Description

rasm2 — radare2 patch assembler and disassembler

Installation

$ sudo aptitude install radare2

Usage

Syntax

Usage: rasm2 [-e] [-o offset] [-a arch] [-s syntax] -d "opcode"|"hexpairs"|- [-f file ..]

Note

If the last argument is '-', reads from stdin.

Options

-d

Disassemble from hexpair bytes

-D

Disassemble showing hexpair and opcode

-f

Read data from file

-F [in:out]

Specify input and/or output filters (att2intel, x86.pseudo, ...)

-o [offset]

Set start address for code (0x08048000)

-a [arch]

Set architecture plugin

-b [bits]

Set architecture bits

-s [syntax]

Select syntax (intel, att)

-B

Binary input/output (-l is mandatory for binary input)

-l [int]

Input/Output length. If '-l' value is greater than output length, output is padded with nops

-C

Output in C format

-L

List supported asm plugins

-e

Use big endian

-v

Show version information

Example

Given the following shellcode:

$ cat shellcode.txt 
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x8b\xec\x55\x8b\xec\x68\x65\x78\x65\x20\x68\x63\x6d\x64\x2e\x8d\x45\xf8\x50\xb8\x44\x80\xbf\x77\xff\xd0

Notice that you will have to provide Rasm with the string with the "\x" characters:

$ sed "s/\\\x//g" shellcode.txt | rasm2 -a x86 -d -
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
mov ebp, esp
push ebp
mov ebp, esp
push dword 0x20657865
push dword 0x2e646d63
lea eax, [ebp-0x8]
push eax
mov eax, 0x77bf8044
call eax

Comments