oalabs / blobrunner Goto Github PK
View Code? Open in Web Editor NEWQuickly debug shellcode extracted during malware analysis
License: MIT License
Quickly debug shellcode extracted during malware analysis
License: MIT License
The nopause
option does not seem to be useful, I'd rather prepend an INT 3 instruction that forces OllyDBG to stop
Can you do something similar to this?
LPVOID process_file(char* inputfile_name){
...
buffer=(char *)malloc(fileLen+1+4); //Create Buffer
for (i = 0; i < 3; i ++) {
buffer[i] = 0x90;
}
buffer[3] = 0xCC;
fread(buffer+4, fileLen, 1, file); //Read file to buffer
fclose(file); //Close file handle
...
Looks like __asm
is not supported on x64, can you help?
Could be user error or possible bug. When I go to the offset specified in the Base, IDA view > segments the base addr is only listed as the end of the allocated memory never at the start for the shellcode.
shellcode3_actual_meterpreter.zip
passwd - infected
--nopause flag doesn't work for x64bit program.
printf(" [*] Navigate to the Thread Entry and set a breakpoint. Then press any key to resume the thread.\n",entry);
This line is missing a format specifier for entry
.
--autobreak flag provide the injection of "int 3" instruction into the shellcode, what could corrupt the shellcode execution.
Possible solution:
set the breakpoint before the jump to shellcode execution.
blobrunner incorrectly assumes the offset input is in base 16 or hex. For example, the two commands would jump to different offsets, even though they are equivalent.
blobrunner.exe blah.bin --offset 0xC000
blobrunner.exe blah.bin --offset 3072
should be
#ifdef _WIN64
printf(" [] Thread Entry: 0x%016I64x\n", shell_entry);
#else
printf(" [] Thread Entry: 0x%08I32x\n", shell_entry);
#endif // _WIN64
In the previous versions, the shellcode entrypoint address is printed before pressing any key to jump to the shellcode. This allows us to set a breakpoint at the shellcode entrypoint before proceeding on.
In the latest version, the shellcode entrypoint address is printed after pressing any key as shown in the screenshot above.
Provide the code refactoring:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.