Netwide Assembler
The Netwide Assembler (NASM) is a popular assembler program used for writing x86 and x86-64 assembly language code. It is known for its portability, flexibility, and compatibility.
Download and Install
The NASM assembler will be used to compile our shellcode. The version I am using is 2.16.01 and can be downloaded from https://www.nasm.us/pub/nasm/releasebuilds/2.16.01/win64/.
Download the 64-bit installer and run it.
Once the installer has completed make sure that the path for NASM has been added to the system path variable:

Batch File
Now is a good time to show how I compile my assembly. I have created two Windows batch files. One to compile in to an executable, and one to compile to a raw binary file.
We can use the executable to debug shellcode in Windbg Preview. The batch file is shown below:
del shellcode.obj
del shellcode.exe
nasm -f win64 shellcode.asm -o shellcode.obj
link /ENTRY:main /MACHINE:X64 /NODEFAULTLIB /SUBSYSTEM:CONSOLE shellcode.obj
The second batch file is used to compile shellcode into a raw .bin
file. This is useful for writing shellcode that can be put in C exploit code:
nasm -f bin -o shellcode.bin shellcode.asm
Hex2.exe .\shellcode.bin
The sharp-eyed will notice that the batch file also runs an executable called Hex2.exe
.
Hex2
Like all other tools and workflows this is completely optional. There are plenty of hex viewers out there but I wrote my own in C#:
static void Main(string[] args)
{
byte[] file = System.IO.File.ReadAllBytes(args[0]);
StringBuilder sb = new StringBuilder();
sb.Append("const unsigned char shellcode[] = {");
string hex = BitConverter.ToString(file).Replace("-", ", 0x");
hex = "0x" + hex;
sb.Append(hex);
sb.Append("};");
Console.WriteLine(sb.ToString());
}
This makes my shellcode workflow for writing exploits in C quick and clean.
The image below shows the output, which can easily be copied and pasted into C code:

Last updated