Aquí Hay Trabajo

La Franquicia de los Servicios a las Personas: Sin inversiones, sin oficinas, sin empleados

Empresa con experiencia en la asistencia a las personas busca franquiciados nacionales (internacionales en un futuro próximo), para ofrecer sus servicios a las familias, mayores y niños, que resuelven cualquier imprevisto en nuestra rutina diaria: Salud, colegio, viajes, hogar, etc.

martes, 23 de enero de 2024

Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 


In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'


Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.




This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.


target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 


Eax is not a counter, is getting hardcoded values which is probably an API name:


In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.


Related posts


  1. Hacking Tools Windows
  2. Pentest Tools Linux
  3. Hacking Tools Hardware
  4. Hack Tools
  5. Pentest Tools Online
  6. Pentest Tools
  7. Hacking Tools Github
  8. Pentest Tools For Mac
  9. Hacking Tools Pc
  10. Hack Tools For Ubuntu
  11. Hacker Tool Kit
  12. Black Hat Hacker Tools
  13. Hacking Tools For Windows Free Download
  14. Pentest Tools Website Vulnerability
  15. Hack Tool Apk
  16. Physical Pentest Tools
  17. Hacking Tools For Windows
  18. Hacking Tools Mac
  19. Hacker Tools For Pc
  20. Hacking Tools For Mac
  21. Hack And Tools
  22. Blackhat Hacker Tools
  23. Pentest Tools Download
  24. Wifi Hacker Tools For Windows
  25. Hack Tools For Windows
  26. Computer Hacker
  27. Pentest Automation Tools
  28. How To Make Hacking Tools
  29. Hacker Hardware Tools
  30. Hacker Tools For Mac
  31. Pentest Box Tools Download
  32. Hacker Tools 2020
  33. Ethical Hacker Tools
  34. Pentest Reporting Tools
  35. Hack Tools For Ubuntu
  36. Hacker Hardware Tools
  37. Termux Hacking Tools 2019
  38. Hacker Tools Linux
  39. Pentest Tools List
  40. Usb Pentest Tools
  41. Hacking Tools Windows
  42. Pentest Tools Framework
  43. Easy Hack Tools
  44. Hacker Security Tools
  45. Hacking Tools Kit
  46. Hacker Techniques Tools And Incident Handling
  47. Hacking Tools Windows
  48. Hacker Tool Kit
  49. Hacking Tools Hardware
  50. Pentest Tools Tcp Port Scanner
  51. Hacker Tool Kit
  52. Hacker Tools Online
  53. Hacking Tools For Games
  54. Hacking Tools Kit
  55. Hacker Tools Github
  56. Hacker Tools For Windows
  57. Easy Hack Tools
  58. Hack Tool Apk
  59. Pentest Tools For Windows
  60. Pentest Tools Subdomain
  61. Hacker Tools Software
  62. Pentest Tools Find Subdomains
  63. Hacking Tools For Pc
  64. Hacker Tools 2019
  65. Pentest Tools Port Scanner
  66. Pentest Tools Url Fuzzer
  67. Beginner Hacker Tools
  68. Hacker Tools Online
  69. Hack Tools
  70. Hack Tools Download
  71. Pentest Tools Tcp Port Scanner
  72. Hacking Tools Mac
  73. Hacking Tools Usb
  74. Hack Tool Apk No Root
  75. Hacker Tools For Pc
  76. Pentest Tools Website Vulnerability
  77. Wifi Hacker Tools For Windows
  78. Android Hack Tools Github
  79. Hackrf Tools
  80. Pentest Tools Kali Linux
  81. Hack Tools For Games
  82. Pentest Recon Tools
  83. Hacker Tools For Windows
  84. Pentest Tools Alternative
  85. Hacker Techniques Tools And Incident Handling
  86. Pentest Tools Framework
  87. Android Hack Tools Github
  88. Underground Hacker Sites
  89. Hacker Security Tools
  90. Pentest Tools Find Subdomains
  91. Hacker Tools Windows
  92. Pentest Tools Subdomain
  93. Hack Tools Download
  94. Wifi Hacker Tools For Windows
  95. Pentest Tools Alternative
  96. Hacking Tools Online
  97. Free Pentest Tools For Windows
  98. Hack Tools Download
  99. Hacker Techniques Tools And Incident Handling
  100. Pentest Tools Tcp Port Scanner
  101. Hacking Tools 2020
  102. Hack Tools
  103. Hacking Tools Windows
  104. Hacker Tools
  105. What Is Hacking Tools
  106. Hack Tools For Mac
  107. Pentest Tools Android
  108. Github Hacking Tools
  109. Underground Hacker Sites
  110. Easy Hack Tools
  111. Hack Tools Download
  112. Pentest Tools Nmap
  113. Pentest Tools Bluekeep
  114. Hack Website Online Tool
  115. Hacker Security Tools
  116. Top Pentest Tools
  117. Pentest Tools Download
  118. Pentest Tools Port Scanner
Publicado por en

Archivo del blog

Con la tecnología de Blogger.

Disqus for La Franquicia de los Servicios a las Personas

wibiya widget

Directorio Blogs

Directorio de Blogs

Suscribirse ahora standard

 Subscribe in a reader