Rasm2

From aldeid
Jump to: navigation, search

Description

rasm2 — radare2 patch assembler and disassembler

Installation

$ sudo aptitude install radare2

Usage

Syntax

Usage: rasm2 [-e] [-o offset] [-a arch] [-s syntax] -d "opcode"|"hexpairs"|- [-f file ..]
Info.png
Note
If the last argument is '-', reads from stdin.

Options

-d
Disassemble from hexpair bytes
-D
Disassemble showing hexpair and opcode
-f
Read data from file
-F [in:out]
Specify input and/or output filters (att2intel, x86.pseudo, ...)
-o [offset]
Set start address for code (0x08048000)
-a [arch]
Set architecture plugin
-b [bits]
Set architecture bits
-s [syntax]
Select syntax (intel, att)
-B
Binary input/output (-l is mandatory for binary input)
-l [int]
Input/Output length. If '-l' value is greater than output length, output is padded with nops
-C
Output in C format
-L
List supported asm plugins
-e
Use big endian
-v
Show version information

Example

Given the following shellcode:

$ cat shellcode.txt 
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x8b\xec\x55\x8b\xec\x68\x65\x78\x65\x20\x68\x63\x6d\x64\x2e\x8d\x45\xf8\x50\xb8\x44\x80\xbf\x77\xff\xd0

Notice that you will have to provide Rasm with the string with the "\x" characters:

$ sed "s/\\\x//g" shellcode.txt | rasm2 -a x86 -d -
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
mov ebp, esp
push ebp
mov ebp, esp
push dword 0x20657865
push dword 0x2e646d63
lea eax, [ebp-0x8]
push eax
mov eax, 0x77bf8044
call eax

Comments

blog comments powered by Disqus

Keywords: ctf reverse-engineering rasm2