Links

metasm

Metasm is a cross-architecture assembler, disassembler, linker, and debugger. It is written in such a way that it is easy to add support for new architectures. For now, the following architectures are in:
  • Intel Ia32.txt (16 and 32bits)
  • Intel X86_64.txt (aka Ia32 64bits, X64, AMD64)
  • MIPS
  • PowerPC
  • Sh4
Supports low and high-level debugging support (Ia32 only for now) under Windows, Linux and remote (via a gdbserver). Metasm is included in Metasploit by default.
  • Install Metasm gem
    gem install metasm
    More about installation here.

Converting Assembly to Op-code - metasm-shell.rb

You can find metasm-shell in ruby gems default path after installation. In my case, it's located in /var/lib/gems/2.1.0/gems/metasm-1.0.2/samples
  • Run it
ruby metasm-shell.rb
type "exit" or "quit" to quit
use ";" for newline
asm>
as you can see you are now in the shell's prompt
  • Find assembly op-code
asm> nop nop
"\x90\x90"
asm> call [eax]
"\xff\x10"
asm> push esp
"\x54"
asm> pop eax
"\x58"
Note: it is possible to do exactly the same thing with a metasploit embedded tool: nasm_shell.
$ /opt/metasploit/tools/exploit/nasm_shell.rb
nasm > jmp esp
00000000 FFE4 jmp esp