Pentest Tools

Published on January 9th, 2016 📆 | 3422 Views ⚑


PyAna — Analyzing the Windows shellcode

Powered by iSpeech

PyAna - Analyzing the Windows shellcode..

Using Unicorn Framework for emulating shellcode. PyAna emulate a process on Windows: PEB, TIB, LDR_MODULE to create a emulative environment.


[adsense size='1']
From commandline type: [shellcode]
Ex: Samples/

PyAna depends on :

  • Unicorn Framework & Capstone developing by Nguyen Anh Quynh.
  • pefile developing by Ero Carrera


  • Implement in Python using Unicorn binding
  • Emulating a simple shellcode: calc, UrlDownloadToFile
  • Windows system structure emulator is not complete
  • A few of Win32 API hooking
  • Only support 32 bit


  • support PE file on Windows
  • support unpacking
  • apply on fuzzing, exploit detection.

[adsense size='2']

Leave a Reply

Your email address will not be published.