วันเสาร์ที่ 20 มกราคม พ.ศ. 2567

Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 


In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'


Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.




This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.


target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 


Eax is not a counter, is getting hardcoded values which is probably an API name:


In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.


Related articles

  1. Pentest Tools List
  2. Hacking Tools Kit
  3. Hacking Tools Name
  4. Hacking Tools 2020
  5. Pentest Tools Android
  6. Pentest Tools Review
  7. Hacker
  8. Pentest Tools Linux
  9. Pentest Tools Port Scanner
  10. Pentest Tools Bluekeep
  11. New Hack Tools
  12. Best Pentesting Tools 2018
  13. Termux Hacking Tools 2019
  14. Tools 4 Hack
  15. Hacker Security Tools
  16. Hacking Tools For Kali Linux
  17. Tools 4 Hack
  18. Hack Tool Apk
  19. Hacking Tools For Beginners
  20. Hacking Tools For Pc
  21. Hacking Tools Mac
  22. Hacker Search Tools
  23. Pentest Tools Download
  24. Top Pentest Tools
  25. Bluetooth Hacking Tools Kali
  26. Game Hacking
  27. Pentest Tools Download
  28. Hacker Security Tools
  29. Black Hat Hacker Tools
  30. Hacker Techniques Tools And Incident Handling
  31. Hacker Tools Apk Download
  32. Hacker Tools Hardware
  33. Pentest Tools Kali Linux
  34. Hack Apps
  35. Hacking App
  36. Underground Hacker Sites
  37. Game Hacking
  38. Hacker Tools 2020
  39. Hacker Tools Online
  40. Hacker Tools 2020
  41. Hack Tools Download
  42. Pentest Tools List
  43. Pentest Tools For Android
  44. Hack Tools For Pc
  45. Hacking Tools For Beginners
  46. Nsa Hacker Tools
  47. Hacking Tools Github
  48. Pentest Tools Nmap
  49. Hak5 Tools
  50. Android Hack Tools Github
  51. Hacker Security Tools
  52. Pentest Tools Nmap
  53. Hacker
  54. Hack Tools Pc
  55. Hacking Tools Name
  56. How To Make Hacking Tools
  57. Usb Pentest Tools
  58. Top Pentest Tools
  59. Physical Pentest Tools
  60. Hacker Tools For Mac
  61. Best Pentesting Tools 2018
  62. Physical Pentest Tools
  63. Free Pentest Tools For Windows
  64. Usb Pentest Tools
  65. Bluetooth Hacking Tools Kali
  66. Hacker Security Tools
  67. Hacking Tools Hardware
  68. Pentest Box Tools Download
  69. Ethical Hacker Tools
  70. Hacker Tools List
  71. Hacker Tools Mac
  72. Hack Tool Apk No Root
  73. Android Hack Tools Github
  74. Hacker Tools For Windows
  75. Hacking Tools Software
  76. Kik Hack Tools
  77. Hacking Tools 2019
  78. Hack Tools
เขียนโดย ที่

ไม่มีความคิดเห็น:

แสดงความคิดเห็น

สมัครสมาชิก: ส่งความคิดเห็น (Atom)