Pentest Tools

Published on January 9th, 2016 📆 | 3422 Views ⚑

0

PyAna — Analyzing the Windows shellcode


Powered by iSpeech

PyAna - Analyzing the Windows shellcode..

Using Unicorn Framework for emulating shellcode. PyAna emulate a process on Windows: PEB, TIB, LDR_MODULE to create a emulative environment.

Usage

[adsense size='1']
From commandline type: PyAna.py [shellcode]
Ex: PyAna.py Samples/UrlDownloadToFile.sc

Dependencies
PyAna depends on :

  • Unicorn Framework & Capstone developing by Nguyen Anh Quynh.
  • pefile developing by Ero Carrera

Status

  • Implement in Python using Unicorn binding
  • Emulating a simple shellcode: calc, UrlDownloadToFile
  • Windows system structure emulator is not complete
  • A few of Win32 API hooking
  • Only support 32 bit

TODO

  • support PE file on Windows
  • support unpacking
  • apply on fuzzing, exploit detection.

[adsense size='2']
Download



Leave a Reply

Your email address will not be published.