metasm

Metasm is a cross-architecture assembler, disassembler, linker, and debugger. It is written in such a way that it is easy to add support for new architectures. For now, the following architectures are in:
Intel Ia32.txt (16 and 32bits)
Intel X86_64.txt (aka Ia32 64bits, X64, AMD64)
MIPS
PowerPC
Sh4
Supports low and high-level debugging support (Ia32 only for now) under Windows, Linux and remote (via a gdbserver). Metasm is included in Metasploit by default.
Install Metasm gem
1
gem install metasm
Copied!
More about installation here.
Converting Assembly to Op-code - metasm-shell.rb
You can find metasm-shell in ruby gems default path after installation. In my case, it's located in /var/lib/gems/2.1.0/gems/metasm-1.0.2/samples
Run it
1
ruby metasm-shell.rb
2
type "exit" or "quit" to quit
3
use ";" for newline
4
​
5
asm>
Copied!
as you can see you are now in the shell's prompt
Find assembly op-code
1
asm> nop nop
2
"\x90\x90"
3
asm> call [eax]
4
"\xff\x10"
5
asm> push esp
6
"\x54"
7
asm> pop eax
8
"\x58"
Copied!
Note: it is possible to do exactly the same thing with a metasploit embedded tool: nasm_shell.
1
$ /opt/metasploit/tools/exploit/nasm_shell.rb
2
nasm > jmp esp
3
00000000  FFE4              jmp esp
Copied!

Railgun API Extension

Module 0x6 | Forensic Kung Fu

Last modified 2yr ago

Copy link

Contents

Converting Assembly to Op-code - metasm-shell.rb