def print_symbols(self, print_sections, sym_filter=None, only_func=False):
if sym_filter is not None:
sym_filter = sym_filter.lower()
if sym_filter[0] == "-":
invert_match = True
sym_filter = sym_filter[1:]
else:
invert_match = False
total = 0
# TODO: race condition with the analyzer
for sy in list(self.binary.symbols):
addr, ty = self.binary.symbols[sy]
if only_func and ty != SYM_FUNC:
continue
if sym_filter is None or \
(invert_match and sym_filter not in sy.lower()) or \
(not invert_match and sym_filter in sy.lower()):
if sy:
section = self.binary.get_section(addr)
print_no_end(color_addr(addr) + " " + sy)
if print_sections and section is not None:
print_no_end(" (" + color_section(section.name) + ")")
print()
total += 1
print("Total:", total)
def dump_data(self, ctx, lines, size_word):
s = self.binary.get_section(ctx.entry_addr)
s.print_header()
ad = ctx.entry_addr
for w in self.read_array(ctx.entry_addr, lines, size_word, s):
if ad in self.binary.reverse_symbols:
print(color_symbol(self.binary.reverse_symbols[ad][0]))
print_no_end(color_addr(ad))
print_no_end("0x%.2x" % w)
section = self.binary.get_section(w)
if section is not None:
print_no_end(" (")
print_no_end(color_section(section.name))
print_no_end(")")
if size_word >= 4 and w in self.binary.reverse_symbols:
print_no_end(" ")
print_no_end(
color_symbol(self.binary.reverse_symbols[w][0]))
ad += size_word
print()
def print_symbols(self, print_sections, sym_filter=None):
if sym_filter is not None:
sym_filter = sym_filter.lower()
if sym_filter[0] == "-":
invert_match = True
sym_filter = sym_filter[1:]
else:
invert_match = False
total = 0
# TODO: race condition with the analyzer ?
for sy in list(self.binary.symbols):
ad = self.binary.symbols[sy]
if sym_filter is None or \
(invert_match and sym_filter not in sy.lower()) or \
(not invert_match and sym_filter in sy.lower()):
if sy:
section = self.binary.get_section(ad)
print_no_end(color_addr(ad) + " " + sy)
if print_sections and section is not None:
print_no_end(" (" + color_section(section.name) + ")")
print()
total += 1
print("Total:", total)
def print_section_meta(self, name, start, end):
print_no_end(color_section(name.ljust(20)))
print_no_end(" [")
print_no_end(hex(start))
print_no_end(" - ")
print_no_end(hex(end))
print("]")
def print_header(self):
print_no_end(color_section(self.name.ljust(20)))
print_no_end(" [ ")
print_no_end(hex(self.start))
print_no_end(" - ")
print_no_end(hex(self.end))
print_no_end(" - %d - %d" % (self.virt_size, self.real_size))
print(" ]")
def print_ast(self, entry, ast):
print_no_end(color_keyword("function "))
print_no_end(self.binary.reverse_symbols.get(entry, hex(entry)))
sec_name, _ = self.binary.is_address(entry)
if sec_name is not None:
print(" (%s) {" % color_section(sec_name))
else:
print(" {")
self.print_vars_type()
ast.print(self, 1)
print("}")
def print_ast(self, entry, ast):
print_no_end(color_keyword("function "))
print_no_end(self.binary.reverse_symbols.get(entry, hex(entry)))
sec_name, _ = self.binary.is_address(entry)
if sec_name is not None:
print(" (%s) {" % color_section(sec_name))
else:
print(" {")
self.print_vars_type()
ast.print(self, 1)
print("}")
def print_symbols(self, print_sections, sym_filter=None):
if sym_filter is not None:
sym_filter = sym_filter.lower()
for addr in self.binary.reverse_symbols:
sy = self.binary.reverse_symbols[addr]
if sym_filter is None or sym_filter in sy.lower():
sec_name, _ = self.binary.is_address(addr)
print_no_end(color_addr(addr) + " " + color_symbol("<" + sy + ">"))
