Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] How to decrypt shell code of an exploit?
  • From: Gerhard Sittig <Gerhard.Sittig@xxxxxxx>
  • Date: Thu, 23 Mar 2000 20:27:52 +0100
  • Message-id: <20000323202752.Q24822@xxxxxxxxxxxxx>
On Wed, Mar 22, 2000 at 22:13 +0100, Thomas Michael Wanka wrote:
>
> there is a freeware disassembler around that runs under Dos
> (freedos should work) to decode the array.

Speaking of DOS: Every version I know of (although being only
the 4.0 through 6.2 lines of MS and DR's versions) came with a
program called debug.exe. If one doesn't mind (e)ntering the
data (maybe by means of a clipboard or selection tool when of the
lazy kind) one can (u)nassemble any hex dump coming across. But
then: debug.exe doesn't know about processors beyond 80286 or
doesn't even know this one's features. So chances are you won't
see i386 code in any readable form and being "db"ed instead. :(

Just FYI if you don't get what you want with objdump(1) -- I
don't know well this can cope with formats _not_ being produced
by cc(1), ld(1) or ar(1), i.e. not being a supported executable
format.


virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@xxxxxxx
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.

< Previous Next >
Follow Ups