Add disassembly mode to msfpescan for -a

git-svn-id: file:///home/svn/framework3/trunk@5717 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-05 02:40:55 +00:00 · 2008-10-05 02:40:55 +00:00 · a87cbe1c5e
parent 183830fab5
commit a87cbe1c5e
2 changed files with 10 additions and 0 deletions
--- a/lib/rex/pescan/search.rb
+++ b/lib/rex/pescan/search.rb
@ -2,6 +2,8 @@ module Rex
 module PeScan
 module Search

+	require "rex/assembly/nasm"
+	
 	class DumpRVA
 		attr_accessor :pe
 		
@ -26,6 +28,10 @@ module Search
 			@address = 0 if (@address < 0 || ! @address)
 			buf = pe.read_rva(@address, suf)
 			$stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
+			if(param['disasm'])
+				$stdout.puts(::Rex::Assembly::Nasm.disassemble(buf))
+			end
+			
 		end	
 	end

--- a/4
+++ b/4
@ -98,6 +98,10 @@ opt.on('-B', '--before [bytes]', 'Number of bytes to show before match (-a/-b)')
 	param['before'] = opt2i(t)
 end

+opt.on('-D', '--disasm', 'Disassemble the bytes at this address') do |t|
+	param['disasm'] = true
+end
+
 opt.on('-I', '--image-base [address]', 'Specify an alternate ImageBase') do |t|
 	param['imagebase'] = opt2i(t)
 end