1 unstable release
0.1.0 | May 14, 2022 |
---|
#30 in #vulnerabilities
145KB
4K
SLoC
x86reducer
A Rust program for disassembling raw x86 assembly, written for JHU's Reverse Engineering and Vulnerability Analysis course.
Disassembly Mode
The primary mode, returns the disassembled output of a target binary. Note that the binary must only contain x86 assembly instructions, with the code beginning at offset 0.
❯ printf >tmp.asm "[BITS 32]\n\nstart:\n\txchg eax, eax\n"
❯ nasm tmp.asm
❯ cargo run -- -i tmp
Finished dev [unoptimized + debuginfo] target(s) in 0.01s
Running `target/debug/reducer -i tmp`
0x00000000: 90 nop
Byte Decoding Mode
You can also manually specify a MODR/M byte or MODR/M byte plus SIB byte,
and reducer
will decode it for you.
❯ cargo run -- --modrm 4d --sib 00
Finished dev [unoptimized + debuginfo] target(s) in 0.01s
Running `target/debug/reducer --modrm 4d --sib 00`
Decoding: 4D
ModRM { md: RmByte, reg: ECX, rm: EBP }
Decoding: 00
SIB { scale: None, index: EAX, base: EAX }
Known Issues in Disassembly Mode
There are several known issues which are entirely cosmetic.
- Signed bytes will sometimes be output as sign extended DWORDs.
- Unsigned bytes will sometimes be output as DWORDs.
- Instructions will be generated with ghost entries. For example,
reducer
will outputcall [ + esp + 0x00000033 ]
instead ofcall [esp + 0x33]
. - SIB bytes scaled by
esp
will not render correctly. E.g., they include a "blank"esp
followed by the scale, such as[*2 0x11223344]
.
There is one known issue which is not entirely cosmetic.
- Bad inputs are handled by throwing and catching panics. This is hacky and terrible.
Dependencies
~3.5MB
~71K SLoC