scdbg updates


Author: David Zimmer
Date: 07.14.13 - 1:16pm



just a quick note on some scdbg updates.

the -f   load file option can now accept %u, %xx, \x, and raw hex blobs as input as well as the traditional raw binary blobs. The converters will ignore leading white space, as well as common characters such plus signs, quotes, tabs, commas, new lines, spaces, and semicolons. If you want to double check the converted buffer, you can use -conv to dump it to disk as binary data, -dump to view a hexdump of it, or you examine it in memory from the debug shell.

-findsc mode has been enhanced, if it cant locate any shellcode on the first pass, it will now -bswap (byte swap) the input buffer and try again, if that fails it will also -eswap (endian swap) the original buffer and try one more time. Reliability of -findsc mode has also been increased, there was previously a strange bug that could crop up due to the libemu environment not being reset enough in between runs. (I should port this fix back to the *nix build eventually)

when experimenting with trying to handle rop shellcodes, I added the -rop, -raw, -wint, and -wstr commands. -raw is like -path except it loads a raw file data into memory, -wint and -wstr are both handy for manually patching up shellcode just before execution. You can even run data just entered with any of these using the -nofile addition to the command line. -dllmap has also been added to the main command line (previously undocumented command from the debug shell prompt) which now also shows dll version (useful if playing with rop chains)

In addition to the existing -d directory mode (or drop a folder on the scdbg icon), it can now also process .scmd files which are basically just a listing of command line options in a flat text file, but which can include comments and new lines for easy reading/modification.

currently we are up to 199 implemented api, across 12 dlls, and supporting 244 opcodes. These stats along with the specific api it supports are available through the -hooks command line option.

Thats all thats coming to mind. cutting edge binaries are always available on github, with the latest stable build in the main download package

In other news, shellcode_2_exe has also received some updates. The new Detect Type option will auto detect shell scripts, javascript, perl, text, flash, executables, and low entropy and display them appropriately. The hexdump option has also been enhanced with some more tools such the capability to perform various byte swaps, signature scanner, xor scanner, entry point scanner, and web disassembler. Several x64 husks are also provided should you need them.




Comments: (0)

 
Leave Comment:
Name:
Email: (not shown)
Message: (Required)
Math Question: 30 + 34 = ? followed by the letter: T 



About Me
More Blogs
Main Site
Posts: (year)
2023 (4)
     Yara Workbench Automation
     VS linker versions
     IDA decompiler comments
     DispCallFunc
2022 (5)
     VB6 Implements
     VB6 Stubs BS
     VB6 TypeInfo
     VB6 VTable Layout
     Yara isPCode rule
2021 (2)
     rtcTypeName
     VB6 Gosub
2020 (5)
     AutoIT versions
     IDA JScript 2
     Using VB6 Obj files from C
     Yara Corrupt Imports
     Yara Undefined values
2019 (6)
     Yara WorkBench
     SafeArrayGetVartype
     vb6 API and call backs
     PrintFile
     ImpAdCallNonVirt
     UConnect Disable Cell Modem
2017 (5)
     IDA python over IPC
     dns wildcard blocking
     64bit IDA Plugins
     anterior lines
     misc news/updates
2016 (4)
     KANAL Mod
     Decoders again
     CDO.Message Breakpoints
     SysAnalyzer Updates
2015 (5)
     SysAnalyzer and Site Updates
     crazy decoder
     ida js w/dbg
     flash patching #2
     JS Graphing
2014 (5)
     Delphi IDA Plugin
     scdbg IDA integration
     API Hash Database
     Winmerge plugin
     IDACompare Updates
2013 (9)
     Guest Post @ hexblog
     TCP Stream Reassembly
     SysAnalyzer Updates
     Apilogger Video
     Shellcode2Exe trainer
     scdbg updates
     IDA Javascript w/IDE
     Rop Analysis II
     scdbg vrs ROP
2012 (13)
     flash patching
     x64 Hooks
     micro hook
     jmp api+5 *2
     SysAnalyzer Updates
     InjDll runtime config
     C# Asm/Dsm Library
     Shellcode Hook Detection
     Updates II
     findDll
     Java Hacking
     Windows 8
     Win7 x64
2011 (19)
     Graphing ideas
     .Net Hacking
     Old iDefense Releases
     BootLoaders
     hll shellcode
     ActionScript Tips
     -patch fu
     scdbg ordinal lookup
     scdbg -api mode
     Peb Module Lists
     scdbg vrs Process Injection
     GetProcAddress Scanner
     scdbg fopen mode
     scdbg findsc mode
     scdbg MemMonitor
     demo shellcodes
     scdbg download
     api hashs redux
     Api hash gen
2010 (11)
     Retro XSS Chat Codes
     Exe as DLL
     Olly Plugins
     Debugging Explorer
     Attach to hidden process
     JS Refactoring
     Asm and Shellcode in CSharp
     Fancy Return Address
     PDF Stream Dumper
     Malcode Call API by Hash
     WinDbg Cheat Sheet
2009 (1)
     GPG Automation