if print_sections and sec_name is not None:
print_no_end(" (" + color_section(sec_name) + ")")
print()
def print_symbols(self, print_sections, sym_filter=None):
if sym_filter is not None:
sym_filter = sym_filter.lower()
for addr in self.binary.reverse_symbols:
sy = self.binary.reverse_symbols[addr]
if sym_filter is None or sym_filter in sy.lower():
sec_name, _ = self.binary.is_address(addr)
if sy:
print_no_end(color_addr(addr) + " " + sy)
if print_sections and sec_name is not None:
print_no_end(" (" + color_section(sec_name) + ")")
print()
def print_symbols(self, print_sections, sym_filter=None):
if sym_filter is not None:
sym_filter = sym_filter.lower()
if sym_filter[0] == "-":
invert_match = True
sym_filter = sym_filter[1:]
else:
invert_match = False
for sy in self.binary.symbols:
addr = self.binary.symbols[sy]
if sym_filter is None or \
(invert_match and sym_filter not in sy.lower()) or \
(not invert_match and sym_filter in sy.lower()):
if sy:
section = self.binary.get_section(addr)
print_no_end(color_addr(addr) + " " + sy)
if print_sections and section is not None:
print_no_end(" (" + color_section(section.name) + ")")
print()
def print_symbols(self, print_sections, sym_filter=None):
if sym_filter is not None:
sym_filter = sym_filter.lower()
if sym_filter[0] == "-":
invert_match = True
sym_filter = sym_filter[1:]
else:
invert_match = False
for sy in self.binary.symbols:
addr = self.binary.symbols[sy]
if sym_filter is None or \
(invert_match and sym_filter not in sy.lower()) or \
(not invert_match and sym_filter in sy.lower()):
if sy:
section = self.binary.get_section(addr)
print_no_end(color_addr(addr) + " " + sy)
if print_sections and section is not None:
print_no_end(" (" + color_section(section.name) + ")")
print()
def dump_data(self, ctx, lines, size_word):
s_name, s_start, s_end = self.binary.get_section_meta(ctx.entry_addr)
self.print_section_meta(s_name, s_start, s_end)
ad = ctx.entry_addr
for w in self.read_array(ctx.entry_addr, lines, size_word):
if ad in self.binary.reverse_symbols:
print(color_symbol(self.binary.reverse_symbols[ad]))
print_no_end(color_addr(ad))
print_no_end("0x%.2x" % w)
sec_name, is_data = self.binary.is_address(w)
if sec_name is not None:
print_no_end(" (")
print_no_end(color_section(sec_name))
print_no_end(")")
if size_word >= 4 and w in self.binary.reverse_symbols:
print_no_end(" ")
print_no_end(color_symbol(self.binary.reverse_symbols[w]))
ad += size_word
print()
def dump_data(self, ctx, lines, size_word):
ad = ctx.entry
s = self.binary.get_section(ad)
s.print_header()
for w in self.read_array(ad, lines, size_word, s):
if self.is_label(ad):
print(color_symbol(self.get_symbol(ad)))
print_no_end(color_addr(ad))
print_no_end("0x%.2x" % w)
section = self.binary.get_section(w)
if section is not None:
print_no_end(" (")
print_no_end(color_section(section.name))
print_no_end(")")
if size_word >= 4 and self.is_label(w):
print_no_end(" ")
print_no_end(color_symbol(self.get_symbol(w)))
ad += size_word
print()
def dump_data(self, ctx, lines, size_word):
ad = ctx.entry
s = self.binary.get_section(ad)
s.print_header()
for w in self.read_array(ad, lines, size_word, s):
if self.is_label(ad):
print(color_symbol(self.get_symbol(ad)))
print_no_end(color_addr(ad))
print_no_end("0x%.2x" % w)
section = self.binary.get_section(w)
if section is not None:
print_no_end(" (")
print_no_end(color_section(section.name))
print_no_end(")")
if size_word >= 4 and self.is_label(w):
print_no_end(" ")
print_no_end(color_symbol(self.get_symbol(w)))
ad += size_word
print()
def dump_data(self, ctx, lines, size_word):
s = self.binary.get_section(ctx.entry_addr)
s.print_header()
ad = ctx.entry_addr
for w in self.read_array(ctx.entry_addr, lines, size_word, s):
if ad in self.binary.reverse_symbols:
print(color_symbol(self.binary.reverse_symbols[ad][0]))
print_no_end(color_addr(ad))
print_no_end("0x%.2x" % w)
section = self.binary.get_section(w)
if section is not None:
print_no_end(" (")
print_no_end(color_section(section.name))
print_no_end(")")
if size_word >= 4 and w in self.binary.reverse_symbols:
print_no_end(" ")
print_no_end(color_symbol(self.binary.reverse_symbols[w][0]))
ad += size_word
print()
def print_operand(self, i, num_op, hexa=False, show_deref=True):
def inv(n):
return n == X86_OP_INVALID
op = i.operands[num_op]
if op.type == X86_OP_IMM:
imm = op.value.imm
sec_name, is_data = self.binary.is_address(imm)
if sec_name is not None:
print_no_end(hex(imm))
if self.ctx.sectionsname:
print_no_end(" (" + color_section(sec_name) + ")")
if is_data:
s = self.binary.get_string(imm, self.ctx.max_data_size)
print_no_end(" " + color_string(s))
if imm in self.binary.reverse_symbols:
print_no_end(" ")
self.print_symbol(imm)
elif op.size == 1:
print_no_end(color_string("'%s'" % get_char(imm)))
elif hexa:
print_no_end(hex(imm))
else:
print_no_end(str(imm))
if imm > 0:
packed = struct.pack("<L", imm)
if set(packed).issubset(BYTES_PRINTABLE_SET):
print_no_end(color_string(" \""))
print_no_end(color_string("".join(map(chr, packed))))
print_no_end(color_string("\""))
return False
# returns True because capstone print immediate in hexa
# it will be printed in a comment, sometimes it better
# to have the value in hexa
return True
return False
elif op.type == X86_OP_REG:
print_no_end(i.reg_name(op.value.reg))
return False
elif op.type == X86_OP_FP:
print_no_end("%f" % op.value.fp)
return False
elif op.type == X86_OP_MEM:
mm = op.mem
if not inv(mm.base) and mm.disp != 0 \
and inv(mm.segment) and inv(mm.index):
if (mm.base == X86_REG_RBP or mm.base == X86_REG_EBP) and \
self.var_name_exists(i, num_op):
print_no_end(color_var(self.get_var_name(i, num_op)))
return True
elif mm.base == X86_REG_RIP or mm.base == X86_REG_EIP:
addr = i.address + i.size + mm.disp
print_no_end("*({0})".format(
self.binary.reverse_symbols.get(addr, hex(addr))))
return True
printed = False
if show_deref:
print_no_end("*(")
if not inv(mm.base):
print_no_end("%s" % i.reg_name(mm.base))
printed = True
elif not inv(mm.segment):
print_no_end("%s" % i.reg_name(mm.segment))
printed = True
if not inv(mm.index):
if printed:
print_no_end(" + ")
if mm.scale == 1:
print_no_end("%s" % i.reg_name(mm.index))
else:
print_no_end("(%s*%d)" % (i.reg_name(mm.index), mm.scale))
printed = True
if mm.disp != 0:
if mm.disp < 0:
if printed:
print_no_end(" - ")
print_no_end(-mm.disp)
else:
if printed:
print_no_end(" + ")
print_no_end(mm.disp)
else:
if mm.disp in self.binary.reverse_symbols:
print_no_end(hex(mm.disp) + " ")
self.print_symbol(mm.disp)
else:
print_no_end(hex(mm.disp))
if show_deref:
print_no_end(")")
return True
def print_operand(self, i, num_op, hexa=False, show_deref=True):
def inv(n):
return n == MIPS_OP_INVALID
op = i.operands[num_op]
if op.type == MIPS_OP_IMM:
imm = op.value.imm
sec_name, is_data = self.binary.is_address(imm)
if sec_name is not None:
modified = False
if self.ctx.sectionsname:
print_no_end("(" + color_section(sec_name) + ") ")
if imm in self.binary.reverse_symbols:
self.print_symbol(imm)
print_no_end(" ")
modified = True
if imm in self.ctx.labels:
print_label(imm, print_colon=False)
