just a tool to dump shellcode from elf
- ELF 64-bit LSB
- ELF 64-bit MSB
- ELF 32-bit LSB
- ELF 32-bit MSB
$ make
CC obj/main.o
CC obj/parser-elf-common.o
CC obj/parser-elf-multiarch64.o
CC obj/parser-elf-multiarch32.o
CC obj/parser-mapfd.o
CC obj/sc-extract64.o
CC obj/sc-extract32.o
CC obj/datadump.o
CC obj/parser-elf-endian64.o
CC obj/parser-elf-endian32.o
CC scdump
$ sudo make install
install -s scdump /usr/bin
INSTALLPROG - program to use for installation (Default: install)
INSTALLDIR - dir to install the program (Default: /usr/bin)
V - show compiler command line (V=1)
NH - disable compiler hardening flags (NH=1)
For these examples, I will use the following source code:
; test.asm
section .data
db 'this come from .data', 0xa
section .rodata
db 'this come from .rodata', 0xa
section .text
global _start
_start:
db 'this come from .text', 0xa
xyz:
db 'dumping some shellcode from a symbol name !', 0xabuilding:
$ nasm -f elf32 test.asm -o test.o
$ ld -o test test.o -m elf_i386
Dumping a section:
$ scdump -S .data test
\x74\x68\x69\x73\x20\x63\x6f\x6d\x65\x20\x66\x72\x6f\x6d\x20\x2e\x64\x61\x74\x61\x0a
if you want non formated output just use -r option:
$ scdump -S .data test -r
this come from .data
$ scdump -S .rodata test -r
this come from .rodata
$ scdump -S .text test -r
this come from .text
dumping some shellcode from a symbol name !
Dumping shellcode by symbol name:
$ scdump -s _start test -r
this come from .text
$ scdump -s xyz test -r
dumping some shellcode from a symbol name !
Dumping shellcode based on virtual address:
$ readelf -S test | grep -i .rodata
[ 2] .rodata PROGBITS 080480c4 0000c4 000017 00 A 0 0 4
$ scdump -a 080480c4,23 test -r
this come from .rodata
note that 0x17 becomes 23 in decimal
If this project helped you, consider making a donation:
paypal:
btc: 1PpbrY6j1HNPF7fS2LhG9SF2wtyK98GSwq
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent