Another group of tools worth mentioning is emulators. Emulators are programs that simulate the execution environment, including the processor (for executing instructions, dealing with registers, and so on), memory, the operating system, and so on.
These tools have more capabilities for running malware safely (as it's all simulated) and have more control over the execution process. Therefore, they can help set up more sophisticated breakpoints, and can also be easily scripted (like libemu and the Pokas x86 Emulator), as shown in the following code:
from pySRDF import *
emu = Emulator("upx.exe")
x = emu.SetBp("__isdirty(eip)") #which set bp on Execute on modified data
emu.Run() # OR emu.Run("ins.log") to log all running instructions
emu.Dump("upx_unpacked.exe",DUMP_FIXIMPORTTABLE) #DUMP_FIXIMPORTTABLE create new import table for new API
print "File Unpacked Successfully\n\nThe Disassembled Code\n------------...
