EXTRACTION

EXTRACTING MACHINE CODE/SHELLCODE FROM BINARY

A binary's shellcode represents its executable .text section only, as shellcodes are meant to be directly executable. Note that not all binaries give working shellcodes that can be loaded directly to the memory and run. This is because there are specific requirements a shellcode must meet.

root@sre:~$ python3
 >>> from pwn import *                    //import pwntools
 >>> file = ELF('helloworld')             //use the ELF library to load an elf binary for reading
 
 //dump machine code from the executable .text section via the section()
 >>> file.section(".text").hex()
 '48be0020400000000000bf01000000ba12000000b8010000000f05b83c000000bf000000000f05'

* this extracts the .text section with pwntool which holds executable instructions
* the 'hex()' is used to encode the shellcode in hex format, instead of printing 
  it in raw bytes.

PreviousCONVERSION NextEXECUTION

Last updated 4 days ago