Re: shellcode -> asm?

[Enrique A. Compañ Gzz. <enrique () virtekweb net>]

You can try to actually call the shellcode from a simple program you have
to write, and then debug it using gdb or any other program in whatever
plataform you plan to use.

To stop at the begining of the shellcode, you could use "stop on memory
access", or put an "int 0x03" ("\xCD\x03", I think) at the begining of the
code to cause the debugger to stop there, and then view the instructions
after the breakpoint... that should do.

Regards

----- Original Message -----
From: "Sean Zadig" <seanzadig () hotmail com>
To: <vuln-dev () securityfocus com>
Sent: Tuesday, October 08, 2002 9:12 PM
Subject: shellcode -> asm?


> Hi,
> I'm doing some research into creating variants of common attacks, but I
ran
> into a problem of sorts. For most of the attacks I have, the shellcode
> consists of the overflow and the actual malicious code that is run. I want
> to be able to isolate the overflow from the rest of the shellcode and use
> that to create attack variants. Problem is, I don't know where one ends
and
> the other begins! I figure if I turn the hex-encoded shellcode back into
> assembly code, I could probably figure it out. I'm familiar with how to do
> the reverse in gdb, but is it possible to do what I want? To restate:
> shellcode -> asm is what I need. If this is a simple thing, my apologies -
> but the security-basics list rejected my post =)
>    -Sean Zadig
>
> -----
> Sean Zadig
> Student, UC Davis
> PGP Key ID: 0xDE44A79F
> 7EE1 C80A A0C1 B224 45CE  F74B 5835 0115 DE44 A79F
>
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com