本文整理汇总了Python中capstone.Cs方法的典型用法代码示例。如果您正苦于以下问题:Python capstone.Cs方法的具体用法?Python capstone.Cs怎么用?Python capstone.Cs使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类capstone的用法示例。
在下文中一共展示了capstone.Cs方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _locate_gadgets
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def _locate_gadgets(self, section, terminals, gadget_type):
disassembler = cs.Cs(cs.CS_ARCH_X86, cs.CS_MODE_32)
for terminal in terminals:
matches = [match.start() for match in re.finditer(terminal[0],
section["data"])]
for index in matches:
for i in range(self._options.depth):
gadget = ""
instructions = disassembler.disasm_lite(
section["data"][index-i:index+terminal[1]],
section["vaddr"]+index)
for instruction in instructions:
gadget += (str(instruction[2]) + " " +
str(instruction[3]) + " ; ")
if gadget:
gadget = gadget.replace(" ", " ")
gadget = gadget[:-3]
self._gadgets += [{"vaddr" : section["vaddr"]+index-i,
"insts" : gadget,
"gadget_type" : gadget_type}] 示例2: __init__
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def __init__(self, mode, **kwargs):
super(Capstone, self).__init__(mode, **kwargs)
if self.mode == "I386":
self.cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
elif self.mode == "AMD64":
self.cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
elif self.mode == "MIPS":
self.cs = capstone.Cs(capstone.CS_ARCH_MIPS, capstone.CS_MODE_32 +
capstone.CS_MODE_BIG_ENDIAN)
# This is not really supported yet.
elif self.mode == "ARM":
self.cs = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
else:
raise NotImplementedError(
"No disassembler available for this arch.")
self.cs.detail = True
self.cs.skipdata_setup = ("db", None, None)
self.cs.skipdata = True 示例3: disasm1
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def disasm1(data, addr):
if not data: return
arch_dis = get_arch_dis()
#if 'binaryninja' in sys.modules:
# return utils.disasm1(data, addr, arch_dis)
if arch == 'z80':
from z80dis import z80
decoded = z80.decode(data, addr)
return (z80.disasm(decoded), decoded.len)
else:
import capstone
if arch_dis == 'x86_64':
md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
elif arch_dis == 'x86':
md = capstone.Cs(capstone.CS_ARCH_X86, 0)
gen = md.disasm(data, addr)
insn = next(gen)
return ('%s %s' % (insn.mnemonic, insn.op_str), insn.size) 示例4: init_disassembler_engine
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def init_disassembler_engine(self):
# init state for disasambler
# set capstone, lexer, asmline
arch, mode = self.plugin.hintDisasm()
self.disasm_engine = capstone.Cs(arch, mode)
self.disasm_engine.detail = True
if arch == capstone.CS_ARCH_X86:
Lexer = X86_Lexer()
if arch == capstone.CS_ARCH_ARM and mode in [capstone.CS_MODE_ARM, capstone.CS_MODE_THUMB]:
Lexer = ARM_Lexer()
if arch == capstone.CS_ARCH_ARM64:
Lexer = ARM64_Lexer()
# todo: ASM_ARM_Line?
self.ASMLine = ASMx86Line
Lexer.build()
self.lexer = Lexer.lexer() 示例5: __init__
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def __init__(self, arch, mode):
self.arch = arch
self.mode = mode
self.capstone = Cs(self.arch, self.mode)
self.prologues = {
# Triple backslash (\\\) are needed to escape bytes in the compiled regex
CS_MODE_32: [
b"\x55\x89\xE5", # push ebp & mov ebp, esp
b"\x55\x8B\xEC", # push ebp & mov ebp, esp
b"\x55\x8b\x6c\x24", # push ebp & mov ebp, [esp+?]
