Shellcode is known in the art. Generally, a shellcode is a program, application or code that starts a command shell. A command shell is a (typically non-graphical) program, application or code that that may provide or enable direct communication between a user and an OS. Accordingly, by executing a shellcode, a user may gain unrestricted access to an OS. For example, hackers use shellcodes in order to remotely control a computer, steal information or damage a computer by gaining unrestricted access to an OS in a remote computer.
Shellcodes typically execute (or call as referred to in the art) one or more dynamic link libraries (DLLs). Generally, a DLL is a set, group or collection of programs, routines, applications or executable code segments and/or related data (e.g., included in libraries as known in the art) that may be used (by more than one application), in order to cause an OS to perform an operation or a functionality or to provide a service.
In order to identify or detect shellcode, known system and methods expose an OS's memory image to an execution of a shellcode thus potentially providing the shellcode with unrestricted and/or unsupervised access to an OS.