def test_class(): address = 0x80001000 for (arch, mode, code, comment) in all_tests: print("Platform: %s" % comment) print("Code: %s " % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) md.detail = True for i in md.disasm(code, address): print("0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str)) if i.pop > 0: print("\tPop: %u" % i.pop) if i.push > 0: print("\tPush: %u" % i.push) if i.fee > 0: print("\tGas fee: %u" % i.fee) if len(i.groups) > 0: print("\tGroups: ", end=''), for m in i.groups: print("%s " % i.group_name(m), end=''), print() except CsError as e: print("ERROR: %s" % e.__str__())
def test_class(): for (arch, mode, code, comment, syntax) in all_tests: print('*' * 16) print("Platform: %s" %comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) if syntax != 0: md.syntax = syntax md.skipdata = True # Default "data" instruction's name is ".byte". To rename it to "db", just uncomment # the code below. # md.skipdata_setup = ("db", None, None) # NOTE: This example ignores SKIPDATA's callback (first None) & user_data (second None) # To customize the SKIPDATA callback, uncomment the line below. # md.skipdata_setup = (".db", CS_SKIPDATA_CALLBACK(testcb), None) for insn in md.disasm(code, 0x1000): #bytes = binascii.hexlify(insn.bytes) #print("0x%x:\t%s\t%s\t// hex-code: %s" %(insn.address, insn.mnemonic, insn.op_str, bytes)) print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str)) print("0x%x:" % (insn.address + insn.size)) print except CsError as e: print("ERROR: %s" % e)
def test_cs_disasm_quick(): for (arch, mode, code, comment, syntax) in all_tests: print('*' * 40) print("Platform: %s" % comment) print("Disasm:"), print(to_hex(code)) for (addr, size, mnemonic, op_str) in cs_disasm_lite(arch, mode, code, 0x1000): print("0x%x:\t%s\t%s" % (addr, mnemonic, op_str)) print()
def test_cs_disasm_quick(): for arch, mode, code, comment, syntax in all_tests: print('*' * 40) print("Platform: %s" % comment) print("Disasm:"), print(to_hex(code)) for insn in cs_disasm_quick(arch, mode, code, 0x1000): print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str)) print()
def main(): for (arch, mode, code, comment) in all_tests: print("*" * 16) print("Platform: %s" % comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) md.detail = True print_mips(md) print_vmCode(md) print_SecCode(md) except CsError as e: print("ERROR: %s" % e)
def test_class(): print("*" * 16) print("Platform: %s" % "MOS65XX") print("Code: %s" % to_hex(MOS65XX_CODE)) print("Disasm:") try: md = Cs(CS_ARCH_MOS65XX, 0) md.detail = True for insn in md.disasm(MOS65XX_CODE, 0x1000): print_insn_detail(insn) print() print("0x%x:\n" % (insn.address + insn.size)) except CsError as e: print("ERROR: %s" % e)
def test_class(): for (arch, mode, code, comment) in all_tests: print("*" * 16) print("Platform: %s" % comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) md.detail = True for insn in md.disasm(code, 0x1000): print_insn_detail(insn) print() print("0x%x:\n" % (insn.address + insn.size)) except CsError as e: print("ERROR: %s" % e)
def test_class(): for (arch, mode, code, comment) in all_tests: print("*" * 16) print("Platform: %s" % comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) md.detail = True for insn in md.disasm(code, 0x1000): print_insn_detail(insn) print () print("0x%x:\n" % (insn.address + insn.size)) except CsError as e: print("ERROR: %s" %e)
