Metasm Feelings

Presented at REcon 2010, July 11, 2010, 9:40 a.m. (30 minutes).

Metasm is an open source ruby framework developed by Yoann Guillot. It can: work with binary files, assemble, disassemble, debug running processes, manipulate C source code, play the ruby interpreter, and plenty other things. Our talk follows a simple guideline based on a real life case: the development of a code tracer. Starting from a trivial tracing algorithm, we will show that the use of Metasm allows to efficiently build a multi-platforms tool, then we will extend its capacity by taking advantages of the native Windows API. At the end we will use the tool to debug the firmware of a network card, running on the NIC and not on the main CPU.

Presenters:

• Yoann Guillot
  Yoann is the author of the binary manipulation framework Metasm.
• Alexandre Gazet
  Alexandre Gazet is are currently working for Sogeti ESEC R&D laboratory, in France. He is an IT security researcher in ESEC lab for almost three years. Yoann Guillot is are currently working for Sogeti ESEC R&D laboratory, in France. He is an IT security researcher in ESEC lab for almost three years.

Links:

• https://recon.cx/2010/speakers.html#metasm
• https://recon.cx/2010/slides/2010-recon-bintrace.pdf

Similar Presentations:

• NorthSec 2017 / Script Engine Hacking For Fun And Profit
• Black Hat USA 2020 Virtual / All You Ever Wanted to Know about the AMD Platform Security Processor and were Afraid to Emulate - Inside a Deeply Embedded Security Processor