Libemu sctest' output, created from PDF shellcodes

Libemu sctest' output, created from PDF shellcodes

I extracted this image using PDF malware that I got for analysis purpose. By using perl script I filter out the unneeded content and later put it in sctest(libemu tool). The graph created using dot command in Graphviz package

share the script?

Any chance you'd be willing to share the script you used to generate this? I'd prefer not to reinvent the wheel if I can help it. Thanx.

clausing, I prefer several

clausing,

I prefer several tips online (very few of them):
Example:
http://www.sudosecure.net/archives/313

But, I actually got problem following them exactly, so.. I used a tool provided by Didier Steven, Pyew

http://code.google.com/p/pyew/

Then, for PDF infected file, you take the shellcode (begin with unescape brackets), and filter them out using the link that I above (first link).
Finally, use libemu's tool from http://libemu.carnivore.it/

Libemu's tool called sctest has option to create Graphviz's DOT file. It should work if you are actually working on the correct shellcode :)

Pyew is not a Didier's tool

Hi,

Pyew is not a tool wrote by Didier Stevens, but by me, Joxean Koret.