Plugin to emulate JEB's decompiled C code:
-
It was originally built to analyze an heavily obfuscated crackme executable dubbed MarsAnalytica (see companion blog)
-
Emulator has some strong limitations and should serve primarily as an example of what is doable with JEB decompiled C code (see SimpleCEmulator.java for known limitations)
-
Emulator can be extended by adding specific logic in a class inheriting from SimpleCEmulator (see for example MarsAnalyticaCEmulator.java)
-
/data repository contains an extract of MArsAnalytica's stack machine trace, and python scripts to replay it with symbols rather than concrete input, and to solve it using Z3
- You need JEB version 4.0 or above
- Copy emulator Jar from the out/ folder to your JEB's coreplugins/ folder
- In JEB UI, File > Plugins > Execute an Engines Plugin > CEmulator
-
The plugin comes with a headless client, made to gather long emulator runs, with the ability to provide heap/stack memory dumps as starting point; see HeadlessClient.java for possible arguments
-
To run headless client: java -cp CEmulatorPlugin-1.0.0.jar;[JEB INSTALL FOLDER]\bin\app\jeb.jar;. com.pnf.plugin.cemulator.HeadlessClient [ARGUMENTS]