def dump_data_ascii(self, ctx, lines): N = 128 # read by block of 128 bytes ad = ctx.entry s = self.binary.get_section(ad) print(hex(ad)) s.print_header() l = 0 ascii_str = [] ad_str = -1 while l < lines: buf = s.read(ad, N) if not buf: break i = 0 while i < len(buf): if ad > s.end: return j = i while j < len(buf): c = buf[j] if c not in BYTES_PRINTABLE_SET: break if ad_str == -1: ad_str = ad ascii_str.append(c) j += 1 if c != 0 and j == len(buf): ad += j - i break if c == 0 and len(ascii_str) >= 2: if self.is_label(ad_str): print(color_symbol(self.get_symbol(ad_str))) print_no_end(color_addr(ad_str)) print_no_end( color_string("\"" + "".join(map(get_char, ascii_str)) + "\"")) print(", 0") ad += j - i i = j else: if self.is_label(ad): print(color_symbol(self.get_symbol(ad))) print_no_end(color_addr(ad)) print("0x%.2x " % buf[i]) ad += 1 i += 1 ad_str = -1 ascii_str = [] l += 1 if l >= lines: return
def dump_data_ascii(self, ctx, lines): N = 128 # read by block of 128 bytes ad = ctx.entry s = self.binary.get_section(ad) print(hex(ad)) s.print_header() l = 0 ascii_str = [] ad_str = -1 while l < lines: buf = s.read(ad, N) if not buf: break i = 0 while i < len(buf): if ad > s.end: return j = i while j < len(buf): c = buf[j] if c not in BYTES_PRINTABLE_SET: break if ad_str == -1: ad_str = ad ascii_str.append(c) j += 1 if c != 0 and j == len(buf): ad += j - i break if c == 0 and len(ascii_str) >= 2: if self.is_label(ad_str): print(color_symbol(self.get_symbol(ad_str))) print_no_end(color_addr(ad_str)) print_no_end(color_string( "\"" + "".join(map(get_char, ascii_str)) + "\"")) print(", 0") ad += j - i i = j else: if self.is_label(ad): print(color_symbol(self.get_symbol(ad))) print_no_end(color_addr(ad)) print("0x%.2x " % buf[i]) ad += 1 i += 1 ad_str = -1 ascii_str = [] l += 1 if l >= lines: return
def dump_data_ascii(self, ctx, lines): N = 128 # read by block of 128 bytes addr = ctx.entry_addr s_name, s_start, s_end = self.binary.get_section_meta(ctx.entry_addr) self.print_section_meta(s_name, s_start, s_end) l = 0 ascii_str = [] addr_str = -1 while l < lines: buf = self.binary.section_stream_read(addr, N) if not buf: break i = 0 while i < len(buf): if addr > s_end: return j = i while j < len(buf): c = buf[j] if c not in BYTES_PRINTABLE_SET: break if addr_str == -1: addr_str = addr ascii_str.append(c) j += 1 if c != 0 and j == len(buf): addr += j - i break if c == 0 and len(ascii_str) >= 2: print_no_end(color_addr(addr_str)) print_no_end( color_string("\"" + "".join(map(get_char, ascii_str)) + "\"")) print(", 0") addr += j - i i = j else: print_no_end(color_addr(addr)) print("0x%.2x " % buf[i]) addr += 1 i += 1 addr_str = -1 ascii_str = [] l += 1 if l >= lines: return
def dump_data_ascii(self, ctx, lines): N = 128 # read by block of 128 bytes addr = ctx.entry_addr s_name, s_start, s_end = self.binary.get_section_meta(ctx.entry_addr) self.print_section_meta(s_name, s_start, s_end) l = 0 ascii_str = [] addr_str = -1 while l < lines: buf = self.binary.section_stream_read(addr, N) if not buf: break i = 0 while i < len(buf): if addr >= s_end: return j = i while j < len(buf): c = buf[j] if c not in BYTES_PRINTABLE_SET: break if addr_str == -1: addr_str = addr ascii_str.append(c) j += 1 if c != 0 and j == len(buf): addr += j - i break if c == 0 and len(ascii_str) >= 2: print_no_end(color_addr(addr_str)) print_no_end(color_string( "\"" + "".join(map(get_char, ascii_str)) + "\"")) print(", 0") addr += j - i i = j else: print_no_end(color_addr(addr)) print("0x%.2x " % buf[i]) addr += 1 i += 1 addr_str = -1 ascii_str = [] l += 1 if l >= lines: return
