Tuesday, June 4, 2013

One-liner to only get the shellcode from objdump

I just love www.commandlinefu.com :) Found a real treasure on it today.

This post is just a quick note for me how to get only the shellcode from objdump using a one-liner.

Solution 1

This one is OK, but note that at the second cut, we are getting only 6 columns, so you might need to modify that to fit your needs:

objdump -d ./PROGRAM | grep '[0-9a-f]:' | grep -v 'file' | cut -f2 -d: | cut -f1-6 -d' ' | tr -s ' ' | tr '\t' ' ' | sed 's/ $//g' | sed 's/ /\\x/g' | paste -d '' -s | sed 's/^/"/' | sed 's/$/"/g'

Solution 2

This one is actually better, since it does not rely on field widths:

for i in `objdump -d ./PROGRAM | tr '\t' ' ' | tr ' ' '\n' | egrep '^[0-9a-f]{2}$' `; do echo -n "\x$i" ; done | paste -d '' -s | sed 's/^/"/' | sed 's/$/"/g'

Happy hacking! :)

No comments :

Post a Comment