Shadow-Master Posted October 29, 2013 Share Posted October 29, 2013 So I was writing a PERL script to automate Ghostwriting ASM shellcode and sort of hit a block in terms of designing the obfuscation engine. But, what I do have now is a fairly functional ASM parser. THere are definitely issues, and certainly things that can be added to improve, but it does things well for the most part. I had an idea to make it more useful/fun. What about giving the user a register+stack state and having him code the ASM for it using the inline parser I have in the script and give him points for doing clever things and solving difficult problems with fewer lines of code. The point of all this being to help people understand ASM and shellcode, and possibly draw more interest into the shellcoding world, which I happen to greatly enjoy. Sample outputs of my program look something like this: Phant0m>mov eax,0x41414141<> {!} -- Instruction: >MOV< FirstOp: >eax< Value: >0x41414141<<> {!} -- CMD: MOV EAX, 0x41414141<> {!} -- Registering a change in EAX.<> {!} -- Change Registered.<> {!} -- EAX has changed. Taking that into account.<> {!} -- Changing the child registers of EAX now.<> {!} -- Child registers of EAX now changed.<> {!} -- EAX is now: 1094795585.<> {!} -- Updating flags...<> {!} -- Bit length of EAX is: 32<> {!} -- Flags are now changed. ZF: 0 SF: 0 OF: 0 Current status: All purpose Registers----------------------------EAX: 0x41414141 AX: 0x4141 AH: 0x41 AL: 0x41EBX: 0x071DBDF8 BX: 0xBDF8 BH: 0xBD BL: 0xF8ECX: 0x38ECCEBF CX: 0xCEBF CH: 0xCE CL: 0xBFEDX: 0x0EF4DFF1 DX: 0xDFF1 DH: 0xDF DL: 0xF1 ZF: 0 SF: 0 OF: 0 ESP: 0x0A3C9827 EBP: 0x0A3C9817 Stack---------------------------------Hex-----------Decimal---------String----Phant0m>push eax<> {!} -- Instruction: >PUSH< FirstOp: >eax< Value: ><<> {!} -- CMD: PUSH eax<> {!} -- Registering a change in ESP.<> {!} -- Change Registered.<> {!} -- 1094795585 has been pushed to stack. Current status: All purpose Registers----------------------------EAX: 0x41414141 AX: 0x4141 AH: 0x41 AL: 0x41EBX: 0x071DBDF8 BX: 0xBDF8 BH: 0xBD BL: 0xF8ECX: 0x38ECCEBF CX: 0xCEBF CH: 0xCE CL: 0xBFEDX: 0x0EF4DFF1 DX: 0xDFF1 DH: 0xDF DL: 0xF1 ZF: 0 SF: 0 OF: 0 ESP: 0x0A3C9828 EBP: 0x0A3C9817 Stack---------------------------------Hex-----------Decimal---------String----0x41414141 1094795585 AAAAPhant0m> So its fairly easy to read in its most verbose state, and definitely would help people learn ASM with greater fluency. Also, if people were to read my (terrible) source and improve on it, or give suggestions, the hacking community as a whle would benefit. Anyway, if anyone has feedback on this, let me know. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.