Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 

In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'

Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.

This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 

Eax is not a counter, is getting hardcoded values which is probably an API name:

In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.

Related links

1. Hacking Tools For Kali Linux
2. Hack Rom Tools
3. Pentest Tools For Android
4. Pentest Recon Tools
5. Hacking Tools Software
6. Pentest Tools Github
7. Top Pentest Tools
8. Hacking Tools Windows
9. Hacking Tools 2020
10. Underground Hacker Sites
11. Black Hat Hacker Tools
12. Kik Hack Tools
13. Pentest Tools Subdomain
14. Hack Tools For Windows
15. Hacker Tools Windows
16. Tools Used For Hacking
17. Hacking Tools Online
18. Pentest Tools Find Subdomains
19. Bluetooth Hacking Tools Kali
20. New Hacker Tools
21. Free Pentest Tools For Windows
22. World No 1 Hacker Software
23. Hack Tool Apk
24. Hacker Tools 2020
25. Hacker Tools Apk
26. Pentest Tools Kali Linux
27. Pentest Tools Url Fuzzer
28. Underground Hacker Sites
29. Pentest Tools Android
30. Hack App
31. Hacking Tools 2019
32. Hack Tool Apk
33. Hack Tools For Games
34. Pentest Tools Find Subdomains
35. Pentest Tools Url Fuzzer
36. Hacker Tools For Pc
37. Hacker Tools Linux
38. What Are Hacking Tools
39. Pentest Reporting Tools
40. Hacker Security Tools
41. Hacking Tools Windows
42. Hacking Tools Kit
43. Wifi Hacker Tools For Windows
44. Hack Tools 2019
45. Hack Tools For Games
46. Hacker Tools Github
47. Hack Tools For Mac
48. Hacker Hardware Tools
49. Hacking Tools Github
50. Bluetooth Hacking Tools Kali
51. Android Hack Tools Github
52. Hacking Tools Windows 10
53. Pentest Tools Review
54. Pentest Tools Windows
55. Hacking Tools For Windows Free Download
56. Hack Tools For Ubuntu
57. Beginner Hacker Tools
58. Hacker Tools Free
59. Hack Tools For Mac
60. Hacking Tools For Windows
61. How To Install Pentest Tools In Ubuntu
62. Android Hack Tools Github
63. Hack Tools 2019
64. How To Hack
65. How To Hack
66. Computer Hacker
67. Hacker Techniques Tools And Incident Handling
68. Hacking Tools Windows
69. Pentest Tools Review
70. Hacking Tools Windows
71. Pentest Tools List
72. Pentest Tools Windows
73. Hacking Tools 2020
74. Hacker Security Tools
75. Hacker Security Tools
76. Hack Tool Apk No Root
77. Hack Tools Mac
78. Hack Tools For Mac
79. Pentest Tools Apk