Skip to content

joshbooks/asmUtil

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
gadgets
gadgets
 
 
scripts
scripts
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

asmUtil

This was really cool to make, but I'm not sure if it makes any sense to use this when radare2 exists...
The idea of this project is to make it easier to do some cool assembly tricks, the first one I wanted to attack was pushing opcodes onto the stack and then calling rsp to acheieve eval-like behavior. I also wanted to keep it pure bash because it seeems like between nasm, objdump, and standard bash utils we should have more than enough power to do anything in assembly that the most twisted mind could ever dream of and every time you add a component you're introducing another things that downstream consumers have to manage and another thing that is eventually going to break. I target x86_64 because it's what every dev environment I've touched in the last 5 years runs. I use NASM instead of GAS or TASM or MASM because I like it more.

scripts

  • scripts/getOpcodes.sh takes lines of x86-64 nasm assembly and converts them into opcodes, pipe in a file or use it as an interactive assembler.
  • scripts/functions.inc provides the execWithOpcode function that accepts two bash "lamdas" as arguments, see the location of PLACEHOLDER 1 and PLACEHOLDER 2 in getOpcodes for all avaiable variables. The first can execute against $byte, which will be filled with each byte of each opcode in turn, the second can execute against $opCode which will be filled with the byte sequence making up each opcode in turn
  • scripts/getPushes.sh takes lines of x86-64 nasm assembly and at the end spits out pushAsm.asm containing (hopefully) legal push instructions containing the opcodes of the instructions taken from stdin with the byte order of the opcodes reversed to facilitate calling rsp, followed by the call rsp instruction. It also creates opcodesToPush, a file conatining lines consisting of one ascii ascii hex byte each.
  • scripts/bytesToAsm.sh takes lines from stdin consisting of one ascii hex byte(like the ones found in the output of getOpcodes.sh and getPushes.sh) each and shows you what assembly instructions the sequencer would make of them
  • make takes one argument, let's call it $filename. make will generate an elf-64 binary from a Nasm x86_64 assembly program named "$filename.asm" Along the way it might generate a warning about a missing _start label. I'm still working on that. The binary should still work.

gadgets

  • gadgets/exit.asm calls the exit syscall. Clobbers rax
  • gadgets/exit0.asm zeroes rdi and calls the exit syscall. Clobbers rax, rdi
  • gadgets/pushEpilogue.asm calls rsp, automatically added to the end of programs generated by scripts/getPushes.sh. Clobbers rsp, stack
  • gadgets/pushExample.asm inserts 4 into dil, the lowest byte of rdi, which is the register used as the return code by the exit syscall. Clobbers dil, rsp, stack

working example

./scripts/getPushes.sh < gadgets/pushExample.asm
cat gadgets/exit.asm >> pushAsm.asm
make pushAsm
./!$
echo $?

About

stupid simple tools for x64 hackers

Topics

bash self-modifying-code x86-nasm

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages