Output shellcode in different styles

Description

The formatout module converts the content of a binary file in a human readable output. You can use different styles:

Command

python shencode.py formatout --input shell.raw --syntax [inspect, {c, casm, cs, ps1, py, hex, base64}] {--lines} {--no-break} {--write output.txt}

Language outputs

C / C++

Well known C / C++ output.

Example

--syntax c

"\x55\x48\x89\xe5\x48\x83\xec\x40\x48\x31\xc0\x48\x89\x45\xf8\x48"
"\x89\x45\xf0\x48\x89\x45\xe8\x48";

C-ASM

If you want to inject Code with inline assembly in C, you need this special output.

Example

--syntax casm

".byte 0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40,0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48\n\t"
".byte 0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48"

C#

This is the C# output format.

Example

--syntax cs

0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40,0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48
0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48

Powershell

This generates a PowerShell byte array.

Example

--syntax ps1

[Byte[]] $buf = 0x55,0x48,0x89,0xe5,0x48,0x83,0xec,0x40,0x48,0x31,0xc0,0x48,0x89,0x45,0xf8,0x48
0x89,0x45,0xf0,0x48,0x89,0x45,0xe8,0x48

Python

If you want to work with a python byte array, here you are!

Example

--syntax py

buf =  b''
buf += b'\x55\x48\x89\xe5\x48\x83\xec\x40\x48\x31\xc0\x48'

Hex / Base64

Text-based outputs are hex and base64.

Example

--syntax hex

554889e54883ec404831c0488945f8488945f0488945e848

--syntax base64

NTU0ODg5ZTU0ODgzZWM0MDQ4MzFjMDQ4ODk0NWY4NDg4OTQ1ZjA0ODg5NDVlODQ4ODk0NWUwNDg4OTQ1ZDg0ODg5NDVkMDQ4ODk0NWM4NTA0OGI4NTc2OTZlNDU3ODY1NjMxMTQ4YzFlMDA4NDhjMWU4MDg1MD...NDg4M2M0Mzg0ODgzYzQxODQ4ODNjNDA4NWQ=

Additional outputs

Inspect

If you want to analyze a shellcode, try to use the --syntax inspect command. This will display 8 byte per line with additional offsets.

[*] processing shellcode format...
0x00000000: 55 48 89 e5 48 83 ec 40
0x00000008: 48 31 c0 48 89 45 f8 48
0x00000016: 89 45 f0 48 89 45 e8 48
0x00000024:
[+] DONE!

Lines

You can add lines/offsets to your output for a better readability and analysis with --lines --syntax c

[*] processing shellcode format...
0x00000000: "\x55\x48\x89\xe5\x48\x83\xec\x40\x48\x31\xc0\x48\x89\x45\xf8\x48"
0x00000016: "\x89\x45\xf0\x48\x89\x45\xe8\x48";
[+] DONE!

No-break

Disable Line Breaks with the --no-break argument

Write output in a template

You can prepare files to replace a variable with the generated output:

  • TemplateFile.cpp: 
    unsigned char buf[] =
!++BUFFER++!

--syntax c --write TemplateFile.cpp will replace !++BUFFER++! with the generated output:

unsigned char buf[] =
"\x90\x01\..\xff";