# Shellcode ## shcode2exe Convert 32 and 64-bit shellcode to a Windows executable file. **Website**: \ **Author**: Karlo Licudine: \ **License**: GNU General Public License (GPL) v3.0: \ **State File**: [remnux.scripts.shcode2exe](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/shcode2exe.sls) ## shellcode2exe.bat Convert 32 and 64-bit shellcode to a Windows executable file. **Website**: \ **Author**: Ori Damari: \ **License**: Free, unknown license\ **Notes**: Use full path name to specify the input file; look for the output file in /usr/local/shellcode2exe-bat\ **State File**: [remnux.tools.shellcode2exe-bat](https://github.com/REMnux/salt-states/blob/master/remnux/tools/shellcode2exe-bat.sls) ## scdbg Analyze shellcode by emulating its execution. **Website**: \ **Author**: David Zimmer\ **License**: Free, unknown license\ **Notes**: scdbg (GUI), scdbgc (console). Due to a compatibility issue, this tool is not available on an Ubuntu 20.04 SIFT Workstation system to which REMnux was added.\ **State File**: [remnux.packages.scdbg](https://github.com/REMnux/salt-states/blob/master/remnux/packages/scdbg.sls) ## runsc Run shellcode to trace and analyze its execution. **Website**: \ **Author**: Evan Dygert: \ **License**: MIT License: \ **Notes**: Use the `tracesc` command to execute runsc within Wine in a way that traces the execution of shellcode. WARNING! This wrapper will actually execute the shellcode on the system, which might lead to your system becoming infected. Only use this wrapper in a properly configured, isolated laboratory environment, which you can return to a pristine state at the end of your analysis.\ **State File**: [remnux.packages.runsc](https://github.com/REMnux/salt-states/blob/master/remnux/packages/runsc.sls) ## Speakeasy Emulate code execution, including shellcode, Windows drivers, and Windows PE files. **Website**: \ **Author**: Mandiant, Andrew Davis\ **License**: MIT License: \ **Notes**: To run the tool, use `speakeasy`, `emu_exe.py`, and `emu_dll.py` commands.\ **State File**: [remnux.python3-packages.speakeasy](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/speakeasy.sls) ## Qiling Emulate code execution of PE files, shellcode, etc. for a variety of OS and hardware platforms. **Website**: \ **Author**: \ **License**: GNU General Public License (GPL) v2.0: \ **Notes**: Use `qltool` to analyze artifacts. Before analyzing Windows artifacts, gather Windows DLLs and other components using the [dllscollector.bat](https://github.com/qilingframework/qiling/blob/master/examples/scripts/dllscollector.bat) script. Read the tool's [documentation](https://docs.qiling.io) to get started.\ **State File**: [remnux.python3-packages.qiling](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/qiling.sls) ## libemu A library for x86 code emulation and shellcode detection. **Website**: \ **Author**: \ **License**: Free, unknown license\ **State File**: [remnux.packages.libemu](https://github.com/REMnux/salt-states/blob/master/remnux/packages/libemu.sls) ## XORSearch Locate and decode strings obfuscated using common techniques. **Website**: \ **Author**: Didier Stevens: \ **License**: Public Domain\ **Notes**: xorsearch\ **State File**: [remnux.packages.xorsearch](https://github.com/REMnux/salt-states/blob/master/remnux/packages/xorsearch.sls)