tpisto / pasm Goto Github PK

Piston Assembler

License: MIT License

CoffeeScript 10.38% JavaScript 77.48% Assembly 12.13%

pasm's Introduction

Piston X86-64 Assembler

Piston X86-64 Assembler (PASM) is NASM syntax based symbolic machine code compiler for X86-64 architecture - fully working in browser and in Node.js based environments. Test live demo

Features

X86-64 opcodes
NASM syntax
16,32,64 bit modes
R8-R13 registers
SIB, MODR/M, RIP addressing
EQU, TIMES
labels, expressions
testing framework

Todo

It works <-- We are here
Floating point instructions, rep, segment prefixes, MMX, macros, ...

Download and install

Releases are available for download from GitHub.

Alternatively, you can install using Node Package Manager (npm):

npm install pasm

Usage:

pasm simple.asm

In the Browser

So far its been tested in FF12, Chrome 23 and Safari 6. Usage:

<script type="text/javascript" src="pasm.min.js"></script>
<script type="text/javascript">

    // Define where to show errors
    myError = function(err, line) {
      console.log('Error:' + err + ' in line ' + line);
    };
    window.Opcode.error = myError;
    pasm.parseError = myError;

    // Parse assembler code
    var hexString = pasm.parse('mov ax, 0x4c00');
    console.log(hexString.data);

</script>

pasm's People

Contributors

Stargazers

Watchers

Forkers

glendc chqing baatar shaohua iwpiv wildeyes harshjv zysyyz idkwim ringtail mhutch85 torpedoes zy498420 zarulshahrin praveenmunagapati futureexperience manudiy kyr0

pasm's Issues

Issues uncovered assembling V8-generated code

Cool project! However, plugging the first bit of assembly code available to me, namely some V8 code, into it, produced a few issues. V8's output is a bit quirky anyway ("int3" for "int 3"? Huh?), so I'd be interested to see what people think before I go change any code.

mov rcx, [rsp+0x10] compiles to "UN DE FI NE D4 88 BU ND EF IN ED".

The -q suffix on cmp (and possibly others) isn't recognised, e.g. "cmpq rcx, [r13-0x58]". Nasm doesn't recognise this, but it doesn't recognise movq either, which pasm does.

Some instructions fail to compile with "No opcode found for instruction" when a literal value is used, e.g.:
movq rbx,0x11ce96004aa1 (but mov is fine?)
call 0x10e4a6716b00
jnc 24 etc.
I'm not entirely sure of the semantics of the latter two, but nasm appears to accept them.

V8 output uses explicit REX prefixes, e.g. "REX.W movq rcx,[rsp+0x10]" which cause syntax errors. I can't find anything other than V8 that uses these, but again, nasm seems to accept them.

Raw V8 output: https://gist.github.com/jseaton/10981441

Missing registers

Tried looking at some OSX x64 shellcode- and it choked on registers dil and sil.

According to quick google search; they are the lower 8 bits of rdi and rsi, respectively.
An MSDN page

Looks like the reference materials (x86...xml's) did not outline these lower addressing registers- and I guess ultimately the problem- but its also missing in yasm.y.

jz opcode doesn't work

Hello,
I tried to use jz and it looks like PASM doesn't support it.
Can you try to fix it?

Yuval Gitlitz

Incorrect 16bit CMP REG, REG encoding

With [bits 16]

cmp cl, ch
actual: 38 C1
expected: 38 E9

cmp bp, dx
actual: 39 C5
expected: 39 D5

mail

Hi Tommi,
This is Elmar. We once worked together at VTT Turku.
I tried to contact you. I dug the whole internet for a valid e-mail address but I could not find any.
Could you please contact me at buchere at ohsu dot edu?
Hope to hear from you.
Best, Elmar

Doesn't support DWORD PTR mov

It does not process 'mov [0x12345678], eax statements properly. For Ex:

mov edx, [eax]
mov ecx, eax
mov eax, [edx]
call eax
mov ecx, [0x3b417e84]
mov edx, [ecx]
mov [0x3B417E8C], eax
push eax
mov eax, [edx+8]
call eax

Generates bytecode: 8B1089C18B02FFD08B0D847E413B8B11A3508B4208FFD0

Testing with: http://alexaltea.github.io/capstone.js/ returns the following asm:

00000000 8B 10 mov edx, dword ptr [eax]
00000002 89 C1 mov ecx, eax
00000004 8B 02 mov eax, dword ptr [edx]
00000006 FF D0 call eax
00000008 8B 0D 84 7E 41 3B mov ecx, dword ptr [0x3b417e84]
0000000E 8B 11 mov edx, dword ptr [ecx]
00000010 A3 50 8B 42 08 mov dword ptr [0x8428b50], eax
00000015 FF D0 call eax

So what is happening is, the entire 'mov [0x3B417E8C], eax' statement (move with a memory offset dest operand) is parsed to a single byte code: 0xa3. The following bytes 0x50, 0x8b 0x42, 0x08 should be interpreted as:

push eax
mov eax, [edx+8]