Hi,
Currently I have a requirement to detect valid x86 code
sequences for a bruteforcer. Does anyone have any suggestions
for detecting valid code sequences? False positives are
a problem because it slows the process down, but some are
OK.

Thanks for any help you can provide,

--nb.

Hi,

You could try LDE32, a Length-Disassembler Engine. LDE32 is a library which may be used to determine length of any x86 instructiion, i.e. to provide partial disassembling.

SV gave me the heads up on this one, so full credit to him. It can be used to extract valid code sequences from redirected API calls for example, so it might suit your needs.

Hard to find, but I finally dug it up at
h**p://www.geocities.com/hfxiov/polymorphic/ide32.zip

Kayaker

Thanks muchly - I'll have a look

that guy used some interesting var names:
(from disasm.inc in the .zip):
"test ebx, C_FUCKINGTEST"

Good! this is what i was looking for
Thanks!

Latigo