def test_class(): for (arch, mode, code, comment, syntax) in all_tests: print("*" * 16) print("Platform: %s" % comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) if syntax is not None: md.syntax = syntax md.detail = True for insn in md.disasm(code, 0x1000): print_insn_detail(insn) print() except CsError as e: print("ERROR: %s" % e)
def test_class(): for (arch, mode, code, comment, syntax) in all_tests: print("*" * 16) print("Platform: %s" % comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) if syntax: md.syntax = syntax md.detail = True for insn in md.disasm(code, 0x1000): print_insn_detail(insn) print() except CsError as e: print("ERROR: %s" % e)
def test_class(): for (arch, mode, code, comment, syntax) in all_tests: print('*' * 16) print("Platform: %s" % comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) if syntax is not None: md.syntax = syntax md.skipdata = True # Default "data" instruction's name is ".byte". To rename it to "db", just use # the code below. md.skipdata_setup = ("db", None, None) # NOTE: This example ignores SKIPDATA's callback (first None) & user_data (second None) # Can also use dedicated setter #md.skipdata_mnem = 'db' # To customize the SKIPDATA callback, use the line below. #md.skipdata_setup = (".db", testcb, None) # Or use dedicated setter with custom parameter #md.skipdata_callback = (testcb, 42) # Or provide just a function #md.skipdata_callback = testcb # Note that reading this property will always return a tuple #assert md.skipdata_callback == (testcb, None) for insn in md.disasm(code, 0x1000): #bytes = binascii.hexlify(insn.bytes) #print("0x%x:\t%s\t%s\t// hex-code: %s" %(insn.address, insn.mnemonic, insn.op_str, bytes)) print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str)) print("0x%x:" % (insn.address + insn.size)) print except CsError as e: print("ERROR: %s" % e)
def test_class(): for (arch, mode, code, comment, syntax) in all_tests: print('*' * 16) print("Platform: %s" %comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) if syntax is not None: md.syntax = syntax md.skipdata = True # Default "data" instruction's name is ".byte". To rename it to "db", just use # the code below. md.skipdata_setup = ("db", None, None) # NOTE: This example ignores SKIPDATA's callback (first None) & user_data (second None) # Can also use dedicated setter #md.skipdata_mnem = 'db' # To customize the SKIPDATA callback, use the line below. #md.skipdata_setup = (".db", testcb, None) # Or use dedicated setter with custom parameter #md.skipdata_callback = (testcb, 42) # Or provide just a function #md.skipdata_callback = testcb # Note that reading this property will always return a tuple #assert md.skipdata_callback == (testcb, None) for insn in md.disasm(code, 0x1000): #bytes = binascii.hexlify(insn.bytes) #print("0x%x:\t%s\t%s\t// hex-code: %s" %(insn.address, insn.mnemonic, insn.op_str, bytes)) print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str)) print("0x%x:" % (insn.address + insn.size)) print except CsError as e: print("ERROR: %s" % e)
def test_class(): CODE = X86_CODE64.decode("hex") # f = open("X86_CODE64.txt", 'w') # f.write(CODE) # f.close() all_tests = ((CS_ARCH_X86, CS_MODE_64, CODE, "X86 64 (Intel syntax)", None), ) for (arch, mode, code, comment, syntax) in all_tests: print("Code: %s" % to_hex(code)) try: md = Cs(arch, mode) md.detail = True if syntax is not None: md.syntax = syntax for insn in md.disasm(code, 0x1000): print_insn_detail(mode, insn) except CsError as e: print("ERROR: %s" % e)
