Welcome
This Blog is for Malware Researching, Reverse Engineering and System Programming
Posted by AmrThabet on 9:02 PM
Hi everyone. Today I want to announce a new release of Pokas x86 Emulator
This version support Reconstructing The Import Table and Support working on Linux
about Reconstructing The Import Table:
-------------------------------------
it traces GetProcAddress & LoadLibraryA and then searches for Addresses in the imagebase
and after that it creates a new Section with a new Import Table
at this link
http://www.sourceforge.com/projects/x86emu/
I want also to intreduce a new application named PokasDbg
this is a GUI interface for Pokas emulator created by wxWidgets
this is a screenshot:
To download:
http://www.sourceforge.com/projects/pokasdbg/
Posted by AmrThabet on 3:00 PM
Hi again
This time I write my first malware analysis paper with the dumped source full commented .I also add a Detection and Disinfection utility that capable of detecting the infected file with Virut.A containing the signature of the virus
The link to it is here :
Virut.A.rar
Posted by AmrThabet on 1:31 PM
Hi everyone
some people ask me why you write only about your works in the blog and I reply that this blog is named AmrThabet so it doesn't talk about anything except me :)
maybe I'll create another blog with another name to post everything related to viruses
OK
That's the first time I join CodeProject. I love this website very much and its articles and that's the first time I join it's community
I write a practical tutorial about my emulator (Pokas x86 Emulator) to help it spread widely name "Write your own Unpacker"
at this link:
http://www.codeproject.com/KB/DLL/ownunpacker.aspx
have fun
Posted by AmrThabet on 1:13 PM
in 27/5/2009 I decided to join Google Arabic Knol to support Arabic articles so I wrote "The Secrets of Viruses and Antiviruses"
They said that I should not talk technically and should everyonle could understand what I'm saying.
it's the first time I write an Article in the formal shape and the first article in Arabic so it makes many problem for me. it's at this link
http://knol.google.com/k/أسرار-فيروسات-الكومبيوتر-ومضاداتها#
it took rate 5/5 and the took the highest quality prize
If you can read Arabic I hope you enjoy it
Posted by AmrThabet on 4:55 PM
Posted by AmrThabet on 4:22 PM
Posted by AmrThabet on 7:24 PM
I want to introduce a new application named Pokas Emulator
Pokas x86 Emulator is an Application-Only emulator created for generic unpacking and testing the antivirus detection algorithms.
it emulates the PE Executable Files 32-bits versions and monitor all memory writes and include many features . some of them are:
1. Has an assembler and a disassembler from and to mnemonics.
2. Support adding new APIs and adding the emulation function to them.
3. Support a very powerful debugger that has a parser that parses the condition you give and create a very fast native code that perform the check on this condition.
4. Support seh and support tib, teb, peb and peb_ldr_data.
5. It monitors all the memory writes and log up to 10 previous Eips and saves the last accessed and the last modified place in memory.
6. it support 6 APIs:GetModuleHandleA, LoadLibrayA, GetProcAddress, VirtualAlloc, VirtualFree and VirtualProtect.
7. With all of these it's FREE and open source.
It successfully emulates:
1. UPX
2. FSG
3. MEW
4. Aspack
5. PECompact
6. Morphine
But it does contain bugs and it still in the beta version. It surely will be fixed soon ith the help of your feedback.
It still doesn't support multithreading and doesn't support Linux ELF executables.
It's still working only on windows but the Linux version will be available soon.
you can download it from https://sourceforge.net/projects/x86emu/
