Sunday, January 28, 2024

Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 


In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'


Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.




This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.


target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 


Eax is not a counter, is getting hardcoded values which is probably an API name:


In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.


Related links


  1. Pentest Tools Review
  2. Install Pentest Tools Ubuntu
  3. Hacker Tools Linux
  4. Pentest Tools Port Scanner
  5. Pentest Recon Tools
  6. Growth Hacker Tools
  7. Nsa Hack Tools Download
  8. Pentest Tools Url Fuzzer
  9. Hacking Tools For Kali Linux
  10. Hacker Tools Mac
  11. Hacking Tools For Pc
  12. What Is Hacking Tools
  13. Hacking Tools Name
  14. Wifi Hacker Tools For Windows
  15. Hacking Tools Windows
  16. Hacker Tools 2019
  17. Underground Hacker Sites
  18. Best Hacking Tools 2020
  19. Hack Website Online Tool
  20. Best Hacking Tools 2020
  21. World No 1 Hacker Software
  22. Hack Tools For Windows
  23. Hacking Tools For Windows
  24. How To Hack
  25. Pentest Tools Framework
  26. Beginner Hacker Tools
  27. Easy Hack Tools
  28. Hacking Tools For Games
  29. Pentest Recon Tools
  30. Hacker Tool Kit
  31. Hacker Hardware Tools
  32. Pentest Tools Url Fuzzer
  33. Best Hacking Tools 2019
  34. Pentest Tools Online
  35. Hacker
  36. Tools Used For Hacking
  37. Bluetooth Hacking Tools Kali
  38. Best Hacking Tools 2019
  39. Pentest Tools For Windows
  40. Hack Tools
  41. Ethical Hacker Tools
  42. Underground Hacker Sites
  43. New Hacker Tools
  44. Pentest Tools For Ubuntu
  45. Pentest Tools For Mac
  46. Hacker Tools For Ios
  47. Hacker
  48. Hacker Tools List
  49. What Is Hacking Tools
  50. Pentest Reporting Tools
  51. How To Install Pentest Tools In Ubuntu
  52. Hacking Tools Hardware
  53. Free Pentest Tools For Windows
  54. Hacking Tools For Pc
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)