Saturday, January 27, 2024

Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 


In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'


Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.




This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.


target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 


Eax is not a counter, is getting hardcoded values which is probably an API name:


In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.


Related news


  1. Hacking Tools
  2. Hack Rom Tools
  3. Hack And Tools
  4. Github Hacking Tools
  5. Growth Hacker Tools
  6. Hacking Tools For Beginners
  7. Hacking Tools Usb
  8. Pentest Tools Subdomain
  9. Best Hacking Tools 2019
  10. Pentest Tools Nmap
  11. Nsa Hacker Tools
  12. Underground Hacker Sites
  13. Easy Hack Tools
  14. Hacking Tools Hardware
  15. Hacking Tools For Mac
  16. How To Make Hacking Tools
  17. Hack Tools 2019
  18. Pentest Tools Apk
  19. How To Make Hacking Tools
  20. Hacking App
  21. Hacker Tools
  22. Pentest Tools Port Scanner
  23. Hack Tools Pc
  24. Hack Tools Online
  25. Growth Hacker Tools
  26. Pentest Tools Tcp Port Scanner
  27. Hacker Tools Apk Download
  28. Hacker Tools Linux
  29. Blackhat Hacker Tools
  30. Hack Tools Pc
  31. Pentest Tools Online
  32. Hacking Tools For Games
  33. Nsa Hack Tools
  34. Hacker Tools Windows
  35. Pentest Tools Online
  36. Hacker Tools
  37. Pentest Tools Review
  38. Hack Tools Pc
  39. Hack And Tools
  40. Pentest Tools Apk
  41. Hacker Tools 2019
  42. Pentest Tools Linux
  43. Hack And Tools
  44. Hacker Tools For Pc
  45. Hacking Tools Windows 10
  46. Kik Hack Tools
  47. Wifi Hacker Tools For Windows
  48. Hack Tools For Windows
  49. Android Hack Tools Github
  50. Pentest Tools Bluekeep
  51. Bluetooth Hacking Tools Kali
  52. Pentest Tools Subdomain
  53. Beginner Hacker Tools
  54. Hacking Tools For Pc
  55. Hacker Tools
  56. Hack Tools For Games
  57. Hacking Tools 2019
  58. Wifi Hacker Tools For Windows
  59. Hacking Apps
  60. Hack Tools
  61. Pentest Tools Free
  62. Pentest Tools Linux
  63. Hacking Tools For Windows Free Download
  64. Growth Hacker Tools
  65. Hack Tool Apk No Root
  66. Pentest Tools Bluekeep
  67. Hacking Tools Name
  68. Pentest Tools Url Fuzzer
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)