English 中文(简体)
Making a simple assembly emulator
原标题:

I am working on project that is detecting unknown Viruses, so I am going to build my small emulator that emulates the assembly code of the executable so I can detect whether it is a virus or not by emulating it to virtual registers then observing what happens. so I need help in getting the code of every assembly instruction in c .

问题回答

If you want to create an x86 emulator, you can have a look at this complete opcodes listing: x86 Instruction Set Reference. But it doesn t seem to be a good way to detect viruses.

You re looking for Bochs, an LGPL ed emulator of the x86 ISA and common hardware.

There is nothing in the register values that indicates maliciousness. You better give up on that. What most sandboxes trying to detect malicious behavior do is intercepting the system/library calls.

call ftable+1 with context %eax=1 %ebx=4000 %ecx=3F could as well mean shoot nuclear missiles as it could mean print hello world. Now if you put your own function between the system and the executable you can know what is going on(identifying it as malicious isn t as easy as that).

That certainly needs no emulator, so you better reconsider that as writing an accurate emulator is very, very hard.





相关问题
Application execution slow, on some client machines?

HI Guys, We are providing clickonce solutions to generate reports using Aspose.Slides. and the application works fine in all machines except , for our clients in UK, the application execution is ...

Retrieving antivirus info

How can I pull the name of the installed anti virus from WSC and if the virus database is updated or needs updating?

Making a simple assembly emulator

I am working on project that is detecting unknown Viruses, so I am going to build my small emulator that emulates the assembly code of the executable so I can detect whether it is a virus or not by ...

Can anyone de-obfuscate this exploit?

I came across the following exploit due to a warning from my AV software. It originated from an adserver delivering banner ads on one of my sites. I have retrieved the content with Wget and copied to ...

List of suspected Malicious patterns

I am doing an anti-virus project by disassembling its code and analyzing it. So I want a list of the Suspected Malicious pattern codes, so I can observe which is suspected and which is not? So I want ...

热门标签