def print_operand(self, i, num_op, hexa=False, show_deref=True): def inv(n): return n == X86_OP_INVALID op = i.operands[num_op] if op.type == X86_OP_IMM: imm = op.value.imm sec_name, is_data = self.binary.is_address(imm) if sec_name is not None: print_no_end(hex(imm)) if self.ctx.sectionsname: print_no_end(" (" + color_section(sec_name) + ")") if is_data: s = self.binary.get_string(imm, self.ctx.max_data_size) print_no_end(" " + color_string(s)) if imm in self.binary.reverse_symbols: print_no_end(" ") self.print_symbol(imm) elif op.size == 1: print_no_end(color_string("'%s'" % get_char(imm))) elif hexa: print_no_end(hex(imm)) else: print_no_end(str(imm)) if imm > 0: packed = struct.pack("<L", imm) if set(packed).issubset(BYTES_PRINTABLE_SET): print_no_end(color_string(" \"")) print_no_end(color_string("".join(map(chr, packed)))) print_no_end(color_string("\"")) return False # returns True because capstone print immediate in hexa # it will be printed in a comment, sometimes it better # to have the value in hexa return True return False elif op.type == X86_OP_REG: print_no_end(i.reg_name(op.value.reg)) return False elif op.type == X86_OP_FP: print_no_end("%f" % op.value.fp) return False elif op.type == X86_OP_MEM: mm = op.mem if not inv(mm.base) and mm.disp != 0 \ and inv(mm.segment) and inv(mm.index): if (mm.base == X86_REG_RBP or mm.base == X86_REG_EBP) and \ self.var_name_exists(i, num_op): print_no_end(color_var(self.get_var_name(i, num_op))) return True elif mm.base == X86_REG_RIP or mm.base == X86_REG_EIP: addr = i.address + i.size + mm.disp print_no_end("*({0})".format( self.binary.reverse_symbols.get(addr, hex(addr)))) return True printed = False if show_deref: print_no_end("*(") if not inv(mm.base): print_no_end("%s" % i.reg_name(mm.base)) printed = True elif not inv(mm.segment): print_no_end("%s" % i.reg_name(mm.segment)) printed = True if not inv(mm.index): if printed: print_no_end(" + ") if mm.scale == 1: print_no_end("%s" % i.reg_name(mm.index)) else: print_no_end("(%s*%d)" % (i.reg_name(mm.index), mm.scale)) printed = True if mm.disp != 0: if mm.disp < 0: if printed: print_no_end(" - ") print_no_end(-mm.disp) else: if printed: print_no_end(" + ") print_no_end(mm.disp) else: if mm.disp in self.binary.reverse_symbols: print_no_end(hex(mm.disp) + " ") self.print_symbol(mm.disp) else: print_no_end(hex(mm.disp)) if show_deref: print_no_end(")") return True
def dump_data(self, ctx, lines): N = 128 addr = ctx.entry_addr s_name, s_start, s_end = self.binary.get_section_meta(ctx.entry_addr) self.print_section_meta(s_name, s_start, s_end) addr_ascii_str = -1 ascii_str = [] l = 0 is_new_line = True while l < lines: buf = self.binary.section_stream_read(addr, N) if not buf: break i = 0 while i < len(buf): c = buf[i] if c in BYTES_PRINTABLE_SET: if addr_ascii_str == -1: addr_ascii_str = addr ascii_str.append(c) addr += 1 i += 1 continue stack_char = [] if addr_ascii_str != -1: if c == 0 and len(ascii_str) >= 2: if not is_new_line: print() l += 1 if l >= lines: return print_no_end(color_addr(addr_ascii_str)) print_no_end(color_string("\"" + "".join(map(get_char, ascii_str)) + "\"")) print(", 0") is_new_line = True l += 1 if l >= lines: return ascii_str = [] addr_ascii_str = -1 addr += 1 i += 1 continue stack_char = ascii_str i -= len(ascii_str) addr -= len(ascii_str) stack_char.append(c) for c in stack_char: if is_new_line: print_no_end(color_addr(addr)) elif addr % 4 == 0 and addr != ctx.entry_addr: print() is_new_line = True l += 1 if l >= lines: return print_no_end(color_addr(addr)) print_no_end("%.2x " % c) addr += 1 i += 1 is_new_line = False ascii_str = [] addr_ascii_str = -1 if not is_new_line: print()
