This post will be more of a request for help from a C/C++ coder...

Namely, there is a very nice project for analyzing shellcode:
http://libemu.mwcollect.org
(take the code from SVN as the download package is outdated)

I did succeed in compiling it on Cygwin/Win32, and it works very well.
Between examples from download package, there is a tool sctest, which can be used to analyze shellcode.
As I'm pretty dumb when it comes to C/C++, I would need help to remove some of the functionality from sctest.
It contains some built-in tests for libemu, as well a possibility to run external shellcode (in emulated environment). I would need the internal tests removed from the sctest as they are triggering AV programs (built-in tests contains shellcode from real malware).

Other nice thing would be to have it compiled without a dependency to Cygwin.
I did try to compile it with Mingw32, but it does not compile (probably some differences between POSIX and Win32).

If anyone is willing to help, I would be very thankful.
My plans are to integrate this tool into Malzilla.

Is there any special reason for not using a better maintained emulator like Bochs (http://www.woodmann.com/collaborative/tools/Bochs), or other disassembler libraries (http://www.woodmann.com/collaborative/tools/Category:X86_Disassembler_Libraries)?

libEmu is made with malware in mind.
With Bochs you need to install an OS and run the shellcode in it, and sniff/monitor the results. Maybe there is some other way to use Bochs to analyze shellcode that I'm not aware of.
libEmu is not an disassembler, it is an analyzer. It is aware of Windows DLLs that are used in exploits, and it will report the arguments of DLL function calls. This way you get the URL of payload, filename on HDD of the payload etc. and all that on emulated CPU, so nothing is really executed on your production system (you will not be infected).

In other words, it does the job for a malware hunter - URL is there, filename on HDD is there, and all that in a single step (if you use tool sctest from the libemu package).

Ok, I see.

One question though:
More exactly what is the problem with removing certain pieces of demo code(?) from the source? Sounds extremely (technically) easy to me, and especially if you're a Delphi programmer ((Object) Pascal and C/C++ are very similar in most ways), since removing a piece of code only requires very brief knowledge/understanding of a programming language?

And I'm not asking this to be rude or anything, I'm just afraid that your question is too generic and non-explaining to get much help around here, and I think that this would be sad, since your projects in general are great, and this sounds extra cool.

I've just tried to remove the code myself, but I got a problem at removing arguments/switches that I do not need. I'll try again tomorrow.
I think the problem is in this part:

I do not have a clue what that function call does (opts.override.commands.commands = emu_hashtable_new(16, emu_hashtable_string_hash, emu_hashtable_string_cmp)), but if I remove one from the 16 arguments the app is not working anymore.
I'll try tomorrow to play with that first function argument (number 16) to see if that is the problem.

Second problem is - I did try to convert the libemu headers to Pascal (so that I can use libemu DLL in Malzilla without having sctest in the middle), but this form is a bit of problem:

Struct is a Record in Pascal, but I do not understand the rest of the first line. I do not recognize any similar form in Pascal.

Why do you want to remove arguments, why not just ignore them if you don't need them? And I assume you understand that you have to modify the prototype of the function that receives these arguments too, for the compiler to be happy, not just the call?

Yes, I think this is some kind of mucked up C++ way of defining a class and/or struct with a constructor... Any C++ gurus here, please tell us the exact meaning?

I'm a little bit confused too by the fact that no fields are defined, but only a function?

Thanks to oxff, latest SVN revision of libemu got official patch and option to exclude the tests from sctest.