SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
License: GNU General Public License v3.0
Hi guys, looking really awesome tool, can't wait to play with it!
meanwhile I have difficulties to install on my local windows.
I followed the steps if Windows_installer.bat manually (because for example I need to call py.exe rather than python.exe in my system)
Also, validated that Sharem is installed using pip list.
C:\Users\<REDACTED>\Desktop\sharem [testing]> py .\main.py
Traceback (most recent call last):
File "C:\Users\<REDACTED>\Desktop\sharem\main.py", line 1, in <module>
from sharem import SharemMain
File "C:\Users\<REDACTED>\AppData\Local\Programs\Python\Python311\Lib\site-packages\sharem\__init__.py", line 1, in <module>
from .sharem import *
File "C:\Users\<REDACTED>\AppData\Local\Programs\Python\Python311\Lib\site-packages\sharem\sharem\__init__.py", line 1, in <module>
from .helper import *
File "C:\Users\<REDACTED>\AppData\Local\Programs\Python\Python311\Lib\site-packages\sharem\sharem\helper\__init__.py", line 4, in <module>
from .emuHelpers import *
File "C:\Users\<REDACTED>\AppData\Local\Programs\Python\Python311\Lib\site-packages\sharem\sharem\helper\emuHelpers.py", line 7, in <module>
from ..DLLs.dict4_ALL import *
ModuleNotFoundError: No module named 'sharem.sharem.DLLs'
It is a shellcode extractor, it will extract a CobaltStrike Beacon Dll x64 in mem and reflective load.
dump2.bin.txt is shellcode raw bin file.
Please rename it to .bin
Tks
dump2.bin.txt
Deleting all .dll files
Tested in Ubuntu 20.04 and Win10. According to documentation, harvested DLLs from windows (corrected x64 JSON file bc json could not parse) then I tried many x32/x64 shellcodes as binary and txt, some of them killed the python session instantly, and some of them did not find the APIs but most of them gave this error.
[*] Emulating x86 shellcode
Emulation error: Invalid memory read (UC_ERR_READ_UNMAPPED)
Last address: 0x12000005
Traceback (most recent call last):
File "/home/vvelitkn/Desktop/sharem/sharem/sharem/sharem/sharemu.py", line 1153, in test_i386
mu.emu_start(startLoc, (CODE_ADDR + em.entryOffset) + len(code))
File "/usr/local/lib/python3.8/dist-packages/unicorn-2.0.1.post1-py3.8-linux-x86_64.egg/unicorn/unicorn.py", line 550, in emu_start
raise self._hook_exception
File "/usr/local/lib/python3.8/dist-packages/unicorn-2.0.1.post1-py3.8-linux-x86_64.egg/unicorn/unicorn.py", line 392, in wrapper
return func(self, *args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/unicorn-2.0.1.post1-py3.8-linux-x86_64.egg/unicorn/unicorn.py", line 663, in _hookcode_cb
cb(self, address, size, data)
File "/home/vvelitkn/Desktop/sharem/sharem/sharem/sharem/sharemu.py", line 697, in hook_code
if retEnding(uc, mnemonic) or bad_instruct:
File "/home/vvelitkn/Desktop/sharem/sharem/sharem/sharem/helper/emuHelpers.py", line 761, in retEnding
retLoc = uc.mem_read(esp, 4)
File "/usr/local/lib/python3.8/dist-packages/unicorn-2.0.1.post1-py3.8-linux-x86_64.egg/unicorn/unicorn.py", line 579, in mem_read
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)
[*] CPU counter: 5
[*] Emulation complete
[*] No APIs discovered through emulation.
In /sharem/sharem/sharemu.py, the files stored at outFile and stackFile were closed, resulting in the occurrence of errors as described below. As a temporary solution, these lines have been commented out.
Sharem>Emulator> z
[*] Emulating x86 shellcode
Emulation error: I/O operation on closed file.
Last address: 0x12000000
Traceback (most recent call last):
File "/home/vvelitkn/Desktop/sharem/sharem/sharem/sharem/sharemu.py", line 1153, in test_i386
mu.emu_start(startLoc, (CODE_ADDR + em.entryOffset) + len(code))
File "/usr/local/lib/python3.8/dist-packages/unicorn/unicorn.py", line 550, in emu_start
raise self._hook_exception
File "/usr/local/lib/python3.8/dist-packages/unicorn/unicorn.py", line 392, in wrapper
return func(self, *args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/unicorn/unicorn.py", line 663, in _hookcode_cb
cb(self, address, size, data)
File "/home/vvelitkn/Desktop/sharem/sharem/sharem/sharem/sharemu.py", line 576, in hook_code
outFile.write(instructLine)
ValueError: I/O operation on closed file.
[*] CPU counter: 1
[*] Emulation complete
Sharem>Emulator> z
[*] Emulating x86 shellcode
Emulation error: I/O operation on closed file.
Last address: 0x12000000
Traceback (most recent call last):
File "/home/vvelitkn/Desktop/sharem/sharem/sharem/sharem/sharemu.py", line 1153, in test_i386
mu.emu_start(startLoc, (CODE_ADDR + em.entryOffset) + len(code))
File "/usr/local/lib/python3.8/dist-packages/unicorn/unicorn.py", line 550, in emu_start
raise self._hook_exception
File "/usr/local/lib/python3.8/dist-packages/unicorn/unicorn.py", line 392, in wrapper
return func(self, *args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/unicorn/unicorn.py", line 663, in _hookcode_cb
cb(self, address, size, data)
File "/home/vvelitkn/Desktop/sharem/sharem/sharem/sharem/sharemu.py", line 536, in hook_code
stackFile.write(timelessStack )
ValueError: I/O operation on closed file.
[*] CPU counter: 1
[*] Emulation complete
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.