Silicon Shellcode Emulator

Silicon Shellcode Emulator

A lightweight x86/x64 emulator designed for Windows shellcode.

The emulator can be launched from the main window, from the command line or from an action.

The emulator can be executed from an action within any hex view.

Before the emulator is launched, a settings dialog is shown: an architecture and a memory profile must be selected.

If a memory profile isn’t already available, on Windows you can create a new one from a process on your system. An x86 shellcode requires an x86 process memory profile and an x64 shellcode requires an x64 process memory profile. Make sure that the selected process maps Urlmon.dll, which is often used by shellcode. On Linux and Mac it is necessary to copy a memory profile created on Windows to the profile directory.

Once the profile has been selected, the emulator can be launched.

In this case, we didn’t step through the code manually and just let the emulator run the code. As can be observed in the output view, the emulator simulated the APIs invoked by the shellcode.