Didier Stevens

Saturday 25 July 2020

ndisasm 2.15 stdin Bug Fix

Filed under: Shellcode — Didier Stevens @ 0:00

I like to pipe commands together, especially when doing malware analysis.

ndisasm is the disassembler of NASM. I like to use it, because it’s a single executable (for major operating systems) and accepts input from stdin.

But there was an issue with Windows versions: stdin was opened in text mode, and not in binary mode. This can result in disassembly errors, like in the following example. I send 7 bytes to ndisasm via stdin, and the 4th byte is 0x1A (CTRL-Z): this is the end-of-file marker for Windows text files:

As can be seen, only the first 3 bytes are disassembled, and all bytes from 0x1A on are ignored.

I filled a bug fix with code the fix the issue, and this was integrated in version 2.15:

 

 

 

 

 

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.