Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 

In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'

Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.

This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 

Eax is not a counter, is getting hardcoded values which is probably an API name:

In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.

Read more

1. Kik Hack Tools
2. Hack Tools Pc
3. Hack Tool Apk
4. Hacking Tools Pc
5. Hacker Tools 2020
6. Pentest Tools Alternative
7. Hacker Tools
8. Pentest Tools Find Subdomains
9. Nsa Hack Tools Download
10. Hack Tools For Games
11. Hack Website Online Tool
12. Hacking Tools For Windows Free Download
13. Pentest Box Tools Download
14. Hacking Tools Github
15. Usb Pentest Tools
16. Hacker Search Tools
17. Ethical Hacker Tools
18. Pentest Tools Website Vulnerability
19. Pentest Tools Subdomain
20. Pentest Tools Port Scanner
21. Hacking Tools And Software
22. Hacker Tools For Mac
23. Hack Tool Apk No Root
24. Hacker Tools Online
25. Pentest Tools Alternative
26. Hacker Tools
27. Nsa Hacker Tools
28. Pentest Tools Website
29. Pentest Tools Review
30. Pentest Tools Framework
31. New Hacker Tools
32. How To Make Hacking Tools
33. Hackers Toolbox
34. Pentest Tools Framework
35. Hacking Tools For Kali Linux
36. Game Hacking
37. Usb Pentest Tools
38. Android Hack Tools Github
39. Hacker Tools Linux
40. Pentest Tools
41. Hack Tools Download
42. Hacking Tools Kit
43. Hacker Tools Online
44. Hacking Tools
45. Hacker Tools For Pc
46. Hacker Techniques Tools And Incident Handling
47. Pentest Tools Framework
48. Hack Tools For Mac
49. Hack Tools 2019
50. Usb Pentest Tools
51. Hacking Tools For Mac
52. Black Hat Hacker Tools
53. Hacker Tools For Mac
54. Github Hacking Tools
55. Hacker Tools 2019
56. Hack Apps
57. Hacking Tools Hardware
58. Hacking Tools Online
59. How To Hack
60. Hacker Tools Apk
61. Hak5 Tools
62. Pentest Tools Android
63. Blackhat Hacker Tools
64. Pentest Automation Tools
65. How To Make Hacking Tools
66. Hacker Tools For Ios
67. Hacker Tools Free Download
68. Termux Hacking Tools 2019
69. Pentest Tools List
70. Hacking Tools For Mac
71. Pentest Tools Nmap
72. Hacker Tools 2020
73. Hacker Tools For Ios
74. Hacker Tools Mac
75. Hacking Tools
76. Blackhat Hacker Tools
77. Pentest Tools Review
78. Pentest Tools Tcp Port Scanner
79. Pentest Tools For Windows
80. Tools 4 Hack
81. Hack Tool Apk
82. Beginner Hacker Tools
83. Hacking Tools Windows 10
84. What Is Hacking Tools
85. Github Hacking Tools
86. Best Hacking Tools 2020
87. Pentest Tools Download
88. Hacks And Tools
89. Hacking Tools Windows
90. Hacking Tools For Mac
91. Pentest Tools Download
92. Hacker Tools Mac
93. Hack Tools For Pc
94. Hackrf Tools