cedriczirtacic/opcodes.pl

## opcodes.pl
#!/usr/bin/perl -w

use strict;
use warnings;

my $bin = $ARGV[0];
my $func= $ARGV[1];
die("./$0 <binary> <function>") if (!defined $bin or !defined $func);

my @shellcode;
open(H,"objdump -D $bin |");
while(<H>){
    if(/<$func>:/){
        while(<H>){
            last if(/^\n*$/);
            my($ops) = $_ =~ m/[0-9a-f]+:[\s]+?((?:[^\s]{2}\s)+)+\s+/g;
            if ($ops){
                foreach ($ops =~ m/(?:([a-z0-9]+)\s)/g) {
                    push @shellcode, $_
                }
            }
        }
        last;
    }
}
close(H);

printf "\tsubq \$%d, %%rsp\n", ($#shellcode+1);
print "shellcode:\n\t";
for( my $i = $#shellcode, my $j=1; $i >= 0; $i--,$j++ ) {
    printf "movb \$0x%2s, -%d(%%rbp)\n\t", $shellcode[$i], $j;
}

print $/ and exit(0);
__END__
	#!/usr/bin/perl -w

	use strict;
	use warnings;

	my $bin = $ARGV[0];
	my $func= $ARGV[1];
	die("./$0 <binary> <function>") if (!defined $bin or !defined $func);

	my @shellcode;
	open(H,"objdump -D $bin \|");
	while(<H>){
	if(/<$func>:/){
	while(<H>){
	last if(/^\n*$/);
	my($ops) = $_ =~ m/[0-9a-f]+:[\s]+?((?:[^\s]{2}\s)+)+\s+/g;
	if ($ops){
	foreach ($ops =~ m/(?:([a-z0-9]+)\s)/g) {
	push @shellcode, $_
	}
	}
	}
	last;
	}
	}
	close(H);

	printf "\tsubq \$%d, %%rsp\n", ($#shellcode+1);
	print "shellcode:\n\t";
	for( my $i = $#shellcode, my $j=1; $i >= 0; $i--,$j++ ) {
	printf "movb \$0x%2s, -%d(%%rbp)\n\t", $shellcode[$i], $j;
	}

	print $/ and exit(0);
	__END__