Libemu

From aldeid
Jump to navigation Jump to search

Description

libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. It is designed to be used within network intrusion/prevention detections and honeypots.

Installation

$ git clone git://git.carnivore.it/libemu.git
$ cd libemu/
$ autoreconf -v -i
$ ./configure --prefix=/opt/libemu
$ sudo make install

Examples

cpurun
cpurun is a small utility allowing to write code to the emulations memory and executing the code written, basics.
emunids
emunids is a small intrusion detection system using libnids for tcp stream reassembly and libemu to detect shellcodes in streams. Due too libnids bad performance it does not scale on links (much) faster than 2MBit/s, but it is still a good example howto use libemu.
sctest
sctest is part of the libemu testsuite and very usefull when testing new features. Even though the code is historically tainted it may be a usefull source for those who want to setup shellcode emulation allowing win32 api calls and offering hooks on these calls. sctest is not the best example, the code is nerved by the logic for graphing the callflow, but for now it has to work.

Comments