Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende Überarbeitung | |||
it-security:blog:obfuscation_polymorphic_in_memory_decoder [2024/09/23 11:02] – enable discussions psycore | it-security:blog:obfuscation_polymorphic_in_memory_decoder [2024/10/15 21:27] (aktuell) – psycore | ||
---|---|---|---|
Zeile 143: | Zeile 143: | ||
<code python> | <code python> | ||
- | python shencode.py extract -f calc.o -o calc.raw -fb 60 -lb 311 | + | python shencode.py extract -i calc.o -o calc.raw -fb 60 -lb 311 |
... | ... | ||
- | python shencode.py | + | python shencode.py |
... | ... | ||
- | python shencode.py | + | python shencode.py |
[*] processing shellcode format... | [*] processing shellcode format... | ||
0x6a, | 0x6a, | ||
Zeile 188: | Zeile 188: | ||
<code python> | <code python> | ||
- | python shencode.py | + | python shencode.py |
0x00000048: 00 00 00 00 00 00 00 00 | 0x00000048: 00 00 00 00 00 00 00 00 | ||
Zeile 198: | Zeile 198: | ||
0x00000336: 00 00 00 00 00 fe ff 00 | 0x00000336: 00 00 00 00 00 fe ff 00 | ||
- | python shencode.py extract -f xor-decoder.o -o xor-decoder.stub -fb 60 -lb 329 | + | python shencode.py extract -i xor-decoder.o -o xor-decoder.stub -fb 60 -lb 329 |
[*] try to open file | [*] try to open file | ||
Zeile 206: | Zeile 206: | ||
[+] DONE! | [+] DONE! | ||
- | python shencode.py | + | python shencode.py |
[*] processing shellcode format... | [*] processing shellcode format... | ||
Zeile 263: | Zeile 263: | ||
<code python> | <code python> | ||
- | python shencode.py | + | python shencode.py |
- | python shencode.py | + | python shencode.py |
</ | </ | ||