Friday 8 January 2016

Home » Exploits » Forensic » Forensic Tools » Intrusion Detection System » Python » Scripts » Tools » PyAna - Analyzing the Windows shellcode..

Exploits Forensic Forensic Tools Intrusion Detection System Python Scripts Tools

21:45:00

HackersOnlineClub

PyAna - Analyzing the Windows shellcode..

Windows Shellcode Analysis

PyAna - Analyzing the Windows shellcode..

Using Unicorn Framework for emulating shellcode. PyAna emulate a process on Windows: PEB, TIB, LDR_MODULE to create a emulative environment.

Usage
From commandline type: PyAna.py [shellcode]
Ex: PyAna.py Samples/UrlDownloadToFile.sc

Dependencies
PyAna depends on :

Unicorn Framework & Capstone developing by Nguyen Anh Quynh.
pefile developing by Ero Carrera

Status

Implement in Python using Unicorn binding
Emulating a simple shellcode: calc, UrlDownloadToFile
Windows system structure emulator is not complete
A few of Win32 API hooking
Only support 32 bit

TODO

support PE file on Windows
support unpacking
apply on fuzzing, exploit detection.

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)

Toggle Footer

Top