The METASM assembly manipulation suite

Metasm is a cross-architecture assembler, disassembler, compiler, linker and debugger.

It has some advanced features such as remote process manipulation, GCC-compatible preprocessor automatic backtracking in the disassembler, C headers shrinking and debugging API interface. The development version also adds a C compiler, and various advanced features. It is written in pure Ruby.

Metasm has been written in such a way that it is easy to add a new architecture. For now, the following architectures are supported:

• Intel IA32
• MIPS
• In development:
  • ARM
  • PPC
  • Cell
  • SPARC
  • PIC

The following file formats are supported:

• Raw (for shellcodes)
• MZ, PE/COFF (32 and 64 bits)
• ELF (32 and 64 bits)

This tool was developed at France Telecom R&D. It has been integrated into Metasploit, however the Metasploit trunk is not necessarily synced with the latest version.

Yoann GUILLOT (Developer) and Julien TINNES (Sales ;) (The 'contact' link on the left is the prefered way to contact us)

hack.lu slides October 2007 - covers a more recent version with the C compiler and Rubstop
SSTIC slides June 2007 - in French
SSTIC article March 2007 - in French - This article covers a deprecated version but might still have some relevant information

You can download metasm v0.1 here

However, it is probably better to use mercurial and clone the testing repository:

hg clone https://metasm.cr0.org/hg/metasm

Afterwards you can update with hg pull -u