Convert 32 and 64-bit shellcode to a Windows executable file.
Website: https://github.com/repnz/shellcode2exe Author: Ori Damari: https://twitter.com/0xrepnz License: Free, unknown license Notes: Use full path name to specify the input file; look for the output file in /usr/local/shellcode2exe-bat State File: remnux.tools.shellcode2exe-bat​
Emulate code execution, including shellcode, Windows drivers, and Windows PE files.
Website: https://github.com/fireeye/speakeasy Author: FireEye Inc, Andrew Davis License: MIT License: https://github.com/fireeye/speakeasy/blob/master/LICENSE.txt Notes: run_speakeasy.py, emu_exe.py, emu_dll.py State File: remnux.python3-packages.speakeasy​
Emulate code execution of PE files, shellcode, etc. for a variety of OS and hardware platforms.
Website: https://www.qiling.io
Author: https://github.com/qilingframework/qiling/blob/master/AUTHORS.TXT
License: GNU General Public License (GPL) v2.0: https://github.com/qilingframework/qiling/blob/master/COPYING
Notes: Use qltool
to analyze artifacts. Before analyzing Windows artifacts, gather Windows DLLs and other components using the dllscollector.bat script. Read the tool's documentation to get started.
State File: remnux.python3-packages.qiling​
Disassemble 32 and 64-bit assembly instructions and emulate shellcode execution.
Website: https://github.com/bitdefender/bddisasm Author: Bitdefender's HVI Team: https://bitdefender.com License: Apache License 2.0: https://github.com/bitdefender/bddisasm/blob/master/LICENSE Notes: disasmtool State File: remnux.packages.bddisasm​
Cut out a part of a data stream.
Website: https://blog.didierstevens.com/2015/10/14/cut-bytes-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.cut-bytes​
Analyze shellcode by emulating its execution.
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=152 Author: David Zimmer License: Free, unknown license Notes: scdbg (GUI), scdbgc (console) State File: remnux.packages.scdbg​
A library for x86 code emulation and shellcode detection
Website: https://github.com/buffer/libemu Author: https://github.com/buffer/libemu/blob/master/AUTHORS License: Free, unknown license State File: remnux.packages.libemu​
Locate and decode strings obfuscated using common techniques.
Website: https://blog.didierstevens.com/programs/xorsearch/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: xorsearch State File: remnux.packages.xorsearch​