Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 

In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'

Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.

This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 

Eax is not a counter, is getting hardcoded values which is probably an API name:

In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.

More information

1. Hacker Tools For Mac
2. Hacker Tools Hardware
3. Hacker Tools Mac
4. Kik Hack Tools
5. Pentest Box Tools Download
6. Pentest Tools Bluekeep
7. Hacking Tools Mac
8. Pentest Reporting Tools
9. Hack Tools Online
10. Hack Tools
11. Pentest Tools For Windows
12. Physical Pentest Tools
13. What Is Hacking Tools
14. Hack Tools Mac
15. Ethical Hacker Tools
16. Android Hack Tools Github
17. Hacking Tools Free Download
18. Nsa Hacker Tools
19. Hack Tools Online
20. Beginner Hacker Tools
21. Tools For Hacker
22. Hacker Tools 2020
23. Pentest Tools Github
24. Hacking App
25. Hack Tools
26. Pentest Tools Subdomain
27. Hacking Tools
28. Hack Tools 2019
29. Computer Hacker
30. Hack Tools Github
31. Hacker Security Tools
32. Tools 4 Hack
33. Hacker Tools Github
34. Hack App
35. Hacker Tools For Pc
36. Hacking Tools For Mac
37. Free Pentest Tools For Windows
38. Hacker Hardware Tools
39. Hacking Tools Github
40. Hacker Tools Mac
41. Tools For Hacker
42. Hacking Tools Usb
43. Hacking Tools For Mac
44. Pentest Tools For Android
45. Game Hacking
46. Hack Tools For Games
47. Hack Tools 2019
48. Pentest Tools Website Vulnerability
49. Hacking Tools For Windows
50. Pentest Recon Tools
51. Pentest Tools Url Fuzzer
52. Android Hack Tools Github
53. Hack Tools Pc
54. Pentest Automation Tools
55. Hacking Tools For Windows
56. Pentest Reporting Tools
57. Hacker Tools Apk
58. Hacking Apps
59. Hacking Tools Usb
60. Best Pentesting Tools 2018
61. Pentest Tools Subdomain