extractor.py

Extracts machine codes from binary file between magic pattern

usage : python extractor.py [binary]

import sys, os, re

regex = re.compile('\x90\x90\x31\xc0\x90\x90[\S\s]*\x90\x90\x31\xc0\x90\x90')

fd = open(sys.argv[1])

it = regex.finditer( fd.read() )

code = ''

res1 = ''

res2 = ''

for match in it:

code = match.group()

res1 = code[6:][0:-6].encode('hex')

print 'shellcode len : ' + str(len(res1)/2)

print res1

res2 = '\\x' + '\\x'.join(x.encode('hex') for x in code[6:][0:-6])

print res2