Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 


In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'


Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.




This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.


target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 


Eax is not a counter, is getting hardcoded values which is probably an API name:


In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.


More articles
  1. Pentest Tools Website
  2. Hacker Tools Apk
  3. Pentest Tools Open Source
  4. Hack Tools Pc
  5. Pentest Tools For Mac
  6. Pentest Tools Bluekeep
  7. Pentest Tools Free
  8. Nsa Hacker Tools
  9. Pentest Tools Bluekeep
  10. Install Pentest Tools Ubuntu
  11. Hack App
  12. Pentest Tools Android
  13. Hacking Tools For Kali Linux
  14. Hacking Tools Github
  15. Hack Tools Online
  16. Pentest Tools Framework
  17. Pentest Tools Port Scanner
  18. Pentest Tools Open Source
  19. Hack Tools Pc
  20. Hack App
  21. Pentest Tools Apk
  22. Hacker Tools
  23. Hacker Tools Software
  24. How To Make Hacking Tools
  25. Hack Tool Apk
  26. Hacker Tools Linux
  27. Pentest Tools Kali Linux
  28. Computer Hacker
  29. Game Hacking
  30. Hacker Tools Linux
  31. Free Pentest Tools For Windows
  32. Hacker Tools Hardware
  33. Easy Hack Tools
  34. Bluetooth Hacking Tools Kali
  35. Nsa Hacker Tools
  36. Pentest Tools Website Vulnerability
  37. Growth Hacker Tools
  38. Pentest Tools Windows
  39. Pentest Recon Tools
  40. Github Hacking Tools
  41. Hacker Tools
  42. Pentest Tools Alternative
  43. Hacking Tools Usb
  44. Pentest Tools Port Scanner
  45. Tools Used For Hacking
  46. Pentest Tools Url Fuzzer
  47. Hacking Tools Name
  48. Computer Hacker
  49. How To Hack
  50. Hacker Hardware Tools
  51. Hacker Tools 2020
  52. Hack Tools Online
  53. Hacker Tools List
  54. Best Pentesting Tools 2018
  55. Pentest Tools Github
  56. Hacking Tools Hardware
  57. Hacking Tools 2019
  58. Pentest Box Tools Download
  59. Hacking Tools For Windows Free Download
  60. Pentest Tools Alternative
  61. Physical Pentest Tools

No comments:

Post a Comment