System Simulator?

[LCF-AT]

Hello,

so I have a question today.So is there someone who know whether there is a tool to get which can simulate a other system on a quick way without to install any VM Ware | VBox etc and without a other OS?So normaly I don't need any other OS but for some cases it would be better to have some kind of other OS to test unpacked files for exsample.So to install a VM Ware + other OS is to much expenditure for only files testing. So is there maybe something like this which I can use?

Maybe you know also the tool DotNetBox2.0.exe & DotNetBox3.5.exe.Great tools to simulate a installed NetFramework without to have installed NetFramework on system. So I serach also something like this just with other OS.Lets say win7 and XP SP2 & SP3 etc.So I dont know if there are already some tool out or not you know.If you know then just tell me.Also I dont know whether its possible to create something like this or not.Just a question.But it would be very helpfully if someone could write a tool like this.

Next question:

-------------------

So you know if you load any app in Olly then the app load & used already some system dll's like.....

kernel32.dll | 7C800000

user32.dll | 77D10000

ntdll.dll | 7C910000

......which have a owen ImageBase and they will load always with this ImageBase.So is there a way how I can load the dlls with a other ImageBase?I mean I want that the unpacked file load his dlls with other ImageBasen on a quick way.You know what I mean?Maybe someone could code a tool where I can drag my file into and the tool read the imports | dlls and the ImageBases and load then this target with other dll ImageBases.Or someone could code a Olly plugin which I can enable and if I load a unpacked file in Olly then the plugin makes the dll ImageBase changes or something like this you know.So this would be great to check some files for hidden or calc APIs for exsample. Crash check.

So does someone of you have a idea where to get some kind of tool or maybe someone has some fun to create such tool or Olly plugin.What do you say?

Thanks

[SteveS1]

@LCF-AT

I cant be much help but did write a real-time 6800 emulator on a 68K - lols.

It must be possible to write a simulator on a fast PC which emulates a basic PC. Isn't this the idea of virtual PC? But I take it's not a true emulator as it exposes the hardware as I see some anti-debug techniques can detect this.

So step 1 would be to simulate every crappy Intel x86 instruction (lols) - you could write this in some high level language

Step 2 read about basic hardware side -ie video card, USB etc.

Concept is simple, in practice it'll take some time (and probably already done ?)

I bet I havent helped but thought I'd say...

Steve

[Killboy]

Believe me, you want a VM. Anything else makes no sense.

You can't just draw a line between 'run an OS' and 'test software for an OS', because in order to test software, you will need the complete architecture working exactly like in the other OS, including huge changes like driver architecture, UAC, etc.

There is no way to 'extract' them from a new/old OS and put them into another one. Even if there was, it would only work for one host OS.

Besides, redistributing the OS files is illegal, so any such tool will have trouble with hosting and spreading

As for question 2, most system dlls load at fixed addresses for good reasons, you might need a driver to change their address.

For normal dlls, you should just allocate memory at that spot before the Windows loader loads the dlls into the process.

[LCF-AT]

@ SteveS1 & Killboy

So I am no coder and no idea whether its possible or not so I only had just this idea you know.

"Believe me, you want a VM" - Yes but I dont want to install a VM + other OS only to test some files you know.So the expenditure is higher than the use for me.Maybe some kind of tiny VM + OS would be good.Like the NetBox tool.Small window where you can run your NetFrameWork files without installing NetFrameWork so this works too.So I think you know what I mean but maybe it is really not possible like I imagine.

"As for question 2, most system dlls load at fixed addresses for good reasons, you might need a driver to change their address."

But its possible right?Possible to create such Olly plugin which you can enable and then if you load a app in Olly then it catch the file read the infos which dlls must loaded for this file and then just rebasing [or allocating the real dll IBs with 00 bytes so that the dlls must get a other IB] in realtime.Something like this like if you load normal dll files in Olly.If the dll IB is occupied then it get a other IB.

So I hope that someone could create such plugin if possible.I have a friend who try to create such plugin for me and maybe the person has success soon.We will see.

greetz