Thread-> Eip >= xxx .... ){
> break;
> }
> you will lose many of the features of the emulator and could not
Using assembly like this is not portable. It will only work on x86
(and with some work on x86-64). It won't work on Sparc.
Currently it doesn't seem to work on x86 either. The reason is you
allocate memory with malloc(), and then you execute it. That doesn't
work due to NX protection.
You will have to allocate using mmap and allow execution, but then
SELinux won't allow your code to run (W^X protection).
I didn't care about this at this time because it was designed first for
Windows for PC-User but I'll write another debugger to work with
substituting with the old debugger . nor problem
What features does SEH need from the debugger to work?
sorry for that . no problem the application will work perfectly
I already wrote one, one month ago.
after you read the manual .you will figure out what are the advantages and
disadvantages of Pokas Emulator over libemu. you can at this time choose
form libemu and Pokas x86 Emulator. because designing clamav with the two
emulator will take a long time
add to the Advantages of pokas emulator that it now support tls callbacks
and now nearby all bugs in pe loader now fixed . many of EXE files are not
easy to load like winpack.exe packed files
and add to the disadvantages of pokas emulator that it will need some
maintenance. at this project created in 2010 but libemu in 2007 so libemu
most of its bugs now fixed compared to pokas emulator
Best Regards,
Amr Thabet
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
