scdbg updates


Author: David Zimmer
Date: 07.14.13 - 1:16pm



just a quick note on some scdbg updates.

the -f   load file option can now accept %u, %xx, \x, and raw hex blobs as input as well as the traditional raw binary blobs. The converters will ignore leading white space, as well as common characters such plus signs, quotes, tabs, commas, new lines, spaces, and semicolons. If you want to double check the converted buffer, you can use -conv to dump it to disk as binary data, -dump to view a hexdump of it, or you examine it in memory from the debug shell.

-findsc mode has been enhanced, if it cant locate any shellcode on the first pass, it will now -bswap (byte swap) the input buffer and try again, if that fails it will also -eswap (endian swap) the original buffer and try one more time. Reliability of -findsc mode has also been increased, there was previously a strange bug that could crop up due to the libemu environment not being reset enough in between runs. (I should port this fix back to the *nix build eventually)

when experimenting with trying to handle rop shellcodes, I added the -rop, -raw, -wint, and -wstr commands. -raw is like -path except it loads a raw file data into memory, -wint and -wstr are both handy for manually patching up shellcode just before execution. You can even run data just entered with any of these using the -nofile addition to the command line. -dllmap has also been added to the main command line (previously undocumented command from the debug shell prompt) which now also shows dll version (useful if playing with rop chains)

In addition to the existing -d directory mode (or drop a folder on the scdbg icon), it can now also process .scmd files which are basically just a listing of command line options in a flat text file, but which can include comments and new lines for easy reading/modification.

currently we are up to 199 implemented api, across 12 dlls, and supporting 244 opcodes. These stats along with the specific api it supports are available through the -hooks command line option.

Thats all thats coming to mind. cutting edge binaries are always available on github, with the latest stable build in the main download package

In other news, shellcode_2_exe has also received some updates. The new Detect Type option will auto detect shell scripts, javascript, perl, text, flash, executables, and low entropy and display them appropriately. The hexdump option has also been enhanced with some more tools such the capability to perform various byte swaps, signature scanner, xor scanner, entry point scanner, and web disassembler. Several x64 husks are also provided should you need them.




Comments: (0)

 
Leave Comment:
Name:
Email: (not shown)
Message: (Required)
Math Question: 42 + 69 = ? followed by the letter: N 



Twitter
RSS
About Me
More Blogs
Main Site
Posts: (All)
2020 ( 7 )
2019 ( 12 )
2017 ( 5 )
2016 ( 4 )
2015 ( 6 )
2014 ( 5 )
2013 (9)
     Guest Post @ hexblog
     TCP Stream Reassembly
     SysAnalyzer Updates
     Apilogger Video
     Shellcode2Exe trainer
     scdbg updates
     IDA Javascript w/IDE
     Rop Analysis II
     scdbg vrs ROP
2012 ( 13 )
2011 ( 19 )
2010 ( 11 )
2009 ( 1 )