14.1 Assemble

It is quite common to use 'rasm' from the shell. It is a nice utility for copypasting the hexpairs that represent the opcode.

$ rasm -a x86 'jmp 0x8048198'
e9 bb 9e fe ff
rasm -a ppc 'jmp 0x8048198'
48 fa 1d 28 

Rasm is used from radare core to write bytes using 'wa' command. So you can directly an opcode from the radare shell.

It is possible to assemble for x86 (intel syntax), olly (olly syntax), powerpc, arm and java. For the rest of architectures you can use 'rsc asm' that takes $OBJDUMP and $AS to generate the proper output after assembling the given instruction. For the intel syntax, rasm tries to use NASM or GAS. You can use the SYNTAX environment variable to choose your favorite syntax: intel or att.

There are some examples in rasm's source directory to assemble a raw file using rasm from a file describing these opcodes.

$ cat selfstop.rasm
;
; Self-Stop shellcode written in rasm for x86
;
; --pancake
;

.arch x86
.equ base 0x8048000
.org 0x8048000  ; the offset where we inject the 5 byte jmp

selfstop:
  push 0x8048000
  pusha
  mov eax, 20
  int 0x80

  mov ebx, eax 
  mov ecx, 19
  mov eax, 37
  int 0x80
  popa
  ret
;
; The call injection
;

  ret

$ rasm -f selfstop.rasm
$ ls
selfstop.rasm selfstop.rasm.o
$ echo pd | radare -vn ./selfstop.rasm.o 
  0x00000000,    cursor: 6800800408        push dword 0x8048000
  0x00000005             60                pushad             
  0x00000006             b814000000        eax = 0x14        
  0x0000000B             cd80              int 0x80         
  0x0000000D             89d8              eax = ebx       
  0x0000000F             b913000000        ecx = 0x13     
  0x00000014,            b825000000        eax = 0x25    
  0x00000019             cd80              int 0x80     
  0x0000001B             61                popad       
  0x0000001C,            c3               ret ;--     
  0x0000001C          ; ------------------------------------
  0x0000001D             c3               ret ;--    
  0x0000001D          ; ------------------------------------