Python源码示例:capstone.Cs()
示例1
def _locate_gadgets(self, section, terminals, gadget_type):
disassembler = cs.Cs(cs.CS_ARCH_X86, cs.CS_MODE_32)
for terminal in terminals:
matches = [match.start() for match in re.finditer(terminal[0],
section["data"])]
for index in matches:
for i in range(self._options.depth):
gadget = ""
instructions = disassembler.disasm_lite(
section["data"][index-i:index+terminal[1]],
section["vaddr"]+index)
for instruction in instructions:
gadget += (str(instruction[2]) + " " +
str(instruction[3]) + " ; ")
if gadget:
gadget = gadget.replace(" ", " ")
gadget = gadget[:-3]
self._gadgets += [{"vaddr" : section["vaddr"]+index-i,
"insts" : gadget,
"gadget_type" : gadget_type}]
示例2
def __init__(self, mode, **kwargs):
super(Capstone, self).__init__(mode, **kwargs)
if self.mode == "I386":
self.cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
elif self.mode == "AMD64":
self.cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
elif self.mode == "MIPS":
self.cs = capstone.Cs(capstone.CS_ARCH_MIPS, capstone.CS_MODE_32 +
capstone.CS_MODE_BIG_ENDIAN)
# This is not really supported yet.
elif self.mode == "ARM":
self.cs = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
else:
raise NotImplementedError(
"No disassembler available for this arch.")
self.cs.detail = True
self.cs.skipdata_setup = ("db", None, None)
self.cs.skipdata = True
示例3
def disasm1(data, addr):
if not data: return
arch_dis = get_arch_dis()
#if 'binaryninja' in sys.modules:
# return utils.disasm1(data, addr, arch_dis)
if arch == 'z80':
from z80dis import z80
decoded = z80.decode(data, addr)
return (z80.disasm(decoded), decoded.len)
else:
import capstone
if arch_dis == 'x86_64':
md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
elif arch_dis == 'x86':
md = capstone.Cs(capstone.CS_ARCH_X86, 0)
gen = md.disasm(data, addr)
insn = next(gen)
return ('%s %s' % (insn.mnemonic, insn.op_str), insn.size)
示例4
def init_disassembler_engine(self):
# init state for disasambler
# set capstone, lexer, asmline
arch, mode = self.plugin.hintDisasm()
self.disasm_engine = capstone.Cs(arch, mode)
self.disasm_engine.detail = True
if arch == capstone.CS_ARCH_X86:
Lexer = X86_Lexer()
if arch == capstone.CS_ARCH_ARM and mode in [capstone.CS_MODE_ARM, capstone.CS_MODE_THUMB]:
Lexer = ARM_Lexer()
if arch == capstone.CS_ARCH_ARM64:
Lexer = ARM64_Lexer()
# todo: ASM_ARM_Line?
self.ASMLine = ASMx86Line
Lexer.build()
self.lexer = Lexer.lexer()
示例5
def __init__(self, arch, mode):
self.arch = arch
self.mode = mode
self.capstone = Cs(self.arch, self.mode)
self.prologues = {
# Triple backslash (\\\) are needed to escape bytes in the compiled regex
CS_MODE_32: [
b"\x55\x89\xE5", # push ebp & mov ebp, esp
b"\x55\x8B\xEC", # push ebp & mov ebp, esp
b"\x55\x8b\x6c\x24", # push ebp & mov ebp, [esp+?]
],
CS_MODE_64: [
b"\x55\x48\x89\xE5", # push rbp & mov rbp, rsp
]
}[mode]
self.conditional_jmp_mnemonics = {'jz', 'je', 'jcxz', 'jecxz', 'jrcxz', 'jnz', 'jp', 'jpe', 'jnp', 'ja', 'jae', 'jb', 'jbe', 'jg', 'jge', 'jl', 'jle', 'js', 'jns', 'jo', 'jno', 'jecxz', 'loop', 'loopne', 'loope', 'jne'}
self.x86_32_registers = {'eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'esp', 'ebp'}
self.max_instruction_size = 16
示例6
def _cs_disassemble_one(self, data, address):
"""Disassemble the data into an instruction in string form.