def print_operand(self, i, num_op, hexa=False, show_deref=True): def inv(n): return n == MIPS_OP_INVALID op = i.operands[num_op] if op.type == MIPS_OP_IMM: imm = op.value.imm sec_name, is_data = self.binary.is_address(imm) if sec_name is not None: modified = False if self.ctx.sectionsname: print_no_end("(" + color_section(sec_name) + ") ") if imm in self.binary.reverse_symbols: self.print_symbol(imm) print_no_end(" ") modified = True if imm in self.ctx.labels: print_label(imm, print_colon=False) print_no_end(" ") modified = True if not modified: print_no_end(hex(imm)) if is_data: s = self.binary.get_string(imm, self.ctx.max_data_size) if s != "\"\"": print_no_end(" " + color_string(s)) return modified elif hexa: print_no_end(hex(imm)) else: print_no_end(str(imm)) if imm > 0: packed = struct.pack("<L", imm) if set(packed).issubset(BYTES_PRINTABLE_SET): print_no_end(color_string(" \"")) print_no_end(color_string("".join(map(chr, packed)))) print_no_end(color_string("\"")) return False # returns True because capstone print immediate in hexa # it will be printed in a comment, sometimes it's better # to have the value in hexa return True return False elif op.type == MIPS_OP_REG: print_no_end("$") print_no_end(i.reg_name(op.value.reg)) return False elif op.type == MIPS_OP_MEM: mm = op.mem printed = False if show_deref: print_no_end("*(") if not inv(mm.base): print_no_end("$%s" % i.reg_name(mm.base)) printed = True if mm.disp != 0: sec_name, is_data = self.binary.is_address(mm.disp) if sec_name is not None: if printed: print_no_end(" + ") if mm.disp in self.binary.reverse_symbols: self.print_symbol(mm.disp) else: print_no_end(hex(mm.disp)) else: if printed: if mm.disp < 0: print_no_end(" - ") print_no_end(-mm.disp) else: print_no_end(" + ") print_no_end(mm.disp) if show_deref: print_no_end(")") return True
def print_operand(self, i, num_op, hexa=False, show_deref=True): def inv(n): return n == ARM_OP_INVALID op = i.operands[num_op] if op.shift.type: print_no_end("(") if op.type == ARM_OP_IMM: imm = op.value.imm sec_name, is_data = self.binary.is_address(imm) if sec_name is not None: print_no_end(hex(imm)) if self.ctx.sectionsname: print_no_end(" (" + color_section(sec_name) + ")") if is_data: s = self.binary.get_string(imm, self.ctx.max_data_size) print_no_end(" " + color_string(s)) if imm in self.binary.reverse_symbols: print_no_end(" ") self.print_symbol(imm) elif hexa: print_no_end(hex(imm)) else: print_no_end(str(imm)) if imm > 0: packed = struct.pack("<L", imm) if set(packed).issubset(BYTES_PRINTABLE_SET): print_no_end(color_string(" \"")) print_no_end(color_string("".join(map(chr, packed)))) print_no_end(color_string("\"")) return False # returns True because capstone print immediate in hexa # it will be printed in a comment, sometimes it better # to have the value in hexa return True return False elif op.type == ARM_OP_REG: if op.value.reg == ARM_REG_PC and i.reg_read(ARM_REG_PC): print_no_end(hex(i.address)) else: print_no_end(i.reg_name(op.value.reg)) if op.shift.type: self.print_shift(i, op.shift) return False elif op.type == ARM_OP_FP: print_no_end("%f" % op.value.fp) if op.shift.type: self.print_shift(i, op.shift) return False elif op.type == ARM_OP_MEM: mm = op.mem if not inv(mm.base) and mm.disp != 0 and inv(mm.index): # if (mm.base == X86_REG_RBP or mm.base == X86_REG_EBP) and \ # self.var_name_exists(i, num_op): # print_no_end(color_var(self.get_var_name(i, num_op))) # return True if mm.base == ARM_REG_PC: addr = i.address + i.size + mm.disp print_no_end("*({0})".format( self.binary.reverse_symbols.get(addr, hex(addr)))) return True printed = False if show_deref: print_no_end("*(") if not inv(mm.base): print_no_end("%s" % i.reg_name(mm.base)) printed = True elif not inv(mm.segment): print_no_end("%s" % i.reg_name(mm.segment)) printed = True if not inv(mm.index): if printed: print_no_end(" + ") if mm.scale == 1: print_no_end("%s" % i.reg_name(mm.index)) else: print_no_end("(%s*%d)" % (i.reg_name(mm.index), mm.scale)) if op.shift.type: self.print_shift(i, op.shift) printed = True if mm.disp != 0: if mm.disp < 0: if printed: print_no_end(" - ") print_no_end(-mm.disp) else: if printed: print_no_end(" + ") print_no_end(mm.disp) else: if mm.disp in self.binary.reverse_symbols: print_no_end(hex(mm.disp) + " ") self.print_symbol(mm.disp) else: print_no_end(hex(mm.disp)) if show_deref: print_no_end(")") return True