Writing disassembler in Ruby

Hi,

This is my first post here.

I am interested in writing a disassembler using Ruby.

I have attached little example of my experiments with Ruby and ndisasm.

Please comment on the code usefulness of it etc.

do you know of any disassembler written in Ruby?

Jacek

On 11/17/06, Jacek P. [email protected] wrote:

do you know of any disassembler written in Ruby?
Hello,

I don’t know any (x86 assembly is so ugly and complex that most people
would rather reuse existing disassembler), but disassemblers output
plain text,
and text can be very easily processed by Ruby.

I even did so just a few days ago to extract compiled methods from
CMUCL-generated image file for some benchmarking reasons :wink:
If you’re interested, here’s extract from my .bash_history:

$ ndisasm -a -b 32 image-cl.x86f >l-da
$ cat l-da | ruby -nle ‘i=$_[28…-1]; next unless i =~
/\A(?:call|j\S+|jmp short) 0x(\S+)\Z/; $x||=[]; a=“0” * (4-$1.size) +
$1; $x << a; END {puts $x.sort.uniq}’ >l-addresses
$ ruby -e ‘ja={};
File.readlines(“l-addresses”).map{|a|ja[a.chomp.upcase]=true};
STDIN.each{|line| if !ja[line[4,4]] then line[4,4] = " " else
line[8,1] = “:” end; line[0,4]=“”; puts line }’ l-da2
$ ruby -e ‘File.read(“l-da2”).scan(/^[^\n]pop dword.?jmp
ecx[^\n]*$/m) { puts $&; puts “”}’ >l-da3

Anyway, I think it’s best to do something like what you did in deas.rb

  • taking input
    from some preexisting disassembler like ndisasm (or objdump which
    understand
    many binary formats), and then processing it with Ruby.

On Fri, Nov 17, 2006 at 07:51:17PM +0900, Bruno M. wrote:

Hi

I’m the developper of Metasm (which is a standalone full ruby lib).
It’s not yet functionnal, but it’s currently under heavy developpement
and I expect make a working release soon.

On 11/17/06, Jacek P. [email protected] wrote:

do you know of any disassembler written in Ruby?
Hello,

I think you should take a look at metasploit. In particular, there is a
plugin, metasm, which can interrest you. I don’t known if it is beta
software, or if it has been integrated to metasploit.

Thanks for the info. I’ll be happy to have a chance to play with it one
day.