RE: shellcode -> asm?

From: Sean Zadig (seanzadigat_private)
Date: Wed Oct 09 2002 - 11:25:51 PDT

Next message: Pluto: "CfP: 19C3 Chaos Communication Congress 2002"

Previous message: Rohit Sharma: "Covert channel application using libnet and libpcap"
Maybe in reply to: Sean Zadig: "shellcode -> asm?"
Next in thread: Jedi/Sector One: "Re: shellcode -> asm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks everyone - using objdump is doing the trick nicely, I now have some 
assembly code to play with. Thanks to everyone who posted helpful links to 
various projects and scripts - I think they will be very helpful. Cheers,
         -Sean Zadig

>
>Check out the Bastard project.
>http://sourceforge.net/projects/bastard/
>
>You can write a simple app to parse exploits and snag the shellcodes out.
>Use the Bastard library function disassemble_address() to get the code into
>an ASCII representation. The use and syntax is very straight forward.
>
>	disassemble_init(0, INTEL_SYNTAX);
>	disassemble_address(addr, &curr_inst);
>	disassemble_cleanup();
>
>-R
>
>Riley Hassell
>Security Research Associate
>eEye Digital Security
>
>
>-----Original Message-----
>From: Sean Zadig [mailto:seanzadigat_private]
>Sent: Tuesday, October 08, 2002 12:12 PM
>To: vuln-devat_private
>Subject: shellcode -> asm?
>
>
>Hi,
>I'm doing some research into creating variants of common attacks, but I ran
>into a problem of sorts. For most of the attacks I have, the shellcode
>consists of the overflow and the actual malicious code that is run. I want
>to be able to isolate the overflow from the rest of the shellcode and use
>that to create attack variants. Problem is, I don't know where one ends and
>the other begins! I figure if I turn the hex-encoded shellcode back into
>assembly code, I could probably figure it out. I'm familiar with how to do
>the reverse in gdb, but is it possible to do what I want? To restate:
>shellcode -> asm is what I need. If this is a simple thing, my apologies -
>but the security-basics list rejected my post =)
>    -Sean Zadig
>
>-----
>Sean Zadig
>Student, UC Davis
>PGP Key ID: 0xDE44A79F
>7EE1 C80A A0C1 B224 45CE  F74B 5835 0115 DE44 A79F
>
>
>_________________________________________________________________
>Chat with friends online, try MSN Messenger: http://messenger.msn.com




-----
Sean Zadig
Student, UC Davis
PGP Key ID: 0xDE44A79F
7EE1 C80A A0C1 B224 45CE  F74B 5835 0115 DE44 A79F


_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

Next message: Pluto: "CfP: 19C3 Chaos Communication Congress 2002"
Previous message: Rohit Sharma: "Covert channel application using libnet and libpcap"
Maybe in reply to: Sean Zadig: "shellcode -> asm?"
Next in thread: Jedi/Sector One: "Re: shellcode -> asm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 13:01:38 PDT