"""
disasm = list(self._disassembler.disasm(bytes(data), address))
# TODO: Improve this check.
if len(disasm) > 0:
return disasm[0]
else:
cs_arm = Cs(CS_ARCH_ARM, CS_MODE_ARM)
cs_arm.detail = True
disasm = list(cs_arm.disasm(bytes(data), address))
if len(disasm) > 0:
return disasm[0]
else:
raise InvalidDisassemblerData("CAPSTONE: Unknown instruction (Addr: {:s}).".format(hex(address)))
示例7
def __setup_available_disassemblers(self):
arch_map = {
ARCH_ARM_MODE_ARM: CS_MODE_ARM,
ARCH_ARM_MODE_THUMB: CS_MODE_THUMB,
}
self._available_disassemblers = {
ARCH_ARM_MODE_ARM: Cs(CS_ARCH_ARM, arch_map[ARCH_ARM_MODE_ARM]),
ARCH_ARM_MODE_THUMB: Cs(CS_ARCH_ARM, arch_map[ARCH_ARM_MODE_THUMB]),
}
self._available_disassemblers[ARCH_ARM_MODE_ARM].detail = True
self._available_disassemblers[ARCH_ARM_MODE_THUMB].detail = True
# Casptone to BARF translation
# ======================================================================== #
示例8
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_ARM, uc.UC_MODE_ARM)
self.disasm = cs.Cs(cs.CS_ARCH_ARM, cs.CS_MODE_ARM | cs.CS_MODE_THUMB)
self.disasm.detail = True
self.word_size = 4
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.arm_const.UC_ARM_REG_PC
known_regs = [i[len('UC_ARM_REG_'):] for i in dir(uc.arm_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.arm_const, 'UC_ARM_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()
示例9
def __init__(self, trace=True, sca_mode=False, local_vars=[]):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_ARM64, uc.UC_MODE_ARM)
self.disasm = cs.Cs(cs.CS_ARCH_ARM64, cs.CS_MODE_ARM)
self.disasm.detail = True
self.word_size = 8
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.arm64_const.UC_ARM64_REG_PC
known_regs = [i[len('UC_ARM64_REG_'):] for i in dir(uc.arm64_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.arm64_const, 'UC_ARM64_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()
示例10
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_M68K, uc.UC_MODE_BIG_ENDIAN)
self.disasm = cs.Cs(cs.CS_ARCH_M68K, cs.CS_MODE_M68K_000)
self.disasm.detail = True
self.word_size = 4
self.endianness = "big"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.m68k_const.UC_M68K_REG_PC
known_regs = [i[len('UC_M68K_REG_'):] for i in dir(uc.m68k_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.m68k_const, 'UC_M68K_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()
示例11
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_X86, uc.UC_MODE_64)
self.disasm = cs.Cs(cs.CS_ARCH_X86, cs.CS_MODE_64)
self.disasm.detail = True
self.word_size = 8
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.x86_const.UC_X86_REG_RIP
# workaround for capstone 4
uc.x86_const.UC_X86_REG_RFLAGS = uc.x86_const.UC_X86_REG_EFLAGS
known_regs = [i[len('UC_X86_REG_'):] for i in dir(uc.x86_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.x86_const, 'UC_X86_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()
示例12
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_ARM, uc.UC_MODE_THUMB | uc.UC_MODE_MCLASS)
self.disasm = cs.Cs(cs.CS_ARCH_ARM, cs.CS_MODE_THUMB | cs.CS_MODE_MCLASS)
self.disasm.detail = True
self.word_size = 4
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.arm_const.UC_ARM_REG_PC
known_regs = [i[len('UC_ARM_REG_'):] for i in dir(uc.arm_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.arm_const, 'UC_ARM_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()
# Force mapping of those addresses so that
# exception returns can be caught in the base
# block hook rather than a code fetch hook
self.map_space(0xfffffff0, 0xffffffff)
self.emu.hook_add(uc.UC_HOOK_INTR, self.intr_hook)
示例13
def _set_arch(self, arch, *modes):
"""
Try and set the current architecture
"""
try:
a = self.valid_archs[''.join(['CS_ARCH_', arch.upper()])]
if a is None:
l.error("Invalid architecture selected - run lsarch for valid options")
return False
ms = [self.modes[''.join(['CS_MODE_', m.upper()])] for m in modes]
except KeyError:
l.error("ERROR: Invalid architecture or mode string specified")
return False
try:
_cs = cs.Cs(a, sum(ms))
self._arch = (arch, modes)
l.debug("Architecture set to %s, mode(s): %s", arch, ', '.join(modes))
self._cs = _cs
except cs.CsError as e:
l.error("ERROR: %s", e)
return False
return True
示例14
def find_rr_writes_capstone(address, data):
#print 'Using capstone'
cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
cs.detail = True
writes = []
for insn in cs.disasm(data, address):
if insn.mnemonic[:3] == 'ret':
break
if insn.mnemonic[:3] != 'mov':
continue
# potential write
opnd = insn.operands[0]
if opnd.type != csx86.X86_OP_MEM:
continue
if opnd.mem.base != csx86.X86_REG_RIP:
continue
# RIP-relative write
writes.append((insn.address + insn.size + opnd.mem.disp, opnd.size))
return writes
# Consolidate contiguous writes into single segments
示例15
def set_mode(self, mode):
if mode == UC_MODE_32:
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
self.reg_rsp = UC_X86_REG_ESP
self.reg_rbp = UC_X86_REG_EBP
self.reg_rip = UC_X86_REG_EIP
elif mode == UC_MODE_64:
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
self.reg_rsp = UC_X86_REG_RSP
self.reg_rbp = UC_X86_REG_RBP
self.reg_rip = UC_X86_REG_RIP
elif mode == UC_MODE_16:
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_16)
self.reg_rsp = UC_X86_REG_SP
self.reg_rbp = UC_X86_REG_BP
self.reg_rip = UC_X86_REG_IP
else:
raise Exception('Unknown x86 mode: %d' % mode)
self.mode = mode
示例16
def __init__(self):
super(AsmBase, self).__init__()
# Initialize keystone and capstone as soon as an instance
# of this plugin will be created.
if not keystone:
self.log.debug('Keystone is required for ' + self.__class__.__name__)
return
if not capstone:
self.log.debug('Capstone is required for ' + self.__class__.__name__)
return
if getattr(self, 'args', None) and self.args and getattr(self.args, 'bigendian', None) \
and self.args.bigendian:
self.ks = keystone.Ks(self.keystone_arch,
self.keystone_mode + keystone.KS_MODE_BIG_ENDIAN)
self.cs = capstone.Cs(self.capstone_arch,
capstone.CS_MODE_BIG_ENDIAN)
else:
self.ks = keystone.Ks(self.keystone_arch,
self.keystone_mode + keystone.KS_MODE_LITTLE_ENDIAN)
self.cs = capstone.Cs(self.capstone_arch,
capstone.CS_MODE_LITTLE_ENDIAN)
示例17
def __init__(self, config: [str, "configspec"]) -> None:
if isinstance(config, str):
from unicorefuzz.configspec import load_config
config = load_config(config)
self.config = config # type: configspec
self.arch = get_arch(config.ARCH) # type: Architecture
self._mapped_page_cache = {} # type: Dict[int, bytes]
self.cs = Cs(self.arch.capstone_arch, self.arch.capstone_mode) # type: Cs
self.statedir = os.path.join(config.WORKDIR, "state") # type: str
self.requestdir = os.path.join(config.WORKDIR, "requests") # type: str
self.exits = None # type: Optional[List[int]]
# fore some things like the fuzz child we want to disable logging, In this case, we set should_log to False.
self.should_log = True # type: bool
示例18
def OnDisas(command):
lex = command.rstrip().split(' ')
regs = DisplayRegistersMIPS(GdbCommand('g'))
pc = hex2int(regs[reg_map_rev['pc']])
for lexem in lex[1:]:
if lexem != 'aslr':
if not isValidDword(lexem):
logger.error('Invalid address supplied')
return
pc = hex2int(lexem)
logger.debug('OnDisas PC = {}'.format(pc))
buf = OnReadMem(int2hex(pc - 20 * 4), 40 * 4)
md = cs.Cs(cs.CS_ARCH_MIPS, cs.CS_MODE_MIPS32 | cs.CS_MODE_BIG_ENDIAN)
if len(lex) > 1:
if lex[1] == 'aslr' and aslr_offset != None:
pc -= aslr_offset
for i in md.disasm(buf.decode('hex'), pc - 20 * 4):
color = 'green' if i.address == pc else 'blue'
print("0x%x:\t%s\t%s" %(i.address, colored(i.mnemonic, color), colored(i.op_str, color)))
示例19
def extract(self):
"""Extract the control flow graph from the binary."""
# Allocate a new graph
self.graph = graph_alloc(0)
# Initialize binary info
self.info = get_inf_structure()
# Initialize Capstone
if self.info.is_64bit():
mode = capstone.CS_MODE_64
else:
mode = capstone.CS_MODE_32
self.capstone = capstone.Cs(capstone.CS_ARCH_X86, mode)
# Get the Entry Point
entry = None
try:
start_ea = self.info.start_ea
if start_ea != 0xffffffff:
entry = start_ea
except:
try:
entry = BeginEA()
except:
pass
if entry is None:
print("WARNING: Could not determine entrypoint")
else:
self.dis(ea=entry, is_child1=None, ifrom=None)
# Scan all the functions
for ea in Functions():
self.dis(ea=ea, is_child1=None, ifrom=None)
update_children_fathers_number(self.graph)
# Information
print("%s graph has %d nodes" % (get_root_filename(),
self.graph.nodes.size))
示例20
def __init__(self):
TranslationContext.__init__(self)
self.registers = {
capstone.arm.ARM_REG_R0: r('r0', 32),
capstone.arm.ARM_REG_R1: r('r1', 32),
capstone.arm.ARM_REG_R2: r('r2', 32),
capstone.arm.ARM_REG_R3: r('r3', 32),
capstone.arm.ARM_REG_R4: r('r4', 32),
capstone.arm.ARM_REG_R5: r('r5', 32),
capstone.arm.ARM_REG_R6: r('r6', 32),
capstone.arm.ARM_REG_R7: r('r7', 32),
capstone.arm.ARM_REG_R8: r('r8', 32),
capstone.arm.ARM_REG_R9: r('r9', 32),
capstone.arm.ARM_REG_R10: r('r10', 32),
capstone.arm.ARM_REG_R11: r('r11', 32),
capstone.arm.ARM_REG_R13: r('sp', 32),
capstone.arm.ARM_REG_R14: r('lr', 32),
capstone.arm.ARM_REG_R15: r('pc', 32),
}
self.word_size = 32
self.thumb = False
self.stack_ptr = self.registers[capstone.arm.ARM_REG_R13]
self.link_reg = self.registers[capstone.arm.ARM_REG_R14]
self.program_ctr = self.registers[capstone.arm.ARM_REG_R15]
self.disassembler = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
self.disassembler.detail = True
示例21
def __init__(self):
TranslationContext.__init__(self)
self.registers = {
capstone.arm.ARM_REG_R0: r('r0', 32),
capstone.arm.ARM_REG_R1: r('r1', 32),
capstone.arm.ARM_REG_R2: r('r2', 32),
capstone.arm.ARM_REG_R3: r('r3', 32),
capstone.arm.ARM_REG_R4: r('r4', 32),
