Here a little paper written during this summer, I finally decided to release it on my blog. This paper gives you a little introduction on the metasm framework and how it can be used in an exploitation way. I let you read a part of the introduction :
The metasm framework is a very powerful weapon that allows you to disassemble, assemble, compile C on-the-y or to debug a binary (yeah you can do a lot of things). It is written in pure ruby by Yoann Guillot (special greets for his job if he reads me o/) since 2007 and the project is very active: check the latest commits!
The main purpose of this paper is to introduce you with my friend metasm and to show how metasm can be very useful in a « real » exploitation case. I don’t know if you remember my latest article on the CVE-2010-3970 but I will use this vulnerability as an example. We will use metasm to create an exploit able to bypass SafeSEH/DEP thanks to the msacm32.drv module, and not l3codeca.acm.
Follow this link: How I Met Your Metasm