From aldeid
Jump to navigation Jump to search


libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. It is designed to be used within network intrusion/prevention detections and honeypots.


$ git clone git://
$ cd libemu/
$ autoreconf -v -i
$ ./configure --prefix=/opt/libemu
$ sudo make install


cpurun is a small utility allowing to write code to the emulations memory and executing the code written, basics.
emunids is a small intrusion detection system using libnids for tcp stream reassembly and libemu to detect shellcodes in streams. Due too libnids bad performance it does not scale on links (much) faster than 2MBit/s, but it is still a good example howto use libemu.
sctest is part of the libemu testsuite and very usefull when testing new features. Even though the code is historically tainted it may be a usefull source for those who want to setup shellcode emulation allowing win32 api calls and offering hooks on these calls. sctest is not the best example, the code is nerved by the logic for graphing the callflow, but for now it has to work.