print_no_end(" ")
modified = True
if not modified:
print_no_end(hex(imm))
if is_data:
s = self.binary.get_string(imm, self.ctx.max_data_size)
if s != "\"\"":
print_no_end(" " + color_string(s))
return modified
elif hexa:
print_no_end(hex(imm))
else:
print_no_end(str(imm))
if imm > 0:
packed = struct.pack("<L", imm)
if set(packed).issubset(BYTES_PRINTABLE_SET):
print_no_end(color_string(" \""))
print_no_end(color_string("".join(map(chr, packed))))
print_no_end(color_string("\""))
return False
# returns True because capstone print immediate in hexa
# it will be printed in a comment, sometimes it's better
# to have the value in hexa
return True
return False
elif op.type == MIPS_OP_REG:
print_no_end("$")
print_no_end(i.reg_name(op.value.reg))
return False
elif op.type == MIPS_OP_MEM:
mm = op.mem
printed = False
if show_deref:
print_no_end("*(")
if not inv(mm.base):
print_no_end("$%s" % i.reg_name(mm.base))
printed = True
if mm.disp != 0:
sec_name, is_data = self.binary.is_address(mm.disp)
if sec_name is not None:
if printed:
print_no_end(" + ")
if mm.disp in self.binary.reverse_symbols:
self.print_symbol(mm.disp)
else:
print_no_end(hex(mm.disp))
else:
if printed:
if mm.disp < 0:
print_no_end(" - ")
print_no_end(-mm.disp)
else:
print_no_end(" + ")
print_no_end(mm.disp)
if show_deref:
print_no_end(")")
return True
def dump_data(self, ctx, lines, size_word):
_, mode = self.binary.get_arch()
if mode & self.capstone.CS_MODE_BIG_ENDIAN:
endian = ">"
else:
endian = "<"
if size_word == 1:
unpack_str = endian + "B"
elif size_word == 2:
unpack_str = endian + "H"
elif size_word == 4:
unpack_str = endian + "L"
elif size_word == 8:
unpack_str = endian + "Q"
N = size_word * 64
addr = ctx.entry_addr
s_name, s_start, s_end = self.binary.get_section_meta(ctx.entry_addr)
self.print_section_meta(s_name, s_start, s_end)
l = 0
while l < lines:
buf = self.binary.section_stream_read(addr, N)
if not buf:
break
i = 0
while i < len(buf):
b = buf[i:i + size_word]
if addr >= s_end:
return
if len(b) != size_word:
for c in buf:
print_no_end(color_addr(addr))
print("0x%.2x" % c)
return
if addr in self.binary.reverse_symbols:
print(color_symbol(self.binary.reverse_symbols[addr]))
print_no_end(color_addr(addr))
w = struct.unpack(unpack_str, b)[0]
print_no_end("0x%.2x" % w)
sec_name, is_data = self.binary.is_address(w)
if sec_name is not None and \
sec_name not in [".comment", ".shstrtab"]:
print_no_end(" (")
print_no_end(color_section(sec_name))
print_no_end(")")
if size_word >= 4 and w in self.binary.reverse_symbols:
print_no_end(" ")
print_no_end(color_symbol(self.binary.reverse_symbols[w]))
print()
addr += size_word
i += size_word
l += 1
if l >= lines:
return
def print_operand(self, i, num_op, hexa=False, show_deref=True):
def inv(n):
return n == ARM_OP_INVALID
op = i.operands[num_op]
if op.shift.type:
print_no_end("(")
if op.type == ARM_OP_IMM:
imm = op.value.imm
sec_name, is_data = self.binary.is_address(imm)
if sec_name is not None:
print_no_end(hex(imm))
if self.ctx.sectionsname:
print_no_end(" (" + color_section(sec_name) + ")")
if is_data:
s = self.binary.get_string(imm, self.ctx.max_data_size)
print_no_end(" " + color_string(s))
if imm in self.binary.reverse_symbols:
print_no_end(" ")
self.print_symbol(imm)
elif hexa:
print_no_end(hex(imm))
else:
print_no_end(str(imm))
if imm > 0:
packed = struct.pack("<L", imm)
if set(packed).issubset(BYTES_PRINTABLE_SET):
print_no_end(color_string(" \""))
print_no_end(color_string("".join(map(chr, packed))))
print_no_end(color_string("\""))
return False
