Land #2804, @rcvalle's support for disasm on msfelfscan

lib/rex/elfscan/scanner.rb

@@ -1,4 +1,5 @@
 # -*- coding: binary -*-
+require 'metasm'
 
 module Rex
 module ElfScan
@@ -27,6 +28,26 @@ class Generic
           rva  = hit[0]
           message  = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
           $stdout.puts elf.ptr_s(rva) + " " + message
+          if(param['disasm'])
+            message.gsub!("; ", "\n")
+            if message.include?("retn")
+              message.gsub!("retn", "ret")
+            end
+
+            begin
+              d2 = Metasm::Shellcode.assemble(Metasm::Ia32.new, message).disassemble
+            rescue Metasm::ParseError
+              d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, [message].pack('H*'))
+            end
+
+            addr = 0
+            while ((di = d2.disassemble_instruction(addr)))
+              disasm = "0x%08x\t" % (rva + addr)
+              disasm << di.instruction.to_s
+              $stdout.puts disasm
+              addr = di.next_addr
+            end
+          end
         end
       end
 
@@ -203,4 +224,3 @@ end
 end
 end
 end
-

msfbinscan

@@ -112,7 +112,7 @@ opt.on('-I', '--image-base [address]', 'Specify an alternate ImageBase
   param['imagebase'] = opt2i(t)
 end
 
-opt.on('-D', '--disasm', 'Disassemble the bytes at this address          [PE]') do |t|
+opt.on('-D', '--disasm', 'Disassemble the bytes at this address          [PE|ELF]') do |t|
   param['disasm'] = true
 end
 

msfelfscan

@@ -82,6 +82,10 @@ opt.on('-B', '--before [bytes]', 'Number of bytes to show before match (-a/-b)')
   param['before'] = opt2i(t)
 end
 
+opt.on('-D', '--disasm', 'Disassemble the bytes at this address') do |t|
+  param['disasm'] = true
+end
+
 opt.on('-I', '--image-base [address]', 'Specify an alternate ImageBase') do |t|
   param['imagebase'] = opt2i(t)
 end