Inspect and display files in different formats
Description
The output module converts binary data, such as shellcodes, into human-readable output.
You can use different styles:
Command
shencode core output [-h] [-i INPUT] [-s {c,casm,cs,ps1,py,hex,inspect}] [-b INT] [-hl HIGHLIGHT] [-n]
[-r RANGE RANGE] [-d] [-l] [-o OUTPUT]
options:
-h, --help show this help message and exit
-i, --input Input file or buffer for formatted output
-s, --syntax formatting the shellcode in C, Casm, C#, Powershell, python or hex
formatting:
-b, --bytes-per-row Define how many bytes per row will be displayed
-hl, --highlight highlights bytes
-n, --no-line-break no line break during output
-r, --range Set a range of bytes to output: <start> <end>
additional:
-d, --decimal Output decimal offsets instead of hex
-l, --lines adds a line numbering after each 8 bytes
-o, --output save output to file
Inspect
If you want to analyze a shellcode, try to use the --syntax inspect command. This will display 16 bytes per line with additional offsets. You can manipulate the output with --bytes-per-row and --decimal, which are described further down.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000: 55 48 e2 80 b0 c3 a5 48 c6 92 c3 ac 40 48 31 c3
00000010: 80 48 e2 80 b0 45 c3 b8 48 e2 80 b0 45 c3 b0 48
00000020: e2 80 b0 45 c3 a8 48 e2 80 b0 45 c3 a0 48 e2 80
00000030: b0 45 c3 98 48 e2 80 b0 45 c3 90 48 e2 80 b0 45
Language outputs
C / C++
Well known C / C++ output.
--syntax c
"\x55\x48\x89\xe5\x48\x83\xec\x40\x48\x31\xc0\x48\x89\x45\xf8\x48"
"\x89\x45\xf0\x48\x89\x45\xe8\x48";
C-ASM
If you want to inject Code with inline assembly in C, you need this special output.
--syntax casm
".byte 0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40,0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48\n\t"
".byte 0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48"
C#
This is the C# output format.
--syntax cs
0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40,0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48
0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48
Powershell
This generates a PowerShell byte array.
--syntax ps1
0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40,0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48
0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48
Python
If you want to work with a python byte array, here you are!
--syntax py
buf += b'\x55\x48\x89\xe5\x48\x83\xec\x40\x48\x31\xc0\x48'
Hex
Text-based outputs in hex.
--syntax hex
554889e54883ec404831c0488945f8488945f0488945e848
Additional outputs
Bytes per row
--bytes-per-row defines how many bytes per row will be displayed. The default value is 16.
Decimal
In combination with -l or -s inspect you can define decimal offset values
// Instead of this
00000000:0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40
00000008:0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48
00000010:0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48
// you will get that
00000000:0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40
00000008:0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48
00000016:0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48
Highlight
00will be automatically highlighted
If you want to highlight a value, use --highlight "00 FF":
Lines
You can add file offsets to your output for a better readability and analysis with --lines --syntax c
[*] processing shellcode format...
0x00000000: "\x55\x48\x89\xe5\x48\x83\xec\x40\x48\x31\xc0\x48\x89\x45\xf8\x48"
0x00000010: "\x89\x45\xf0\x48\x89\x45\xe8\x48";
[+] DONE!
No line break
Disable Line Breaks with the --no-line-break argument
Output
Save output to a file: --output filename.txt
Range
If the start byte is not 0, the positional offsets won’t be correct
To display only a range of bytes, select it with --range <start-byte> <end-byte>:
[*] processing shellcode format... NoLineBreak: False
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000: 55 48 89 e5 48 83 ec 40 48 31 c0 48 89 45 f8 48
00000010: 89 45
[#] Total length: 18 bytes
[+] DONE!
JSON Parameter
| Arguments | Values | Type |
|---|---|---|
| input | filename | str |
| syntax | syntax_keyword | str |
| bytes_per_row | 16 | int |
| decimal | true, false | bool |
| lines | true, false | bool |
| no_line_break | true, false | bool |
| range | 0, 0 | list |
| output | filename | str |