# returns True because capstone print immediate in hexa
# it will be printed in a comment, sometimes it better
# to have the value in hexa
return True
return False
elif op.type == ARM_OP_REG:
if op.value.reg == ARM_REG_PC and i.reg_read(ARM_REG_PC):
print_no_end(hex(i.address))
else:
print_no_end(i.reg_name(op.value.reg))
if op.shift.type:
self.print_shift(i, op.shift)
return False
elif op.type == ARM_OP_FP:
print_no_end("%f" % op.value.fp)
if op.shift.type:
self.print_shift(i, op.shift)
return False
elif op.type == ARM_OP_MEM:
mm = op.mem
if not inv(mm.base) and mm.disp != 0 and inv(mm.index):
# if (mm.base == X86_REG_RBP or mm.base == X86_REG_EBP) and \
# self.var_name_exists(i, num_op):
# print_no_end(color_var(self.get_var_name(i, num_op)))
# return True
if mm.base == ARM_REG_PC:
addr = i.address + i.size + mm.disp
print_no_end("*({0})".format(
self.binary.reverse_symbols.get(addr, hex(addr))))
return True
printed = False
if show_deref:
print_no_end("*(")
if not inv(mm.base):
print_no_end("%s" % i.reg_name(mm.base))
printed = True
elif not inv(mm.segment):
print_no_end("%s" % i.reg_name(mm.segment))
printed = True
if not inv(mm.index):
if printed:
print_no_end(" + ")
if mm.scale == 1:
print_no_end("%s" % i.reg_name(mm.index))
else:
print_no_end("(%s*%d)" % (i.reg_name(mm.index), mm.scale))
if op.shift.type:
self.print_shift(i, op.shift)
printed = True
if mm.disp != 0:
if mm.disp < 0:
if printed:
print_no_end(" - ")
print_no_end(-mm.disp)
else:
if printed:
print_no_end(" + ")
print_no_end(mm.disp)
else:
if mm.disp in self.binary.reverse_symbols:
print_no_end(hex(mm.disp) + " ")
self.print_symbol(mm.disp)
else:
print_no_end(hex(mm.disp))
if show_deref:
print_no_end(")")
return True
def print_operand(self, i, num_op, hexa=False, show_deref=True):
def inv(n):
return n == MIPS_OP_INVALID
op = i.operands[num_op]
if op.type == MIPS_OP_IMM:
imm = op.value.imm
sec_name, is_data = self.binary.is_address(imm)
if sec_name is not None:
modified = False
if self.ctx.sectionsname:
print_no_end("(" + color_section(sec_name) + ") ")
if imm in self.binary.reverse_symbols:
self.print_symbol(imm)
print_no_end(" ")
modified = True
if imm in self.ctx.labels:
print_label(imm, print_colon=False)
print_no_end(" ")
modified = True
if not modified:
print_no_end(hex(imm))
if is_data:
s = self.binary.get_string(imm, self.ctx.max_data_size)
if s != "\"\"":
print_no_end(" " + color_string(s))
return modified
elif hexa:
print_no_end(hex(imm))
else:
print_no_end(str(imm))
if imm > 0:
packed = struct.pack("<L", imm)
if set(packed).issubset(BYTES_PRINTABLE_SET):
print_no_end(color_string(" \""))
print_no_end(color_string("".join(map(chr, packed))))
print_no_end(color_string("\""))
return False
# returns True because capstone print immediate in hexa
# it will be printed in a comment, sometimes it's better
# to have the value in hexa
return True
return False
elif op.type == MIPS_OP_REG:
print_no_end("$")
print_no_end(i.reg_name(op.value.reg))
return False
elif op.type == MIPS_OP_MEM:
mm = op.mem
printed = False
if show_deref:
print_no_end("*(")
if not inv(mm.base):
print_no_end("$%s" % i.reg_name(mm.base))
printed = True
if mm.disp != 0:
sec_name, is_data = self.binary.is_address(mm.disp)
if sec_name is not None:
if printed:
print_no_end(" + ")
if mm.disp in self.binary.reverse_symbols:
self.print_symbol(mm.disp)
else:
print_no_end(hex(mm.disp))
else:
if printed:
if mm.disp < 0:
print_no_end(" - ")
print_no_end(-mm.disp)
else:
print_no_end(" + ")
print_no_end(mm.disp)
if show_deref:
print_no_end(")")
return True