def test_class(): address = 0x01000 for (arch, mode, code, comment) in all_tests: print("*" * 16) print("Platform: %s" % comment) print("Code: %s " % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) md.detail = True last_address = 0 for insn in md.disasm(code, address): last_address = insn.address + insn.size print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str)) print_insn_detail(insn) print("0x%x:\n" % (last_address)) except CsError as e: print("ERROR: %s" % e.__str__())
def test_class(): for (arch, mode, code, comment, syntax) in all_tests: print('*' * 16) print("Platform: %s" % comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) if syntax is not None: md.syntax = syntax for (addr, size, mnemonic, op_str) in md.disasm_lite(code, 0x1000): print("0x%x:\t%s\t%s" % (addr, mnemonic, op_str)) print("0x%x:" % (addr + size)) print() except CsError as e: print("ERROR: %s" % e)
def test_class(): CODE = X86_CODE64.decode("hex") # f = open("X86_CODE64.txt", 'w') # f.write(CODE) # f.close() all_tests = ( (CS_ARCH_X86, CS_MODE_64, CODE, "X86 64 (Intel syntax)", None), ) for (arch, mode, code, comment, syntax) in all_tests: print("Code: %s" % to_hex(code)) try: md = Cs(arch, mode) md.detail = True if syntax is not None: md.syntax = syntax for insn in md.disasm(code, 0x1000): print_insn_detail(mode, insn) except CsError as e: print("ERROR: %s" % e)
def test_class(): for arch, mode, code, comment, syntax in all_tests: print('*' * 16) print("Platform: %s" % comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) if syntax != 0: md.syntax = syntax for insn in md.disasm(code, 0x1000): # bytes = binascii.hexlify(insn.bytes) # print("0x%x:\t%s\t%s\t// hex-code: %s" %(insn.address, insn.mnemonic, insn.op_str, bytes)) print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str)) print("0x%x:" % (insn.address + insn.size)) print() except CsError as e: print("ERROR: %s" % e)
def test_class(): # X86_CODE64 = b"\x66\x2e\x0f\x1f\x84\x00\x00\x00\x00\x00" #X86_CODE64 =\x41\x55\x41\x54" # # X86_CODE16 = b"\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00\x8d\x87\x89\x67\x00\x00\xb4\xc6\x66\xe9\xb8\x00\x00\x00\x67\xff\xa0\x23\x01\x00\x00\x66\xe8\xcb\x00\x00\x00\x74\xfc" # # X86_CODE32 = b"\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00\x8d\x87\x89\x67\x00\x00\xb4\xc6\xe9\xea\xbe\xad\xde\xff\xa0\x23\x01\x00\x00\xe8\xdf\xbe\xad\xde\x74\xff" all_tests = [ # # (CS_ARCH_X86, CS_MODE_16, X86_CODE16, "X86 16bit (Intel syntax)", None), # # (CS_ARCH_X86, CS_MODE_32, X86_CODE32, "X86 32 (AT&T syntax)", CS_OPT_SYNTAX_ATT), # # (CS_ARCH_X86, CS_MODE_32, X86_CODE32, "X86 32 (Intel syntax)", None), (CS_ARCH_X86, CS_MODE_64, b"\x48\x89\xe7", "X86 64 (Intel syntax)", None), (CS_ARCH_X86, CS_MODE_64, b"\xe8\x00\x00\x0d\x78", "X86 64 (Intel syntax)", None), (CS_ARCH_X86, CS_MODE_64, b"\x55", "X86 64 (Intel syntax)", None), (CS_ARCH_X86, CS_MODE_64, b"\x48\x89\xe5", "X86 64 (Intel syntax)", None), (CS_ARCH_X86, CS_MODE_64, b"\x41\x57", "X86 64 (Intel syntax)", None), (CS_ARCH_X86, CS_MODE_64, b"\x41\x56", "X86 64 (Intel syntax)", None), (CS_ARCH_X86, CS_MODE_64, b"\x41\x55", "X86 64 (Intel syntax)", None), (CS_ARCH_X86, CS_MODE_64, b"\x41\x54", "X86 64 (Intel syntax)", None), ] #all_tests=[] #path="/media/william/000B4BAB0003D134/WSL/compress/capstone/X86_hello_padded" #with open(path, 'r') as f: # data=f.readlines() # for inst in data: # inst=inst.replace("0x","").replace('\n',"") # # if(len(inst)%2!=0): # # inst='0'+inst # pattern = re.compile('.