Game Changing Advances in Windows Shellcode Analysis Using SHAREM Framework

Explore groundbreaking advances in Windows shellcode analysis through this 43-minute DEF CON 31 conference presentation that introduces the innovative SHAREM framework. Dive into the framework's powerful capabilities, including emulation of shellcode with identification of 20,000 WinAPI functions and 99% of Windows syscalls. Learn how SHAREM achieves complete code coverage by preserving CPU register context and memory states, allowing for comprehensive analysis of all shellcode functionality. Discover how the framework revolutionizes shellcode analysis by presenting decoded forms in a disassembler and producing superior quality disassembly through emulation data integration. Understand the framework's unique features, including a custom disassembler and Ghidra plugin, which enable enhanced API identification and improved disassembly quality. Gain insights into practical applications for both analysis and shellcode development, demonstrated through examination of advanced shellcode specimens.