Basically, it comes down to picking one or more you can afford and having a play. If you're looking for tools, I suggest the x86 wikibook. Actually, chances are you had to do the inverse of this to load the code into the test harness (i.e. Of course, if you wanted to analyse that particularl piece of shell code statically, well, there's a way for that too: #include Īnd now you have a binary blob to work with. For starters, you could just use a harness: #include Īnd voila you're off - simply get gdb or the like to single step through it. Now, if you wanted to analyse some shellcode, there's a multitude of ways you could do it. This is how you'd go about writing a bootloader or the like. That'll do absolutely no additional work bar translating the assembler instructions to opcodes and writing it down in a binary file. To the point sections of executables are labelled (text, data) so the OS knows what to treat as what.įor a demo, take any set of assembler and type: nasm -f bin Ok, maybe there's bits of data in there for PE/ELF headers or the like, or just plain program data, but the data is the same binary as instructions. Wat? Executables are just raw blocks of instructions too! No really. Since shellcode is just a raw block of instructions, these tools aren't really suited.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |