def main(fname):
""" Basic python version of the tools:
- "objdump -d" (linux)
- "dumpbin /disasm" (MSVC)
It parses the AR and COFF structures, but uses the "capstone" library to disassemble
"""
for coff in read_lib_file(fname):
if coff:
syms = deque(coff.symbols)
#print (syms)
md = Cs(CS_ARCH_X86, CS_MODE_32)
md.skipdata = True
# iterate through "CsInsn"
for i in md.disasm(coff.sections[0].data, 0x000):
while syms and i.address >= syms[0].value:
if syms[0].type == 32 and syms[0].section_number == 1:
print(syms[0].name.decode(errors="ignore") + ":")
syms.popleft()
instr_bytes = i.bytes
remain_bytes = b""
if len(instr_bytes) >= 6:
instr_bytes, remain_bytes = instr_bytes[:6], instr_bytes[
6:]
if not i.op_str:
asm_part = i.mnemonic
else:
asm_part = "%-12s%s" % (i.mnemonic, format_asm(i.op_str))
print(" %08X: %-19s" %
(i.address, hex_with_spaces(instr_bytes)) + asm_part)
if remain_bytes:
print(" %s" % (hex_with_spaces(remain_bytes)))
def main(fname):
""" Basic python version of the tools:
- "objdump -d" (linux)
- "dumpbin /disasm" (MSVC)
It parses the AR and COFF structures, but uses the "capstone" library to disassemble
"""
for coff in read_lib_file(fname):
if coff:
syms = deque(coff.symbols)
md = Cs(CS_ARCH_X86, CS_MODE_32)
md.skipdata = True
for i in md.disasm(coff.sections[0].data, 0x000):
if syms and i.address >= syms[0].value:
if syms[0].type == 32:
print(syms[0].name.decode(errors="ignore"))
syms.popleft()
print(" 0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str))
