ShenCode - ModOut - Heckhausen.IT

Output shellcode in different styles

Description

The modout module converts binary data, such as shellcodes, into human-readable output.

You can use different styles:

Command

shencode core modout --input shell.raw --syntax [inspect, {c, casm, cs, ps1, py, hex}] {--lines} {--no-line-break} {--bytes-per-row} {--decimal}

Inspect

If you want to analyze a shellcode, try to use the --syntax inspect command. This will display 16 bytes per line with additional offsets. You can manipukate the output with --bytes-per-row and --decimal, which are described further down.

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000: 55 48 e2 80 b0 c3 a5 48 c6 92 c3 ac 40 48 31 c3
00000010: 80 48 e2 80 b0 45 c3 b8 48 e2 80 b0 45 c3 b0 48
00000020: e2 80 b0 45 c3 a8 48 e2 80 b0 45 c3 a0 48 e2 80
00000030: b0 45 c3 98 48 e2 80 b0 45 c3 90 48 e2 80 b0 45

Language outputs

C / C++

Well known C / C++ output.

Example

--syntax c

"\x55\x48\x89\xe5\x48\x83\xec\x40\x48\x31\xc0\x48\x89\x45\xf8\x48"
"\x89\x45\xf0\x48\x89\x45\xe8\x48";

C-ASM

If you want to inject Code with inline assembly in C, you need this special output.

Example

--syntax casm

".byte 0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40,0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48\n\t"
".byte 0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48"

C#

This is the C# output format.

Example

--syntax cs

0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40,0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48
0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48

Powershell

This generates a PowerShell byte array.

Example

--syntax ps1

0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40,0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48
0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48

Python

If you want to work with a python byte array, here you are!

Example

--syntax py

buf += b'\x55\x48\x89\xe5\x48\x83\xec\x40\x48\x31\xc0\x48'

Hex

Text-based outputs in hex.

Example

--syntax hex

554889e54883ec404831c0488945f8488945f0488945e848

Additional outputs

Lines

You can add lines/offsets to your output for a better readability and analysis with --lines --syntax c

[*] processing shellcode format...
0x00000000: "\x55\x48\x89\xe5\x48\x83\xec\x40\x48\x31\xc0\x48\x89\x45\xf8\x48"
0x00000016: "\x89\x45\xf0\x48\x89\x45\xe8\x48";
[+] DONE!

No line break

Disable Line Breaks with the --no-line-break argument