PyEmu was released at BlackHat 2007^[56] by Cody Pierce, one of the talented members of the TippingPoint DVLabs team. PyEmu is a pure Python IA32 emulator that allows a developer to use Python to drive CPU emulation tasks. Using an emulator can be very beneficial for reverse engineering malware, when you don't necessarily want the real malware code to execute. And it can be useful for a whole host of other reverse engineering tasks as well. PyEmu has three methods to enable emulation: IDAPyEmu, PyDbgPyEmu, and PEPyEmu. The IDAPyEmu class allows you to run the emulation tasks from inside IDA Pro using IDAPython (see Chapter 11 for IDAPython coverage). The PyDbgPyEmu class allows you to use the emulator during ...