Re: shellcode -> asm?

[Erik Sperling Johansen <erik () sperling no>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simply gdb any application with the shellcode embedded, and use x/i to get a 
disassembly.

- --Erik

On Tuesday 08 October 2002 21:12, Sean Zadig wrote:
> Hi,
> I'm doing some research into creating variants of common attacks, but I ran
> into a problem of sorts. For most of the attacks I have, the shellcode
> consists of the overflow and the actual malicious code that is run. I want
> to be able to isolate the overflow from the rest of the shellcode and use
> that to create attack variants. Problem is, I don't know where one ends and
> the other begins! I figure if I turn the hex-encoded shellcode back into
> assembly code, I could probably figure it out. I'm familiar with how to do
> the reverse in gdb, but is it possible to do what I want? To restate:
> shellcode -> asm is what I need. If this is a simple thing, my apologies -
> but the security-basics list rejected my post =)
>    -Sean Zadig
>
> -----
> Sean Zadig
> Student, UC Davis
> PGP Key ID: 0xDE44A79F
> 7EE1 C80A A0C1 B224 45CE  F74B 5835 0115 DE44 A79F
>
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com

- -- 
PGP Key: http://www.sperling.no/erik.key / pgpkeys.mit.edu
Fingerprint: 0745 BF47 DFCD 8A1F 1432  DCF3 76CF 66F6 E840 A1B0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9o1kwds9m9uhAobARAlqRAJ9OK7m4+txnoxTgUb1jwclHDHpvbQCfVeOY
/h1USCz5NNMLWxtp3dmdkGk=
=Tmm6
-----END PGP SIGNATURE-----