-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Simply gdb any application with the shellcode embedded, and use x/i to get a disassembly. - --Erik On Tuesday 08 October 2002 21:12, Sean Zadig wrote: > Hi, > I'm doing some research into creating variants of common attacks, but I ran > into a problem of sorts. For most of the attacks I have, the shellcode > consists of the overflow and the actual malicious code that is run. I want > to be able to isolate the overflow from the rest of the shellcode and use > that to create attack variants. Problem is, I don't know where one ends and > the other begins! I figure if I turn the hex-encoded shellcode back into > assembly code, I could probably figure it out. I'm familiar with how to do > the reverse in gdb, but is it possible to do what I want? To restate: > shellcode -> asm is what I need. If this is a simple thing, my apologies - > but the security-basics list rejected my post =) > -Sean Zadig > > ----- > Sean Zadig > Student, UC Davis > PGP Key ID: 0xDE44A79F > 7EE1 C80A A0C1 B224 45CE F74B 5835 0115 DE44 A79F > > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com - -- PGP Key: http://www.sperling.no/erik.key / pgpkeys.mit.edu Fingerprint: 0745 BF47 DFCD 8A1F 1432 DCF3 76CF 66F6 E840 A1B0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9o1kwds9m9uhAobARAlqRAJ9OK7m4+txnoxTgUb1jwclHDHpvbQCfVeOY /h1USCz5NNMLWxtp3dmdkGk= =Tmm6 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 16:41:22 PDT