http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Wed, 21 Jul 2010 12:30:47 -0500 https://www.openrce.org/blog/view/1568/Pokas_x86_Emulator_for_Generic_Unpacking AmrThabet <email-suppressed@example.com> Pokas x86 Emulator is an Application-Only emulator created for generic unpacking and testing the antivirus detection algorithms.<br /> This Emulator has many features some of them are:<br /> 1. Has an assembler and a disassembler from and to mnemonics.<br /> 2. Support adding new APIs and adding the emulation function to them.<br /> 3. Support a very powerful debugger that has a parser that parses the condition you give and create a very fast native code that perform the check on this condition.<br /> 4. Support seh and support tib, teb, peb and peb_ldr_data.<br /> 5. It monitors all the memory writes and log up to 10 previous Eips and saves the last accessed and the last modified place in memory. <br /> 6. it support 6 APIs:GetModuleHandleA, LoadLibrayA, GetProcAddress, VirtualAlloc, VirtualFree and VirtualProtect.<br /> 7. With all of these it's FREE and open source.<br /> <br /> It successfully emulates: <br /> 1. UPX<br /> 2. FSG<br /> 3. MEW<br /> 4. Aspack<br /> 5. PECompact<br /> 6. Morphine<br /> <br /> But it does contain bugs and it still in the beta version. It surely will be fixed soon ith the help of your feedback.<br /> <br /> It still doesn't support multithreading and doesn't support Linux ELF executables.<br /> It's still working only on windows but the Linux version will be available soon.<br /> <br /> <code>https://sourceforge.net/projects/x86emu/ </code> <br />