/* binary (ELF) to shellcode converter */ /* by Dalnet SLACKo slacko@mail.ru */ #include #include #include #include #include int main(int argc,char **argv) { Elf32_Ehdr _ehdr; Elf32_Shdr _shdr; struct stat _info; unsigned long _mapped; unsigned long _offset; int fd,i,_shnum; int _nextsize = 0; stat(argv[1],&_info); if(argc!=2) { fprintf(stderr,"Usage %s \n",argv[0]); exit(1); } if((fd = open(argv[1],O_RDWR,0)) == -1) { perror("open()"); exit(1); } (void *)_mapped = mmap(0,_info.st_size,PROT_READ|PROT_WRITE,MAP_SHARED,fd,0); if( *(long *)_mapped != (long)0x464c457f) { fprintf(stderr,"File is not an ELF binary file\n"); exit(1); } _ehdr = *(Elf32_Ehdr *)_mapped; _shnum = _ehdr.e_shnum; _shdr = *(Elf32_Shdr *)(_mapped + _ehdr.e_shoff); _offset = _ehdr.e_entry - 0x08048000; for(i=0;i<_shnum;i++) { if(_shdr.sh_offset == _offset) break; else { _nextsize += sizeof(Elf32_Shdr); _shdr = *(Elf32_Shdr *)(_mapped + _ehdr.e_shoff + _nextsize); } } printf("Shellcode size %d bytes\n",_shdr.sh_size); for(i=0;i<_shdr.sh_size;i++) { if(!(i % 10) && i!=0) printf("\"\n\""); if(i == 0) printf("\n\""); printf("\\x%x",*(unsigned char *)(_mapped + _offset + i)); } printf("\"\n\n"); munmap((void *)_mapped,_info.st_size); close(fd); }