{2}') # inst='|'.join(pattern.findall(inst)) # inst=list(inst.split('|')) # for i,val in enumerate(inst): # inst[i]=int(val,16) # inst=bytes(inst) # all_tests.append((CS_ARCH_X86, CS_MODE_64, inst, "X86 64 (Intel syntax)", None)) with open("data/_X86_legacy", "w") as fleg: with open("data/_X86_prefix", "w") as fpre: with open("data/_X86_opcode", "w") as fopc: with open("data/_X86_modrm", "w") as fmod: with open("data/_X86_sib", "w") as fsib: # with open("data/_X86_dis", "w") as fdis: # with open("data/_X86_imm", "w") as fimm: with open("data/_X86_rest", "w") as frest: for (arch, mode, code, comment, syntax) in all_tests: print("*" * 16) print("Platform: %s" % comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) md.detail = True if syntax is not None: md.syntax = syntax for insn in md.disasm(code, 0x1000): print_insn_detail(mode, insn) if(to_hex(code)[2:4]=="f3"): insn.prefix[0]=0xf3 write_hex(fleg,insn.prefix,False) if(insn.rex==0): fpre.write('\n') else: fpre.write("%02x\n" % (insn.rex)) # write_hex(fpre,insn.rex) write_hex(fopc,insn.opcode) if(insn.modrm==0): fmod.write('\n') else: fmod.write("%02x\n" % (insn.modrm)) # write_hex(fmod,insn.modrm) if(insn.sib==0): fsib.write('\n') else: fsib.write("%02x\n" % (insn.sib)) # write_hex(fsib,insn.sib) # print () cur_insn='{}{}{}{}{}'.format(get_hex(insn.prefix,False),get_hex([insn.rex]),get_hex(insn.opcode),get_hex([insn.modrm]),get_hex([insn.sib])) # while(cur_insn[0]=='0'): # cur_insn=cur_insn[1:len(cur_insn)] code_t=to_hex(code).replace(" ","").replace("0x","") print(code_t) rest=code_t[len(cur_insn):len(code_t)] print(rest) frest.write("%s\n" % rest) print(cur_insn) # print(to_hex(code).replace(" ","").replace("0x","")) break print ("0x%x:\n" % (insn.address + insn.size)) except CsError as e: print("ERROR: %s" % e)
def test_class(): # X86_CODE64 = b"\x66\x2e\x0f\x1f\x84\x00\x00\x00\x00\x00" # X86_CODE64 =b"\xf3\x48\xab" # # X86_CODE16 = b"\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00\x8d\x87\x89\x67\x00\x00\xb4\xc6\x66\xe9\xb8\x00\x00\x00\x67\xff\xa0\x23\x01\x00\x00\x66\xe8\xcb\x00\x00\x00\x74\xfc" # # X86_CODE32 = b"\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00\x8d\x87\x89\x67\x00\x00\xb4\xc6\xe9\xea\xbe\xad\xde\xff\xa0\x23\x01\x00\x00\xe8\xdf\xbe\xad\xde\x74\xff" # all_tests = [ # # (CS_ARCH_X86, CS_MODE_16, X86_CODE16, "X86 16bit (Intel syntax)", None), # # (CS_ARCH_X86, CS_MODE_32, X86_CODE32, "X86 32 (AT&T syntax)", CS_OPT_SYNTAX_ATT), # # (CS_ARCH_X86, CS_MODE_32, X86_CODE32, "X86 32 (Intel syntax)", None), # (CS_ARCH_X86, CS_MODE_64, X86_CODE64, "X86 64 (Intel syntax)", None), # ] all_tests = [] path = "X86_hello_padded" out = "X86_newinsn" with open(path, 'r') as f, open(out, "w") as outf: data = f.readlines() for inst in data: inst = inst.replace("0x", "").replace('\n', "") pattern = re.compile('.{2}') inst = '|'.join(pattern.findall(inst)) inst = list(inst.split('|')) for i, val in enumerate(inst): inst[i] = int(val, 16) inst = bytes(inst) all_tests.append( (CS_ARCH_X86, CS_MODE_64, inst, "X86 64 (Intel syntax)", None)) for (arch, mode, code, comment, syntax) in all_tests: print("*" * 16) print("Platform: %s" % comment) print("Code: %s" % to_hex(code)) print("Disasm:") try: md = Cs(arch, mode) md.detail = True insnflag = [0, 0, 0, 0, 0, 0, 0] if syntax is not None: md.syntax = syntax for insn in md.disasm(code, 0x1000): print_insn_detail(mode, insn) # Legancy Prefix if (to_hex(code)[2:4] == "f3"): insn.prefix[0] = 0xf3 prefixflag = [0, 0, 0, 0, 0, 0, 0] stack = [] g1 = ["f0", "f2", "f3"] #0,1,2 binary g2 = ["2e", "26", "3e", "26", "64", "65"] g3 = ["66"] g4 = ["67"] for c in insn.prefix: if (c != 0): stack.append(c) if (len(stack) > 0): insnflag[0] = 1 while (len(stack) > 0): str_str = "{:02x}".format(stack.pop()).rstrip() if (str_str in g1): i = g1.index(str_str.rstrip()) i = i + 1 prefixflag[0] = int(int2bin(i, 2)[0], 2) prefixflag[1] = int(int2bin(i, 2)[1], 2) elif (str_str in g2): i = g2.index(str_str.rstrip()) i = i + 1 prefixflag[2] = int(int2bin(i, 3)[0], 2) prefixflag[3] = int(int2bin(i, 3)[1], 2) prefixflag[4] = int(int2bin(i, 3)[2], 2) elif (str_str in g3): i = g3.index(str_str.rstrip()) i = i + 1 prefixflag[5] = int(int2bin(i, 1), 2) elif (str_str in g4): i = g4.index(str_str.rstrip()) i = i + 1 prefixflag[6] = int(int2bin(i, 1), 2) #REX prefix if (insn.rex != 0): insnflag[1] = 1 hex_rex = get_hex([insn.rex]) hex_rex = hex_rex[1] #40H-4FH只取第二字符 #opcode opcode = get_hex(insn.opcode) byte_opcode = int(len(opcode) / 2) real_opcode = opcode[len(opcode) - 2:len(opcode)] if (byte_opcode == 3 and opcode[0:3] == "0f38"): byte_opcode = 4 insnflag[2] = int(int2bin(byte_opcode - 1, 2)[0], 2) insnflag[3] = int(int2bin(byte_opcode - 1, 2)[1], 2) #modr/m if (insn.modrm != 0): insnflag[4] = 1 #sib if (insn.sib != 0): insnflag[5] = 1 #rest=dist+imm cur_insn = '{}{}{}{}{}'.format(get_hex(insn.prefix, False), get_hex([insn.rex]), get_hex(insn.opcode), get_hex([insn.modrm]), get_hex([insn.sib])) code_t = to_hex(code).replace(" ", "").replace("0x", "") rest = code_t[len(cur_insn):len(code_t)] if (rest.strip() != ""): insnflag[6] = 1 #新编码 newinsnflag = "" for c in insnflag: newinsnflag = newinsnflag + str(c) newinsn = hex(int(newinsnflag, 2)).replace("0x", "") if (insnflag[0] == "1"): newprefixflag = "" for c in prefixflag: newprefixflag = newprefixflag + str(c) newinsn = newinsn + hex(int(newprefixflag, 2)).replace( "0x", "") if (insnflag[1] == "1"): newinsn = newinsn + hex_rex newinsn = newinsn + real_opcode if (insnflag[4] == "1"): newinsn = newinsn + get_hex([insn.modrm]) if (insnflag[5] == "1"): newinsn = newinsn + get_hex([insn.sib]) if (insnflag[6] == "1"): newinsn = newinsn + hex(len(rest)).replace( "0x", "") + rest #记录字符数可以免去换行符 outf.write(newinsn) break #print ("0x%x:\n" % (insn.address + insn.size)) except CsError as e: print("ERROR: %s" % e)
def print_insn(md, code): print("%s\t" % to_hex(code, False), end="") for insn in md.disasm(code, 0x1000): print("\t%s\t%s\n" % (insn.mnemonic, insn.op_str))
#!/usr/bin/env python # Capstone Python bindings, by Nguyen Anh Quynnh <*****@*****.**> from __future__ import print_function from capstone import * from xprint import to_hex CODE = "\x60\x61\x50" cs = Cs(CS_ARCH_EVM, 0) cs.detail = True print("Platform: EVM") print("Code: %s" % to_hex(CODE)) print("Disasm:") for i in cs.disasm(CODE, 0x80001000): print("0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str)) if i.pop > 0: print("\tPop: %u" % i.pop) if i.push > 0: print("\tPush: %u" % i.push) if i.fee > 0: print("\tGas fee: %u" % i.fee) if len(i.groups) > 0: print("\tGroups: ", end=''), for m in i.groups: print("%s " % i.group_name(m), end=''), print()
#!/usr/bin/env python # Capstone Python bindings, by Nguyen Anh Quynnh <*****@*****.**> from __future__ import print_function from capstone import * from xprint import to_hex CODE = "\x60\x61\x50" cs = Cs(CS_ARCH_EVM, 0) cs.detail = True print("Platform: EVM") print("Code: %s" %to_hex(CODE)) print("Disasm:") for i in cs.disasm(CODE, 0x80001000): print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str)) if i.pop > 0: print("\tPop: %u" %i.pop) if i.push > 0: print("\tPush: %u" %i.push) if i.fee > 0: print("\tGas fee: %u" %i.fee) if len(i.groups) > 0: print("\tGroups: ", end=''), for m in i.groups: print("%s " % i.group_name(m), end=''), print()