[Dailydave] Announcing metasm

Tue Jul 24 09:09:23 EDT 2007

Well, then, I'm clearly wrong! I read your opcode classes and your
sample code and was impressed by how much you got Ruby to look like
assembly.

On 7/24/07, Julien TINNES <jt at cr0.org> wrote:
> On Monday 23 July 2007 17:20:47 Thomas Ptacek wrote:
> > I'm pretty sure I'm one of 6,398 different people doing this, but
> > we're working with a debugger driven by runtime dynamic code
> > generation instead of OS debugger hooks; our targets are programs that
> > aggressively detect debuggers, emulation, and program text
> > manipulation.
> >
> > "Debugger" is generous; I mean, "code capable of breakpointing,
> > inspecting, and modifying a remote execution context".
> >
> > I quickly read the metasm code this weekend and, unless I missed it,
> > they didn't implement a parser; they just exploit Ruby's terseness to
> > make it look like assembly syntax. Parsing assembly syntax seems like
> > a complete waste of time; it's a wretched language.
> >
>
> Hello,
>
> Of course there is a parser!
> I don't understand how you could miss it, given that it's implemented
> generically in the top level parse.rb file and then specialised per
> architecture in <architecture>/parse.rb.
> The GCC compatible preprocessor is implemented in preprocessor.rb.
>
> --
> Julien TINNES
> http://www.cr0.org
>

-- 
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log