Shellcode analysis is not trivial. Static analysis is ineffective and easily to be defeated. Moreover, static analysis tools are usually not free. Dynamic analysis requires the shellcode to be loaded into another process in an appropriate environment, which is often a virtual machine.
In this presentation we introduce PyAna, a new tool that aims to make it easier to analyze shellcode. PyAna uses the Unicorn framework to emulate CPU, and creates a virtual Windows process, into which the shellcode is injected and analyzed. This allows automating the analysis, and provides a flexible and light-weight environment without requiring virtual machines.