ConvertShellcode

From aldeid
Jump to: navigation, search

Description

ConvertShellcode is a tool written by Alain Rioux. It shows the assembly instructions that the supplied shellcode string represents.

Installation

Get it from: http://zeltser.com/reverse-malware/ConvertShellcode.zip

Usage

Usage: ConvertShellcode.exe [Shellcode]

Supported formats:

  • "\xEB\x08\xBA\x4D\x11\x86\x7C\xFF\xD2\xCC\xE8\xF3\xFF\xFF\xFF\x63"
  • "%uc92b%ue983%ud9eb%ud9ee%u2474%u5bf4%u7381%u1313%u2989"
  • "%40%6E%40%6E%40%6E%40%6E%40%6E%40%6E%40%6E%40%6E%97%6E%40"
  • "%u9090"
  • "\u9090"
  • "&#x9090"

Example

C:\tools\ConvertShellcode>ConvertShellcode.exe "\x90\x90\x90\x90\x90\x90\x90
\x90\x90\x90\x90\x8b\xec\x55\x8b\xec\x68\x65\x78\x65\x20\x68\x63\x6d\x64\x2e\
x8d\x45\xf8\x50\xb8\x44\x80\xbf\x77\xff\xd0" 

ConvertShellcode 2.0
Copyright (C) 2009 Alain Rioux.  All rights reserved.

Assembly language source code :
***************************************
00000000  nop
00000001  nop
00000002  nop
00000003  nop
00000004  nop
00000005  nop
00000006  nop
00000007  nop
00000008  nop
00000009  nop
0000000a  nop
0000000b  mov ebp,esp
0000000d  push ebp
0000000e  mov ebp,esp
00000010  push dword(0x20657865)
00000015  push dword(0x2e646d63)
0000001a  lea eax,[ss:ebp+0xfffffff8]
0000001d  push eax
0000001e  mov eax,0x77bf8044
00000023  call eax

Comments

blog comments powered by Disqus