Thanks everyone - using objdump is doing the trick nicely, I now have some assembly code to play with. Thanks to everyone who posted helpful links to various projects and scripts - I think they will be very helpful. Cheers, -Sean Zadig > >Check out the Bastard project. >http://sourceforge.net/projects/bastard/ > >You can write a simple app to parse exploits and snag the shellcodes out. >Use the Bastard library function disassemble_address() to get the code into >an ASCII representation. The use and syntax is very straight forward. > > disassemble_init(0, INTEL_SYNTAX); > disassemble_address(addr, &curr_inst); > disassemble_cleanup(); > >-R > >Riley Hassell >Security Research Associate >eEye Digital Security > > >-----Original Message----- >From: Sean Zadig [mailto:seanzadigat_private] >Sent: Tuesday, October 08, 2002 12:12 PM >To: vuln-devat_private >Subject: shellcode -> asm? > > >Hi, >I'm doing some research into creating variants of common attacks, but I ran >into a problem of sorts. For most of the attacks I have, the shellcode >consists of the overflow and the actual malicious code that is run. I want >to be able to isolate the overflow from the rest of the shellcode and use >that to create attack variants. Problem is, I don't know where one ends and >the other begins! I figure if I turn the hex-encoded shellcode back into >assembly code, I could probably figure it out. I'm familiar with how to do >the reverse in gdb, but is it possible to do what I want? To restate: >shellcode -> asm is what I need. If this is a simple thing, my apologies - >but the security-basics list rejected my post =) > -Sean Zadig > >----- >Sean Zadig >Student, UC Davis >PGP Key ID: 0xDE44A79F >7EE1 C80A A0C1 B224 45CE F74B 5835 0115 DE44 A79F > > >_________________________________________________________________ >Chat with friends online, try MSN Messenger: http://messenger.msn.com ----- Sean Zadig Student, UC Davis PGP Key ID: 0xDE44A79F 7EE1 C80A A0C1 B224 45CE F74B 5835 0115 DE44 A79F _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 13:01:38 PDT