[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Re: writing disassembler in Ruby

Tomasz Wegrzanowski

11/17/2006 10:16:00 AM

On 11/17/06, Jacek Podkanski <thread@supanet.com> wrote:
> Hi,
>
> This is my first post here.
>
> I am interested in writing a disassembler using Ruby.
>
> I have attached little example of my experiments with Ruby and ndisasm.
>
> Please comment on the code usefulness of it etc.
>
> do you know of any disassembler written in Ruby?

Hello,

I don't know any (x86 assembly is so ugly and complex that most people
would rather reuse existing disassembler), but disassemblers output plain text,
and text can be very easily processed by Ruby.

I even did so just a few days ago to extract compiled methods from
CMUCL-generated image file for some benchmarking reasons ;-)
If you're interested, here's extract from my .bash_history:

$ ndisasm -a -b 32 image-cl.x86f >l-da
$ cat l-da | ruby -nle 'i=$_[28..-1]; next unless i =~
/\A(?:call|j\S+|jmp short) 0x(\S+)\Z/; $x||=[]; a="0" * (4-$1.size) +
$1; $x << a; END {puts $x.sort.uniq}' >l-addresses
$ ruby -e 'ja={};
File.readlines("l-addresses").map{|a|ja[a.chomp.upcase]=true};
STDIN.each{|line| if !ja[line[4,4]] then line[4,4] = " " else
line[8,1] = ":" end; line[0,4]=""; puts line }' <l-da >l-da2
$ ruby -e 'File.read("l-da2").scan(/^[^\n]*pop dword.*?jmp
ecx[^\n]*$/m) { puts $&; puts ""}' >l-da3

Anyway, I think it's best to do something like what you did in deas.rb
- taking input
from some preexisting disassembler like ndisasm (or objdump which understand
many binary formats), and then processing it with Ruby.

--
Tomasz Wegrzanowski [ http://t-a-w.blo... ]
3 Answers

Bruno Michel

11/17/2006 10:51:00 AM

0

On 11/17/06, Jacek Podkanski <thread@supanet.com> wrote:
> Hi,
>
> This is my first post here.
>
> I am interested in writing a disassembler using Ruby.
>
> I have attached little example of my experiments with Ruby and ndisasm.
>
> Please comment on the code usefulness of it etc.
>
> do you know of any disassembler written in Ruby?

Hello,

I think you should take a look at metasploit. In particular, there is a
plugin, metasm, which can interrest you. I don't known if it is beta
software, or if it has been integrated to metasploit.

--
Bruno Michel

Yoann Guillot

11/20/2006 9:07:00 AM

0

On Fri, Nov 17, 2006 at 07:51:17PM +0900, Bruno Michel wrote:
> On 11/17/06, Jacek Podkanski <thread@supanet.com> wrote:
> >Hi,
> >
> >This is my first post here.
> >
> >I am interested in writing a disassembler using Ruby.
> >
> >I have attached little example of my experiments with Ruby and ndisasm.
> >
> >Please comment on the code usefulness of it etc.
> >
> >do you know of any disassembler written in Ruby?
>
> Hello,
>
> I think you should take a look at metasploit. In particular, there is a
> plugin, metasm, which can interrest you. I don't known if it is beta
> software, or if it has been integrated to metasploit.
>
> --
> Bruno Michel
>

Hi

I'm the developper of Metasm (which is a standalone full ruby lib).
It's not yet functionnal, but it's currently under heavy developpement
and I expect make a working release soon.

--
Yoann Guillot

Jacek Podkanski

11/21/2006 3:10:00 PM

0

Thanks for the info. I'll be happy to have a chance to play with it one day.

Yoann Guillot wrote:
> Hi
>
> I'm the developper of Metasm (which is a standalone full ruby lib).
> It's not yet functionnal, but it's currently under heavy developpement
> and I expect make a working release soon.
>
>