removed nasm calls inplace of metasm, cleaned up some formatting as well

git-svn-id: file:///home/svn/framework3/trunk@12741 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-27 17:34:31 +00:00 · 2011-05-27 17:34:31 +00:00 · f92819e754
parent a891d53be4
commit f92819e754
2 changed files with 31 additions and 16 deletions
--- a/lib/rex/pescan/scanner.rb
+++ b/lib/rex/pescan/scanner.rb
@ -1,3 +1,5 @@
+require 'metasm'
+
 module Rex
 module PeScan
 module Scanner
@ -27,8 +29,15 @@ module Scanner
 					msg  = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
 					$stdout.puts pe.ptr_s(vma) + " " + msg
 					if(param['disasm'])
-						::Rex::Assembly::Nasm.disassemble([msg].pack("H*")).split("\n").each do |line|
-							$stdout.puts "\t#{line.strip}"
+						insns = []
+						d2 = Metasm::Shellcode.decode(msg, Metasm::Ia32.new).disassembler
+						addr = 0
+						while ((di = d2.disassemble_instruction(addr)))
+							insns << di.instruction
+							disasm = "0x%08x\t" % (vma + addr)
+							disasm << di.instruction.to_s
+							$stdout.puts disasm
+							addr = di.next_addr
 						end
 					end
 				end
--- a/lib/rex/pescan/search.rb
+++ b/lib/rex/pescan/search.rb
@ -35,11 +35,17 @@ module Search

 			$stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
 			if(param['disasm'])
-				::Rex::Assembly::Nasm.disassemble(buf).split("\n").each do |line|
-					$stdout.puts "\t#{line.strip}"
+				insns = []
+				d2 = Metasm::Shellcode.decode(buf, Metasm::Ia32.new).disassembler
+				addr = 0
+				while ((di = d2.disassemble_instruction(addr)))
+					insns << di.instruction
+					disasm = "0x%08x\t" % (pe.rva_to_vma(@address) + addr)
+					disasm << di.instruction.to_s
+					$stdout.puts disasm
+					addr = di.next_addr
 				end
 			end
-			
 		end
 	end