I was looking at some shellcode and there are lots of articles on how to compose shellcode but not that many on how to get it back to assembly for analysis.
The easiest way appears to be to dump the shellcode to a file, this can be done with a perl one liner e.g.
perl -e 'print "\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e"' > shellcode
Then using ndisasm from nasm to convert this shellcode back to assembly mnemonics. The shellcode I was looking at was for 32bit architecture therefore I can use the following
ndisasm -b 32 shellcode
Which gives me
00000000 682F2F7368 push dword 0x68732f2f
00000005 682F62696E push dword 0x6e69622f
It should be noted that this is a nonsense example as the shellcode only pushes "/bin//sh" onto the stack and does not do anything with it, however it shows how to use the tools.
Notes on various technologies and other cool stuff I am playing around with. My own technical stream of consciousness.