capstone.arm.ARM_REG_R5: r('r5', 32),
capstone.arm.ARM_REG_R6: r('r6', 32),
capstone.arm.ARM_REG_R7: r('r7', 32),
capstone.arm.ARM_REG_R8: r('r8', 32),
capstone.arm.ARM_REG_R9: r('r9', 32),
capstone.arm.ARM_REG_R10: r('r10', 32),
capstone.arm.ARM_REG_R11: r('r11', 32),
capstone.arm.ARM_REG_R13: r('sp', 32),
capstone.arm.ARM_REG_R14: r('lr', 32),
capstone.arm.ARM_REG_R15: r('pc', 32),
}
self.word_size = 32
self.thumb = True
self.stack_ptr = self.registers[capstone.arm.ARM_REG_R13]
self.link_reg = self.registers[capstone.arm.ARM_REG_R14]
self.program_ctr = self.registers[capstone.arm.ARM_REG_R15]
self.disassembler = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB)
self.disassembler.detail = True
示例22
def __init__(self):
TranslationContext.__init__(self)
self.registers = {
capstone.x86.X86_REG_EAX: r('eax', 32),
capstone.x86.X86_REG_EBX: r('ebx', 32),
capstone.x86.X86_REG_ECX: r('ecx', 32),
capstone.x86.X86_REG_EDX: r('edx', 32),
capstone.x86.X86_REG_ESI: r('esi', 32),
capstone.x86.X86_REG_EDI: r('edi', 32),
capstone.x86.X86_REG_EBP: r('ebp', 32),
capstone.x86.X86_REG_ESP: r('esp', 32),
capstone.x86.X86_REG_FS: r('fsbase', 32),
capstone.x86.X86_REG_GS: r('gsbase', 32),
capstone.x86.X86_REG_CS: r('csbase', 32),
capstone.x86.X86_REG_SS: r('ssbase', 32),
capstone.x86.X86_REG_DS: r('dsbase', 32),
capstone.x86.X86_REG_ES: r('esbase', 32),
capstone.x86.X86_REG_XMM0: r('xmm0', 128),
capstone.x86.X86_REG_XMM1: r('xmm1', 128),
capstone.x86.X86_REG_XMM2: r('xmm2', 128),
capstone.x86.X86_REG_XMM3: r('xmm3', 128),
capstone.x86.X86_REG_XMM4: r('xmm4', 128),
capstone.x86.X86_REG_XMM5: r('xmm5', 128),
capstone.x86.X86_REG_XMM6: r('xmm6', 128),
capstone.x86.X86_REG_XMM7: r('xmm7', 128),
}
self.word_size = 32
self.accumulator = self.registers[capstone.x86.X86_REG_EAX]
self.base = self.registers[capstone.x86.X86_REG_EBX]
self.counter = self.registers[capstone.x86.X86_REG_ECX]
self.data = self.registers[capstone.x86.X86_REG_EDX]
self.source = self.registers[capstone.x86.X86_REG_ESI]
self.destination = self.registers[capstone.x86.X86_REG_EDI]
self.frame_ptr = self.registers[capstone.x86.X86_REG_EBP]
self.stack_ptr = self.registers[capstone.x86.X86_REG_ESP]
self.disassembler = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
self.disassembler.detail = True
示例23
def disassemble(raw_data: bytearray, mode: int, count: int=-1) -> string:
arch, mode, endian = get_arch_mode("capstone", mode)
cs = capstone.Cs(arch, mode | endian)
if is_x86(mode) and mode.syntax == Syntax.ATT:
cs.syntax = capstone.CS_OPT_SYNTAX_ATT
if count == -1:
insns = ["{:s} {:s}".format(i.mnemonic, i.op_str) for i in cs.disasm(bytes(raw_data), 0x4000)]
else:
insns = []
for idx, ins in enumerate(cs.disasm(bytes(raw_data), 0x4000)):
insns.append("{:s} {:s}".format(ins.mnemonic, ins.op_str))
if idx==count:break
return "\n".join(insns)
示例24
def disassemble_one_instruction(self, code: bytearray, addr: int) -> str:
"""
Returns a string disassembly of the first instruction from `code`.
