Friday, 8 January 2016
0 comments

PyAna - Analyzing the Windows shellcode..

Windows Shellcode Analysis


PyAna - Analyzing the Windows shellcode..

Using Unicorn Framework for emulating shellcode. PyAna emulate a process on Windows: PEB, TIB, LDR_MODULE to create a emulative environment.


Usage
From commandline type: PyAna.py [shellcode]
Ex: PyAna.py Samples/UrlDownloadToFile.sc

Dependencies
PyAna depends on :
  • Unicorn Framework & Capstone developing by Nguyen Anh Quynh.
  • pefile developing by Ero Carrera

Status
  • Implement in Python using Unicorn binding
  • Emulating a simple shellcode: calc, UrlDownloadToFile
  • Windows system structure emulator is not complete
  • A few of Win32 API hooking
  • Only support 32 bit

TODO
  • support PE file on Windows
  • support unpacking
  • apply on fuzzing, exploit detection.

Download

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

 
Toggle Footer
Top