def main(fname): """ Basic python version of the tools: - "objdump -d" (linux) - "dumpbin /disasm" (MSVC) It parses the AR and COFF structures, but uses the "capstone" library to disassemble """ for coff in read_lib_file(fname): if coff: syms = deque(coff.symbols) #print (syms) md = Cs(CS_ARCH_X86, CS_MODE_32) md.skipdata = True # iterate through "CsInsn" for i in md.disasm(coff.sections[0].data, 0x000): while syms and i.address >= syms[0].value: if syms[0].type == 32 and syms[0].section_number == 1: print(syms[0].name.decode(errors="ignore") + ":") syms.popleft() instr_bytes = i.bytes remain_bytes = b"" if len(instr_bytes) >= 6: instr_bytes, remain_bytes = instr_bytes[:6], instr_bytes[ 6:] if not i.op_str: asm_part = i.mnemonic else: asm_part = "%-12s%s" % (i.mnemonic, format_asm(i.op_str)) print(" %08X: %-19s" % (i.address, hex_with_spaces(instr_bytes)) + asm_part) if remain_bytes: print(" %s" % (hex_with_spaces(remain_bytes)))
def main(fname): """ Basic python version of the tools: - "objdump -d" (linux) - "dumpbin /disasm" (MSVC) It parses the AR and COFF structures, but uses the "capstone" library to disassemble """ for coff in read_lib_file(fname): if coff: syms = deque(coff.symbols) md = Cs(CS_ARCH_X86, CS_MODE_32) md.skipdata = True for i in md.disasm(coff.sections[0].data, 0x000): if syms and i.address >= syms[0].value: if syms[0].type == 32: print(syms[0].name.decode(errors="ignore")) syms.popleft() print(" 0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str))