SETICE
	Shellcode Execution Trace Intrusion Countermesure


	
	What is this and how it works?


 This is just an POC tool to demonstrate one idea of mine made for some research
in Petnica Science Centre in the year of 2005. Never ment to actualy
be used somewhere just to demonstrate the posibility of detecting shellcodes by   
executing the contens of every package arived on the desired protocol and 
tracing  for any valid istructions. Program is tracing for syscalls actualy 
using ptrace() kernel debugging interface. It actualy captures the package, 
reads information from its headers for logging purposes, strips the headers, 
parse the rest of the data to testing part. Testing part then puts the data   
parsed to it into an environment variable , forks an child proces  "tchild" wich
reads the data from env,and trace it for syscalls. As this tchild program has       
specific number of syscalls it calls every time it is started, they are being 
skiped and it traces for inregular syscall.In case of syscall ptrace returns the 
number of syscall, and in casse there is no syscall returns -1. If the value 
returned by ptrace is -1 it means that no syscall has been called and that that     
package doesn`t contains shellcode.If an syscall number is returned the 
freiendly female voice informs you of the shellcode detection (not actualy , but
good idea isn`t it ). For more, see the coments. 
	Actualy, it detects ALL code that can be executed. An upgrade would be
to add an ability to distingush between malicious and valid code.           

	Installing 

	Nothing much to say about this. For some reason I never liked using 
Makefiles. So i give you an install script. Just run it and folow the 
instrutions (like there is any :)).


	For anything realted to this tool write to me at 
anikolic@phearless.org. I will be happy to see any kind of feedback. 



	Thanks to Shatterhand (shatter.phearless.org) for sharing his time 
and testing this.
	Visit the pHearless e-zine homepage at www.phearless.org.
	
						anikolic@phearless.org