Didier Stevens

Saturday 25 July 2020

ndisasm 2.15 stdin Bug Fix

Filed under: Shellcode — Didier Stevens @ 0:00

I like to pipe commands together, especially when doing malware analysis.

ndisasm is the disassembler of NASM. I like to use it, because it’s a single executable (for major operating systems) and accepts input from stdin.

But there was an issue with Windows versions: stdin was opened in text mode, and not in binary mode. This can result in disassembly errors, like in the following example. I send 7 bytes to ndisasm via stdin, and the 4th byte is 0x1A (CTRL-Z): this is the end-of-file marker for Windows text files:

As can be seen, only the first 3 bytes are disassembled, and all bytes from 0x1A on are ignored.

I filled a bug fix with code the fix the issue, and this was integrated in version 2.15:






Blog at WordPress.com.