Writing disassembler in Ruby

Hi,

This is my first post here.

I am interested in writing a disassembler using Ruby.

I have attached little example of my experiments with Ruby and ndisasm.

Please comment on the code usefulness of it etc.

do you know of any disassembler written in Ruby?

Jacek

deas.rb (4.03 KB)

Hello,

I don't know any (x86 assembly is so ugly and complex that most people
would rather reuse existing disassembler), but disassemblers output plain text,
and text can be very easily processed by Ruby.

I even did so just a few days ago to extract compiled methods from
CMUCL-generated image file for some benchmarking reasons
If you're interested, here's extract from my .bash_history:

$ ndisasm -a -b 32 image-cl.x86f >l-da
$ cat l-da | ruby -nle 'i=$_[28..-1]; next unless i =~
/\A(?:call|j\S+|jmp short) 0x(\S+)\Z/; $x||=; a="0" * (4-$1.size) +
$1; $x << a; END {puts $x.sort.uniq}' >l-addresses
$ ruby -e 'ja={};
File.readlines("l-addresses").map{|a|ja[a.chomp.upcase]=true};
STDIN.each{|line| if !ja[line[4,4]] then line[4,4] = " " else
line[8,1] = ":" end; line[0,4]=""; puts line }' <l-da >l-da2
$ ruby -e 'File.read("l-da2").scan(/^[^\n]*pop dword.*?jmp
ecx[^\n]*$/m) { puts $&; puts ""}' >l-da3

Anyway, I think it's best to do something like what you did in deas.rb
- taking input
from some preexisting disassembler like ndisasm (or objdump which understand
many binary formats), and then processing it with Ruby.

Hello,

I think you should take a look at metasploit. In particular, there is a plugin, metasm, which can interrest you. I don't known if it is beta software, or if it has been integrated to metasploit.

Hi

I'm the developper of Metasm (which is a standalone full ruby lib).
It's not yet functionnal, but it's currently under heavy developpement
and I expect make a working release soon.

Thanks for the info. I'll be happy to have a chance to play with it one day.

Yoann Guillot wrote: