Friday, May 26, 2023

Emulating Shellcodes - Chapter 1

 There are many basic shellcodes that can be emulated from the beginning from the end providing IOC like where is connecting and so on. But what can we do when the emulation get stuck at some point?

The console has many tools to interact with the emulator like it was a debugger but the shellcode really is not being executed so is safer than a debugger.

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin -vv 


In some shellcodes the emulator emulates millions of instructions without problem, but in this case at instruction number 176 there is a crash, the [esp + 30h] contain an unexpected 0xffffffff.

There are two ways to trace the memory, tracing all memory operations with -m or inspecting specific place with -i which allow to use registers to express the memory location:

target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  -i 'dword ptr [esp + 0x30]'


Now we know that in position 174 the value 0xffffffff is set.

But we have more control if we set the console at first instruction with -c 1 and set a memory breakpoint on write.




This "dec" instruction changes the zero for the 0xffffffff, and the instruction 90 is what actually is changing the stack value.

Lets trace the eax register to see if its a kind of counter or what is doing.


target/release/scemu -f ~/Downloads/shellcodes_matched/drv_shellcode.bin  --reg eax 


Eax is not a counter, is getting hardcoded values which is probably an API name:


In this case this shellcode depend on previous states and crash also in the debugger because of  register values. this is just an example of how to operate in cases where is not fully emulated.

In next chapter will see how to unpack and dump to disk using the emulator.


Continue reading


  1. Top Pentest Tools
  2. Install Pentest Tools Ubuntu
  3. Hacking Tools Windows 10
  4. Hacker Tools Free
  5. Hacking Tools Name
  6. Hacker Tools 2019
  7. Hacker Tools
  8. Hacker Tools Linux
  9. Game Hacking
  10. Hacking Tools For Kali Linux
  11. Wifi Hacker Tools For Windows
  12. Pentest Tools For Mac
  13. Pentest Recon Tools
  14. Github Hacking Tools
  15. Hack Tools Online
  16. Hack Tools
  17. Hacker Tools Github
  18. Bluetooth Hacking Tools Kali
  19. Growth Hacker Tools
  20. Hacker Tools For Mac
  21. Github Hacking Tools
  22. Pentest Tools Framework
  23. Pentest Tools For Windows
  24. Hacking Tools Name
  25. Hacking Tools Mac
  26. New Hacker Tools
  27. Hacking Tools For Pc
  28. Hacker Tools For Ios
  29. Hacking Tools And Software
  30. Tools Used For Hacking
  31. Hacking Tools Github
  32. Hacker Search Tools
  33. Pentest Tools Free
  34. Hack Tool Apk No Root
  35. Pentest Tools Alternative
  36. Hacking Tools Windows 10
  37. Hacker Tools
  38. Bluetooth Hacking Tools Kali
  39. Blackhat Hacker Tools
  40. Nsa Hack Tools Download
  41. Hacking Tools Hardware
  42. Github Hacking Tools
  43. Pentest Tools For Mac
  44. How To Hack
  45. Pentest Tools List
  46. Hack Tool Apk No Root
  47. Pentest Tools Find Subdomains
  48. Pentest Tools Find Subdomains
  49. Hacking Tools Windows 10
  50. Hacker Tools
  51. Best Pentesting Tools 2018
  52. Hack Tools Download
  53. Hacker Tools Online
  54. Hacking Tools Software
  55. Hack Tools For Ubuntu
  56. Pentest Tools Find Subdomains
  57. How To Make Hacking Tools
  58. Hacker Tools Apk Download
  59. Pentest Tools Find Subdomains
  60. Pentest Tools Tcp Port Scanner
  61. Hacker Tools Apk
  62. Pentest Tools Bluekeep
  63. Pentest Tools Review
  64. Pentest Tools For Ubuntu
  65. Pentest Tools Bluekeep
  66. Wifi Hacker Tools For Windows
  67. Hacking Tools 2019
  68. Hacker Tools For Windows
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)