Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 

In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'

Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.

This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 

Eax is not a counter, is getting hardcoded values which is probably an API name:

In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.

More info

1. What Are Hacking Tools
2. Hackers Toolbox
3. Physical Pentest Tools
4. Hacker Tools
5. Hacking Tools Hardware
6. Hacking Tools Name
7. Pentest Tools Free
8. Hack Website Online Tool
9. Hacker Tools 2019
10. Hack Tools Online
11. Black Hat Hacker Tools
12. Physical Pentest Tools
13. Hack Rom Tools
14. Hacker Tools Github
15. Pentest Box Tools Download
16. Hacking Tools Windows
17. Hacking Tools Kit
18. Pentest Tools List
19. Underground Hacker Sites
20. Hacker Hardware Tools
21. Hack Apps
22. Hacking Tools Free Download
23. Hacking Tools 2020
24. Hack Tools For Pc
25. Hacker Tools For Mac
26. Tools For Hacker
27. Hackrf Tools
28. Underground Hacker Sites
29. Tools For Hacker
30. Hacking Tools For Beginners
31. How To Make Hacking Tools
32. How To Make Hacking Tools
33. Pentest Tools Android
34. Tools For Hacker
35. Pentest Tools Apk
36. Github Hacking Tools
37. Hack Tools
38. Hacking Tools
39. Pentest Tools For Mac
40. Hacking Tools Online
41. Hacker Tools Linux
42. Hack Tools Download
43. Pentest Recon Tools
44. Hacker Tools
45. Hack Tools For Mac
46. Hacker Security Tools
47. Pentest Tools Website
48. Pentest Tools Find Subdomains
49. Hacker Tool Kit
50. Hacker
51. Hacking Tools Online
52. What Are Hacking Tools
53. Hacking Tools For Games
54. Best Hacking Tools 2019
55. Hacking Tools For Kali Linux
56. Pentest Tools Subdomain
57. Hacker Tools Linux
58. Hacker Tools Hardware
59. Hacker Tools
60. Hack Tools Mac
61. Hacking Tools For Mac
62. Hack Tool Apk No Root
63. Pentest Tools Website
64. Hacker Tools Windows
65. Pentest Tools Apk
66. Free Pentest Tools For Windows
67. Hackrf Tools