Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 

In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'

Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.

This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 

Eax is not a counter, is getting hardcoded values which is probably an API name:

In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.

Related links

1. Pentest Tools For Mac
2. Bluetooth Hacking Tools Kali
3. Tools Used For Hacking
4. Hacking Tools For Kali Linux
5. Pentest Tools Tcp Port Scanner
6. Pentest Tools Kali Linux
7. Pentest Tools For Android
8. Black Hat Hacker Tools
9. Hacking Tools
10. Hacker Tools 2019
11. Pentest Tools Download
12. Hacking Tools For Windows 7
13. Pentest Tools Website
14. Pentest Tools Download
15. Hacker Techniques Tools And Incident Handling
16. Hacking Tools Kit
17. Hacking Tools Mac
18. Hacking Tools 2019
19. Hacker
20. Hack Tools Online
21. Hacking Tools Online
22. World No 1 Hacker Software
23. Tools 4 Hack
24. Beginner Hacker Tools
25. Hacker Tools Windows
26. Hacker Tools List
27. Pentest Tools Tcp Port Scanner
28. Best Hacking Tools 2019
29. Tools For Hacker
30. Hacker Tools Online
31. Pentest Tools Free
32. Hacker Tools 2020
33. Blackhat Hacker Tools
34. Hacking Tools Github
35. Hak5 Tools
36. Pentest Tools For Windows
37. Install Pentest Tools Ubuntu
38. Hacker Tools Apk
39. Hack Tools Github
40. Pentest Tools Online
41. Hacker Tools Free
42. Tools Used For Hacking
43. Hak5 Tools
44. Install Pentest Tools Ubuntu
45. Tools For Hacker
46. Hack App
47. Hack Tools 2019
48. Pentest Tools Nmap
49. Hacking Tools Software
50. Hacker Tools Free Download
51. Hacker Tools For Ios
52. Hack Tools
53. Hacker Security Tools
54. Best Pentesting Tools 2018
55. Hacking Tools Hardware
56. Pentest Tools Nmap
57. Pentest Recon Tools
58. Hack Tools
59. Hacker Tools For Windows
60. Hacking Tools 2020
61. New Hacker Tools
62. Tools 4 Hack
63. Hacking Tools Windows
64. Hacking Tools For Games
65. Pentest Box Tools Download
66. Hack Tools 2019
67. Pentest Tools Bluekeep
68. Pentest Tools Website
69. How To Hack