Now that we have created a more efficient shellcode than generated by msfvenom, we can try another attempt at analyzing the shellcode by libemu.
Alas, it doesn’t do much again and not giving us anything useful in return.
$ sctest -vvv -S -s 10000 -G libemu_asm_linx86_adduser_jmp-pop-call < asm_linx86_adduser_jmp-pop-call
graph file libemu_asm_linx86_adduser_jmp-pop-call
verbose = 3
[emu 0x0x925d0a8 debug ] cpu state eip=0x00417000
[emu 0x0x925d0a8 debug ] eax=0x00000000 ecx=0x00000000 edx=0x00000000 ebx=0x00000000
[emu 0x0x925d0a8 debug ] esp=0x00416fce ebp=0x00000000 esi=0x00000000 edi=0x00000000
[emu 0x0x925d0a8 debug ] Flags:
[emu 0x0x925d0a8 debug ] cpu state eip=0x00417000
[emu 0x0x925d0a8 debug ] eax=0x00000000 ecx=0x00000000 edx=0x00000000 ebx=0x00000000
[emu 0x0x925d0a8 debug ] esp=0x00416fce ebp=0x00000000 esi=0x00000000 edi=0x00000000
[emu 0x0x925d0a8 debug ] Flags:
[emu 0x0x925d0a8 debug ] 7F45 jg 0x47
[emu 0x0x925d0a8 debug ] cpu state eip=0x00417002
[emu 0x0x925d0a8 debug ] eax=0x00000000 ecx=0x00000000 edx=0x00000000 ebx=0x00000000
[emu 0x0x925d0a8 debug ] esp=0x00416fce ebp=0x00000000 esi=0x00000000 edi=0x00000000
[emu 0x0x925d0a8 debug ] Flags:
[emu 0x0x925d0a8 debug ] 4C dec esp
[emu 0x0x925d0a8 debug ] cpu state eip=0x00417003
[emu 0x0x925d0a8 debug ] eax=0x00000000 ecx=0x00000000 edx=0x00000000 ebx=0x00000000
[emu 0x0x925d0a8 debug ] esp=0x00416fcd ebp=0x00000000 esi=0x00000000 edi=0x00000000
[emu 0x0x925d0a8 debug ] Flags:
[emu 0x0x925d0a8 debug ] 46 inc esi
[emu 0x0x925d0a8 debug ] cpu state eip=0x00417004
[emu 0x0x925d0a8 debug ] eax=0x00000000 ecx=0x00000000 edx=0x00000000 ebx=0x00000000
[emu 0x0x925d0a8 debug ] esp=0x00416fcd ebp=0x00000000 esi=0x00000001 edi=0x00000000
[emu 0x0x925d0a8 debug ] Flags:
[emu 0x0x925d0a8 debug ] 0101 add [ecx],eax
cpu error error accessing 0x00000004 not mapped
stepcount 3
copying vertexes
optimizing graph
vertex 0x92b4660
going forwards from 0x92b4660
-> vertex 0x92b67f8
-> vertex 0x92b6980
copying edges for 0x92b6980
vertex 0x92b6af8
going forwards from 0x92b6af8
copying edges for 0x92b6af8
[emu 0x0x925d0a8 debug ] cpu state eip=0x00417006
[emu 0x0x925d0a8 debug ] eax=0x00000000 ecx=0x00000000 edx=0x00000000 ebx=0x00000000
[emu 0x0x925d0a8 debug ] esp=0x00416fcd ebp=0x00000000 esi=0x00000001 edi=0x00000000
[emu 0x0x925d0a8 debug ] Flags: