Changeset 1370

Show
Ignore:
Timestamp:
09/04/07 20:07:10 (1 year ago)
Author:
common
Message:

libemu

  • manpage improved
Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • libemu/trunk/doc/libemu.3

    r1369 r1370  
    2020void emu_errno_set (struct emu *e, int err) 
    2121int emu_errno (struct emu *c) 
    22 void emu_strerror_set (struct emu *e, const char *format,...) 
     22void emu_strerror_set (struct emu *e,  
     23.ti +8 
     24const char *format,...) 
    2325const char * emu_strerror (struct emu *e) 
    2426.ft 
     
    2628.ft B 
    2729void emu_memory_clear (struct emu_memory *em) 
    28 int32_t emu_memory_read_byte (struct emu_memory *m, uint32_t addr, uint8_t *byte) 
    29 int32_t emu_memory_read_word (struct emu_memory *m, uint32_t addr, uint16_t *word) 
    30 int32_t emu_memory_read_dword (struct emu_memory *m, uint32_t addr, uint32_t *dword) 
    31 int32_t emu_memory_read_block (struct emu_memory *m, uint32_t addr, void *dest, size_t len) 
    32 int32_t emu_memory_read_string (struct emu_memory *m, uint32_t addr, struct emu_string *s, uint32_t maxsize) 
    33 int32_t emu_memory_write_byte (struct emu_memory *m, uint32_t addr, uint8_t byte) 
    34 int32_t emu_memory_write_word (struct emu_memory *m, uint32_t addr, uint16_t word) 
    35 int32_t emu_memory_write_dword (struct emu_memory *m, uint32_t addr, uint32_t dword) 
    36 int32_t emu_memory_write_block (struct emu_memory *m, uint32_t addr, void *src, size_t len) 
    37 void emu_memory_segment_select (struct emu_memory *m, enum emu_segment s) 
     30int32_t emu_memory_read_byte (struct emu_memory *m,  
     31.ti +8 
     32uint32_t addr, uint8_t *byte) 
     33int32_t emu_memory_read_word (struct emu_memory *m,  
     34.ti +8 
     35uint32_t addr, uint16_t *word) 
     36int32_t emu_memory_read_dword (struct emu_memory *m,  
     37.ti +8 
     38uint32_t addr, uint32_t *dword) 
     39int32_t emu_memory_read_block (struct emu_memory *m,  
     40.ti +8 
     41uint32_t addr, void *dest, size_t len) 
     42int32_t emu_memory_read_string (struct emu_memory *m,  
     43.ti +8 
     44uint32_t addr, struct emu_string *s, uint32_t maxsize) 
     45int32_t emu_memory_write_byte (struct emu_memory *m,  
     46.ti +8 
     47uint32_t addr, uint8_t byte) 
     48int32_t emu_memory_write_word (struct emu_memory *m,  
     49.ti +8 
     50uint32_t addr, uint16_t word) 
     51int32_t emu_memory_write_dword (struct emu_memory *m,  
     52.ti +8 
     53uint32_t addr, uint32_t dword) 
     54int32_t emu_memory_write_block (struct emu_memory *m,  
     55.ti +8 
     56uint32_t addr, void *src, size_t len) 
     57void emu_memory_segment_select (struct emu_memory *m,  
     58.ti +8 
     59enum emu_segment s) 
    3860enum emu_segment emu_memory_segment_get (struct emu_memory *m) 
    39 int32_t emu_memory_alloc (struct emu_memory *m, uint32_t *addr, size_t len) 
     61int32_t emu_memory_alloc (struct emu_memory *m,  
     62.ti +8 
     63uint32_t *addr, size_t len) 
    4064uint32_t emu_memory_get_usage (struct emu_memory *m) 
    4165void emu_memory_mode_ro (struct emu_memory *m) 
     
    5983void emu_cpu_debug_print (struct emu_cpu *c) 
    6084.ft 
     85.LP 
     86.ft B 
     87int32_t emu_shellcode_test(struct emu *e, uint8_t *data, uint16_t size) 
     88.ft 
     89.LP 
     90.ft B 
     91struct emu_env_w32 *emu_env_w32_new(struct emu *e) 
     92void emu_env_w32_free(struct emu_env_w32 *env) 
     93struct emu_env_w32_dll_export *emu_env_w32_eip_check(struct emu_env_w32 *env) 
     94int32_t emu_env_w32_export_hook(struct emu_env_w32 *env, 
     95.ti +8 
     96const char *dllname, 
     97.ti +8 
     98const char *exportname,  
     99.ti +8  
     100int32_t (*fnhook) (struct emu_env_w32 *env, struct emu_env_w32_dll_export *ex) 
     101.ti +8 
     102); 
     103 
     104 
     105.ft 
    61106.fi 
    62107.SH DESCRIPTION 
     
    123168.B emu_cpu_reg16_set() 
    124169with ax, cx, dx, bx, sp, bp, si, di as valid values for  
    125 .I reg 
    126 . In case of 8bit register access use 
     170.IR reg. 
     171In case of 8bit register access use 
    127172.B emu_cpu_reg8_get() 
    128173and  
     
    144189to get a description of the error. 
    145190If parsing was successfull, step the first instruction using 
    146 .B emu_cpu_step() 
    147 
    148  
     191.BR emu_cpu_step() . 
     192.PP 
     193If you want to detect shellcodes in buffers, use  
     194.B emu_shellcode_test() 
     195, the emu will copy the buffer to it's pages and try to detect a shellcode. 
     196If a possible shellcode gets detected, the guessed starting offset is returned, else -1. 
     197.PP 
     198To be able to run shellcodes using windows api, one has to provide parts of the  
     199windows process environment to the emulation, as well as some kind of emulation for the used api calls. 
     200.B emu_env_w32_new() 
     201will created a minimalistic process environment in  
     202.I e 
     203and using  
     204.B emu_env_w32_eip_check()  
     205after step allows you intercepting calls to exported api. 
     206If the return value of  
     207.B emu_env_w32_eip_check()  
     208is not NULL, the dll exports information is returned, including the calls name and hook. 
     209If you want to hook calls to api exports, use  
     210.BR emu_env_w32_export_hook() . 
     211 
     212.SH AUTHOR  
     213Markus Koetter <nepenthesdev@gmail.com>