Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] How to decrypt shell code of an exploit?
On 22 Mar 2000, at 21:11, Gerhard Sittig wrote:

> That's an array (read: data block) containing binary code (obj
> code in hex notation). You wouldn't like to read this as text
> just like the processor won't try to do :) Have a look at the
> toolbox on your computer's disk -- it's plenty of aiding stuff.
>
> rpm -ql binutils
>
> nm(1) and (more likely) objdump(1) should be your friends. And
> some literature on the processor's (i386?) internals. Read "man
> 1 objdump" and look out for the "disass" catch word. Maybe you
> want to consult somebody with programming skills (C and
> assembly).

Hi,

there is a freeware disassembler around that runs under Dos
(freedos should work) to decode the array. One would defenitely
need an experienced assembler programmer to understand the
disassembled code anyway as the result should look somehow like

cld
push cx
mov cx, 0FFFh
mov al, 0
....

so nothing human readable.

mike

< Previous Next >
Follow Ups