|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Riley Hassell (rhassell_at_eeye.com)
Date: Tue Oct 08 2002 - 18:24:06 CDT
Check out the Bastard project.
http://sourceforge.net/projects/bastard/
You can write a simple app to parse exploits and snag the shellcodes out.
Use the Bastard library function disassemble_address() to get the code into
an ASCII representation. The use and syntax is very straight forward.
disassemble_init(0, INTEL_SYNTAX);
disassemble_address(addr, &curr_inst);
disassemble_cleanup();
-R
Riley Hassell
Security Research Associate
eEye Digital Security
-----Original Message-----
From: Sean Zadig [mailto:seanzadig
hotmail.com]
Sent: Tuesday, October 08, 2002 12:12 PM
To: vuln-devsecurityfocus.com
Subject: shellcode -> asm?
Hi,
I'm doing some research into creating variants of common attacks, but I ran
into a problem of sorts. For most of the attacks I have, the shellcode
consists of the overflow and the actual malicious code that is run. I want
to be able to isolate the overflow from the rest of the shellcode and use
that to create attack variants. Problem is, I don't know where one ends and
the other begins! I figure if I turn the hex-encoded shellcode back into
assembly code, I could probably figure it out. I'm familiar with how to do
the reverse in gdb, but is it possible to do what I want? To restate:
shellcode -> asm is what I need. If this is a simple thing, my apologies -
but the security-basics list rejected my post =)
-Sean Zadig
-----
Sean Zadig
Student, UC Davis
PGP Key ID: 0xDE44A79F
7EE1 C80A A0C1 B224 45CE F74B 5835 0115 DE44 A79F
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]