def __init__(self, filename, raw_type, raw_base, raw_big_endian, database):
import capstone as CAPSTONE
arch_lookup = {
"x86": CAPSTONE.CS_ARCH_X86,
"x64": CAPSTONE.CS_ARCH_X86,
"ARM": CAPSTONE.CS_ARCH_ARM,
"MIPS32": CAPSTONE.CS_ARCH_MIPS,
"MIPS64": CAPSTONE.CS_ARCH_MIPS,
}
mode_lookup = {
"x86": CAPSTONE.CS_MODE_32,
"x64": CAPSTONE.CS_MODE_64,
"ARM": CAPSTONE.CS_ARCH_ARM,
"MIPS32": CAPSTONE.CS_MODE_MIPS32,
"MIPS64": CAPSTONE.CS_MODE_MIPS64,
}
word_size_lookup = {
"x86": 4,
"x64": 8,
"ARM": 4,
"MIPS32": 4,
"MIPS64": 8,
}
self.capstone_inst = {} # capstone instruction cache
self.db = database
if database.loaded:
self.mem = database.mem
else:
self.mem = Memory()
database.mem = self.mem
self.instanciate_binary(filename, raw_type, raw_base, raw_big_endian)
if self.binary.arch not in ("x86", "x64", "MIPS32", "MIPS64", "ARM"):
raise ExcArch(arch)
self.wordsize = word_size_lookup.get(self.binary.arch, None)
self.binary.wordsize = self.wordsize
self.is_mips = self.binary.arch in ("MIPS32", "MIPS64")
self.is_x86 = self.binary.arch in ("x86", "x64")
self.is_arm = self.binary.arch in ("ARM")
self.is_big_endian = self.binary.is_big_endian()
self.binary.load_section_names()
self.jmptables = database.jmptables
self.user_inline_comments = database.user_inline_comments
self.internal_inline_comments = database.internal_inline_comments
self.user_previous_comments = database.user_previous_comments
self.internal_previous_comments = database.internal_previous_comments
self.functions = database.functions
self.func_id = database.func_id
self.end_functions = database.end_functions
self.xrefs = database.xrefs
self.mem.xrefs = database.xrefs
self.mem.data_sub_xrefs = database.data_sub_xrefs
self.mips_gp = database.mips_gp
if not database.loaded:
self.load_symbols()
database.symbols = self.binary.symbols
database.reverse_symbols = self.binary.reverse_symbols
database.demangled = self.binary.demangled
database.reverse_demangled = self.binary.reverse_demangled
database.imports = self.binary.imports
else:
self.binary.symbols = database.symbols
self.binary.reverse_symbols = database.reverse_symbols
self.binary.demangled = database.demangled
self.binary.reverse_demangled = database.reverse_demangled
self.binary.imports = database.imports
cs_arch = arch_lookup.get(self.binary.arch, None)
cs_mode = mode_lookup.get(self.binary.arch, None)
if self.is_big_endian:
cs_mode |= CAPSTONE.CS_MODE_BIG_ENDIAN
else:
cs_mode |= CAPSTONE.CS_MODE_LITTLE_ENDIAN
self.capstone = CAPSTONE
self.md = CAPSTONE.Cs(cs_arch, cs_mode)
self.md.detail = True
for s in self.binary.iter_sections():
s.big_endian = cs_mode & CAPSTONE.CS_MODE_BIG_ENDIAN
if self.binary.arch == "x86":
warning("To compute correctly the value of esp, the frame size must")
warning("be correct. But the heuristic is very simple actually.")
warning("So every references to ebp should be correct but for esp it")
warning("may have some errors.")
warning("In the visual press I to show original instructions.")
def __init__(self, filename, raw_type, raw_base, raw_big_endian, database):
import capstone as CAPSTONE
arch_lookup = {
"x86": CAPSTONE.CS_ARCH_X86,
"x64": CAPSTONE.CS_ARCH_X86,
"ARM": CAPSTONE.CS_ARCH_ARM,
"MIPS32": CAPSTONE.CS_ARCH_MIPS,
"MIPS64": CAPSTONE.CS_ARCH_MIPS,
}
mode_lookup = {
"x86": CAPSTONE.CS_MODE_32,
"x64": CAPSTONE.CS_MODE_64,
"ARM": CAPSTONE.CS_ARCH_ARM,
"MIPS32": CAPSTONE.CS_MODE_MIPS32,
"MIPS64": CAPSTONE.CS_MODE_MIPS64,
}
word_size_lookup = {
"x86": 4,
"x64": 8,
"ARM": 4,
"MIPS32": 4,
"MIPS64": 8,
}
self.capstone_inst = {} # capstone instruction cache
self.db = database
if database.loaded:
self.mem = database.mem
else:
self.mem = Memory()
database.mem = self.mem
self.instanciate_binary(filename, raw_type, raw_base, raw_big_endian)
if self.binary.arch not in ("x86", "x64", "MIPS32", "MIPS64", "ARM"):
raise ExcArch(self.binary.arch)
self.wordsize = word_size_lookup.get(self.binary.arch, None)
self.binary.wordsize = self.wordsize
self.is_mips = self.binary.arch in ("MIPS32", "MIPS64")
self.is_x86 = self.binary.arch in ("x86", "x64")
self.is_arm = self.binary.arch in ("ARM")
self.is_big_endian = self.binary.is_big_endian()
self.binary.load_section_names()
self.jmptables = database.jmptables
self.user_inline_comments = database.user_inline_comments
self.internal_inline_comments = database.internal_inline_comments
self.user_previous_comments = database.user_previous_comments
self.internal_previous_comments = database.internal_previous_comments
self.functions = database.functions
self.func_id = database.func_id
self.end_functions = database.end_functions
self.xrefs = database.xrefs
self.mem.xrefs = database.xrefs
self.mem.data_sub_xrefs = database.data_sub_xrefs
self.mips_gp = database.mips_gp
if not database.loaded:
self.load_symbols()
database.symbols = self.binary.symbols
database.reverse_symbols = self.binary.reverse_symbols
database.demangled = self.binary.demangled
database.reverse_demangled = self.binary.reverse_demangled
database.imports = self.binary.imports
else:
self.binary.symbols = database.symbols
self.binary.reverse_symbols = database.reverse_symbols
self.binary.demangled = database.demangled
self.binary.reverse_demangled = database.reverse_demangled
self.binary.imports = database.imports
cs_arch = arch_lookup.get(self.binary.arch, None)
cs_mode = mode_lookup.get(self.binary.arch, None)
if self.is_big_endian:
cs_mode |= CAPSTONE.CS_MODE_BIG_ENDIAN
else:
cs_mode |= CAPSTONE.CS_MODE_LITTLE_ENDIAN
self.capstone = CAPSTONE
self.md = CAPSTONE.Cs(cs_arch, cs_mode)
self.md.detail = True
for s in self.binary.iter_sections():
s.big_endian = cs_mode & CAPSTONE.CS_MODE_BIG_ENDIAN
def __load_memory(self, data):
self.mem = Memory()
self.mem.mm = data["mem"]
