|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Erik Sperling Johansen (erik_at_sperling.no)
Date: Tue Oct 08 2002 - 17:16:15 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simply gdb any application with the shellcode embedded, and use x/i to get a
disassembly.
- --Erik
On Tuesday 08 October 2002 21:12, Sean Zadig wrote:
> Hi,
> I'm doing some research into creating variants of common attacks, but I ran
> into a problem of sorts. For most of the attacks I have, the shellcode
> consists of the overflow and the actual malicious code that is run. I want
> to be able to isolate the overflow from the rest of the shellcode and use
> that to create attack variants. Problem is, I don't know where one ends and
> the other begins! I figure if I turn the hex-encoded shellcode back into
> assembly code, I could probably figure it out. I'm familiar with how to do
> the reverse in gdb, but is it possible to do what I want? To restate:
> shellcode -> asm is what I need. If this is a simple thing, my apologies -
> but the security-basics list rejected my post =)
> -Sean Zadig
>
> -----
> Sean Zadig
> Student, UC Davis
> PGP Key ID: 0xDE44A79F
> 7EE1 C80A A0C1 B224 45CE F74B 5835 0115 DE44 A79F
>
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
- --
PGP Key: http://www.sperling.no/erik.key / pgpkeys.mit.edu
Fingerprint: 0745 BF47 DFCD 8A1F 1432 DCF3 76CF 66F6 E840 A1B0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9o1kwds9m9uhAobARAlqRAJ9OK7m4+txnoxTgUb1jwclHDHpvbQCfVeOY
/h1USCz5NNMLWxtp3dmdkGk=
=Tmm6
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]