Vulnerability Development mailing list archives
Re: extracting shellcode from a execve binary.
From: corecode <corecode () corecode ath cx>
Date: Mon, 17 Sep 2001 20:24:50 +0000
actually i wrote a (more or less) simple perl script exactly for that purpose it takes advantage of the fact, that objdump can disassemble files.i could only test this on intel but it should work for other systems too unless the output of objdump is different
check this http://www.eikon.tum.de/~simons/security/od2c basically, it takes one (or several) labels as parameters.these symbols will be cut out of the objdump input and will be written to nice c char[] arrays.
one thing you should be aware of is to use non-public jump labels (like gcc does): .Lhere: instead of here:
cheerz corecode At 10:32 AM 8/28/2000, KF wrote:
Attached is the asm code for execve of /bin/sh in PowerPC linux The code compiles and executes fine, however I am having trouble extracting the shellcode from the binary... does anyone have any tips for getting the shellcode in \x41\x41\x41\x41 format. I have tried doing x/bx main however I don't really know where to begin, I have seen people start at x/bx main+4 and I have seen people start at just x/bx main...which is correct? The next question is where to stop? -KF
-- http://www.eikon.tum.de/~simons/security/
Current thread:
- extracting shellcode from a execve binary. KF (Sep 17)
- Re: extracting shellcode from a execve binary. corecode (Sep 17)
- RE: extracting shellcode from a execve binary. Simon N. Thornton (Sep 18)