📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
Dynamically Reverse-Engineer Code
General
Shellcode
Scripts
ELF Files
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered by GitBook

Shellcode

Dynamically Reverse-Engineer Code

shellcode2exe.bat

Convert 32 and 64-bit shellcode to a Windows executable file.

Website: https://github.com/repnz/shellcode2exe Author: Ori Damari: https://twitter.com/0xrepnz License: Free, unknown license Notes: Use full path name to specify the input file; look for the output file in /usr/local/shellcode2exe-bat State File: remnux.tools.shellcode2exe-bat​

Speakeasy

Emulate code execution, including shellcode, Windows drivers, and Windows PE files.

Website: https://github.com/fireeye/speakeasy Author: FireEye Inc, Andrew Davis License: MIT License: https://github.com/fireeye/speakeasy/blob/master/LICENSE.txt Notes: run_speakeasy.py, emu_exe.py, emu_dll.py State File: remnux.python3-packages.speakeasy​

Qiling

Emulate code execution of PE files, shellcode, etc. for a variety of OS and hardware platforms.

Website: https://www.qiling.io Author: https://github.com/qilingframework/qiling/blob/master/AUTHORS.TXT License: GNU General Public License (GPL) v2.0: https://github.com/qilingframework/qiling/blob/master/COPYING Notes: Use qltool to analyze artifacts. Before analyzing Windows artifacts, gather Windows DLLs and other components using the dllscollector.bat script. Read the tool's documentation to get started. State File: remnux.python3-packages.qiling​

Bitdefender Disassembler (bddisasm)

Disassemble 32 and 64-bit assembly instructions and emulate shellcode execution.

Website: https://github.com/bitdefender/bddisasm Author: Bitdefender's HVI Team: https://bitdefender.com License: Apache License 2.0: https://github.com/bitdefender/bddisasm/blob/master/LICENSE Notes: disasmtool State File: remnux.packages.bddisasm​

cut-bytes.py

Cut out a part of a data stream.

Website: https://blog.didierstevens.com/2015/10/14/cut-bytes-py/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.cut-bytes​

scdbg

Analyze shellcode by emulating its execution.

Website: http://sandsprite.com/blogs/index.php?uid=7&pid=152 Author: David Zimmer License: Free, unknown license Notes: scdbg (GUI), scdbgc (console) State File: remnux.packages.scdbg​

libemu

A library for x86 code emulation and shellcode detection

Website: https://github.com/buffer/libemu Author: https://github.com/buffer/libemu/blob/master/AUTHORS License: Free, unknown license State File: remnux.packages.libemu​

XORSearch

Locate and decode strings obfuscated using common techniques.

Website: https://blog.didierstevens.com/programs/xorsearch/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: xorsearch State File: remnux.packages.xorsearch​

Previous
General
Next
Scripts
Last updated 1 month ago
Contents
shellcode2exe.bat
Speakeasy
Qiling
Bitdefender Disassembler (bddisasm)
cut-bytes.py
scdbg
libemu
XORSearch