"""
curarch = self.parent.arch
arch, mode, endian = get_arch_mode("capstone", curarch)
cs = capstone.Cs(arch, mode | endian)
if is_x86(curarch) and curarch.syntax == Syntax.ATT:
cs.syntax = capstone.CS_OPT_SYNTAX_ATT
for i in cs.disasm(bytes(code), addr):
return i
示例25
def disassemble(self, code: bytes, address: int) -> List[DumpAssembly]:
dump_assemblies = []
md = Cs(CS_ARCH_ARM, CS_MODE_ARM)
for i in md.disasm(code, address):
dump_assemblies.append(DumpAssembly(i.address, f'{i.mnemonic}\t{i.op_str}'))
return dump_assemblies
示例26
def cap_disasm(self, ip):
md = capstone.Cs(self.state.project.arch.cs_arch, self.state.project.arch.cs_mode)
r = ""
code = self.state.memory.load(ip, MAX_DISASS_LENGHT*10)
code = self.state.solver.eval(code, cast_to=bytes)
cnt = 0
for i in md.disasm(code, MAX_DISASS_LENGHT*10):
r += "0x%x:\t%s\t%s\n" % (ip + i.address, i.mnemonic, i.op_str)
cnt += 1
if cnt == 18: break
return highlight(r, NasmLexer(), TerminalFormatter())
示例27
def __init__(self, arch, mode):
try:
cap = cs.Cs(arch, mode)
except Exception as e:
raise e
cap.detail = True
cap.syntax = 0
super().__init__(cap)
示例28
def __init__(self, sample):
self.sample = sample
self.clients = []
self.emulator_event = threading.Event()
self.single_instruction = False
self.breakpoints = set()
self.mem_breakpoints = []
self.data_lock = threading.Lock()
self.single_instruction = False
self.apicall_handler = None
self.log_mem_read = False
self.log_mem_write = False
self.log_instr = False
self.log_apicalls = False
self.sections_read = {}
self.sections_written = {}
self.write_targets = []
self.sections_executed = {}
self.apicall_counter = {}
self.start = 0
self.uc = None
self.HOOK_ADDR = 0
self.STACK_ADDR = 0
self.STACK_SIZE = 0
self.PEB_BASE = 0
self.TEB_BASE = 0
self.disassembler = Cs(CS_ARCH_X86, CS_MODE_32)
self.disassembler.detail = True
self.init_uc()
示例29
def __init__(self,arch):
if arch == 'x86':
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
elif arch == 'x86-64':
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
else:
raise NotImplementedError( 'Architecture %s is not supported'%arch )
self.md.detail = True
示例30
def uboot_mux_init(self):
self._mux_name = "set_muxconf_regs"
(self._mux_start, self._mux_end) = utils.get_symbol_location_start_end(self._mux_name,
self.stage)
self._mux_start += 2
self._mux_end -= 2
if self.thumbranges.overlaps_point(self._mux_start):
self.cs = capstone.Cs(CS_ARCH_ARM, CS_MODE_THUMB)
self.cs.detail = True
self._thumb = True
self.emu = Uc(UC_ARCH_ARM, UC_MODE_THUMB)
else:
self.cs = capstone.Cs(CS_ARCH_ARM, CS_MODE_ARM)
self.cs.detail = True
self._thumb = False
self.emu = Uc(UC_ARCH_ARM, UC_MODE_ARM)
entrypoint = self._mux_start
headers = pure_utils.get_section_headers(elf)
for h in headers:
if h['size'] > 0:
codeaddr = h['virtaddr']
break
alignedstart = self._mux_start & 0xFFFFF0000
size = 2*1024*1024
fileoffset = alignedstart
elf = stage.elf
code = open(elf, "rb").read()[self._mux_start-fileoffset:self._mux_end-fileoffset]
hw = Main.get_hardwareclass_config()
for i in hw.addr_range:
if i.begin == 0:
size = i.end
else:
size = i.begin - i.end
self.emu.mem_map(i.begin, size, UC_PROT_ALL)
self.emu.mem_write(self._mux_start, code)
self.emu.reg_write(self.stage.elf.entrypoint, ARM_REG_SP)
