OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Sean Zadig (seanzadig_at_hotmail.com)
Date: Wed Oct 09 2002 - 13:25:51 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Thanks everyone - using objdump is doing the trick nicely, I now have some
    assembly code to play with. Thanks to everyone who posted helpful links to
    various projects and scripts - I think they will be very helpful. Cheers,
             -Sean Zadig

    >
    >Check out the Bastard project.
    >http://sourceforge.net/projects/bastard/
    >
    >You can write a simple app to parse exploits and snag the shellcodes out.
    >Use the Bastard library function disassemble_address() to get the code into
    >an ASCII representation. The use and syntax is very straight forward.
    >
    > disassemble_init(0, INTEL_SYNTAX);
    > disassemble_address(addr, &curr_inst);
    > disassemble_cleanup();
    >
    >-R
    >
    >Riley Hassell
    >Security Research Associate
    >eEye Digital Security
    >
    >
    >-----Original Message-----
    >From: Sean Zadig [mailto:seanzadighotmail.com]
    >Sent: Tuesday, October 08, 2002 12:12 PM
    >To: vuln-devsecurityfocus.com
    >Subject: shellcode -> asm?
    >
    >
    >Hi,
    >I'm doing some research into creating variants of common attacks, but I ran
    >into a problem of sorts. For most of the attacks I have, the shellcode
    >consists of the overflow and the actual malicious code that is run. I want
    >to be able to isolate the overflow from the rest of the shellcode and use
    >that to create attack variants. Problem is, I don't know where one ends and
    >the other begins! I figure if I turn the hex-encoded shellcode back into
    >assembly code, I could probably figure it out. I'm familiar with how to do
    >the reverse in gdb, but is it possible to do what I want? To restate:
    >shellcode -> asm is what I need. If this is a simple thing, my apologies -
    >but the security-basics list rejected my post =)
    > -Sean Zadig
    >
    >-----
    >Sean Zadig
    >Student, UC Davis
    >PGP Key ID: 0xDE44A79F
    >7EE1 C80A A0C1 B224 45CE F74B 5835 0115 DE44 A79F
    >
    >
    >_________________________________________________________________
    >Chat with friends online, try MSN Messenger: http://messenger.msn.com

    -----
    Sean Zadig
    Student, UC Davis
    PGP Key ID: 0xDE44A79F
    7EE1 C80A A0C1 B224 45CE F74B 5835 0115 DE44 A79F

    _________________________________________________________________
    Chat with friends online, try MSN Messenger: http://messenger.msn.com