bobby
September 26th, 2008, 06:30
This post will be more of a request for help from a C/C++ coder...
Namely, there is a very nice project for analyzing shellcode:
http://libemu.mwcollect.org
(take the code from SVN as the download package is outdated)
I did succeed in compiling it on Cygwin/Win32, and it works very well.
Between examples from download package, there is a tool sctest, which can be used to analyze shellcode.
As I'm pretty dumb when it comes to C/C++, I would need help to remove some of the functionality from sctest.
It contains some built-in tests for libemu, as well a possibility to run external shellcode (in emulated environment). I would need the internal tests removed from the sctest as they are triggering AV programs (built-in tests contains shellcode from real malware).
Other nice thing would be to have it compiled without a dependency to Cygwin.
I did try to compile it with Mingw32, but it does not compile (probably some differences between POSIX and Win32).
If anyone is willing to help, I would be very thankful.
My plans are to integrate this tool into Malzilla.
Namely, there is a very nice project for analyzing shellcode:
http://libemu.mwcollect.org
(take the code from SVN as the download package is outdated)
I did succeed in compiling it on Cygwin/Win32, and it works very well.
Between examples from download package, there is a tool sctest, which can be used to analyze shellcode.
As I'm pretty dumb when it comes to C/C++, I would need help to remove some of the functionality from sctest.
It contains some built-in tests for libemu, as well a possibility to run external shellcode (in emulated environment). I would need the internal tests removed from the sctest as they are triggering AV programs (built-in tests contains shellcode from real malware).
Other nice thing would be to have it compiled without a dependency to Cygwin.
I did try to compile it with Mingw32, but it does not compile (probably some differences between POSIX and Win32).
If anyone is willing to help, I would be very thankful.
My plans are to integrate this tool into Malzilla.