],
CS_MODE_64: [
b"\x55\x48\x89\xE5", # push rbp & mov rbp, rsp
]
}[mode]
self.conditional_jmp_mnemonics = {'jz', 'je', 'jcxz', 'jecxz', 'jrcxz', 'jnz', 'jp', 'jpe', 'jnp', 'ja', 'jae', 'jb', 'jbe', 'jg', 'jge', 'jl', 'jle', 'js', 'jns', 'jo', 'jno', 'jecxz', 'loop', 'loopne', 'loope', 'jne'}
self.x86_32_registers = {'eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'esp', 'ebp'}
self.max_instruction_size = 16 示例6: _cs_disassemble_one
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def _cs_disassemble_one(self, data, address):
"""Disassemble the data into an instruction in string form.
"""
disasm = list(self._disassembler.disasm(bytes(data), address))
# TODO: Improve this check.
if len(disasm) > 0:
return disasm[0]
else:
cs_arm = Cs(CS_ARCH_ARM, CS_MODE_ARM)
cs_arm.detail = True
disasm = list(cs_arm.disasm(bytes(data), address))
if len(disasm) > 0:
return disasm[0]
else:
raise InvalidDisassemblerData("CAPSTONE: Unknown instruction (Addr: {:s}).".format(hex(address))) 示例7: __setup_available_disassemblers
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def __setup_available_disassemblers(self):
arch_map = {
ARCH_ARM_MODE_ARM: CS_MODE_ARM,
ARCH_ARM_MODE_THUMB: CS_MODE_THUMB,
}
self._available_disassemblers = {
ARCH_ARM_MODE_ARM: Cs(CS_ARCH_ARM, arch_map[ARCH_ARM_MODE_ARM]),
ARCH_ARM_MODE_THUMB: Cs(CS_ARCH_ARM, arch_map[ARCH_ARM_MODE_THUMB]),
}
self._available_disassemblers[ARCH_ARM_MODE_ARM].detail = True
self._available_disassemblers[ARCH_ARM_MODE_THUMB].detail = True
# Casptone to BARF translation
# ======================================================================== # 示例8: __init__
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_ARM, uc.UC_MODE_ARM)
self.disasm = cs.Cs(cs.CS_ARCH_ARM, cs.CS_MODE_ARM | cs.CS_MODE_THUMB)
self.disasm.detail = True
self.word_size = 4
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.arm_const.UC_ARM_REG_PC
known_regs = [i[len('UC_ARM_REG_'):] for i in dir(uc.arm_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.arm_const, 'UC_ARM_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack() 示例9: __init__
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def __init__(self, trace=True, sca_mode=False, local_vars=[]):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_ARM64, uc.UC_MODE_ARM)
self.disasm = cs.Cs(cs.CS_ARCH_ARM64, cs.CS_MODE_ARM)
self.disasm.detail = True
self.word_size = 8
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.arm64_const.UC_ARM64_REG_PC
known_regs = [i[len('UC_ARM64_REG_'):] for i in dir(uc.arm64_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.arm64_const, 'UC_ARM64_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack() 示例10: __init__
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_M68K, uc.UC_MODE_BIG_ENDIAN)
self.disasm = cs.Cs(cs.CS_ARCH_M68K, cs.CS_MODE_M68K_000)
self.disasm.detail = True
self.word_size = 4
self.endianness = "big"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.m68k_const.UC_M68K_REG_PC
known_regs = [i[len('UC_M68K_REG_'):] for i in dir(uc.m68k_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.m68k_const, 'UC_M68K_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack() 示例11: __init__
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_X86, uc.UC_MODE_64)
self.disasm = cs.Cs(cs.CS_ARCH_X86, cs.CS_MODE_64)
self.disasm.detail = True
self.word_size = 8
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.x86_const.UC_X86_REG_RIP
# workaround for capstone 4
uc.x86_const.UC_X86_REG_RFLAGS = uc.x86_const.UC_X86_REG_EFLAGS
known_regs = [i[len('UC_X86_REG_'):] for i in dir(uc.x86_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.x86_const, 'UC_X86_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack() 示例12: __init__
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_ARM, uc.UC_MODE_THUMB | uc.UC_MODE_MCLASS)
self.disasm = cs.Cs(cs.CS_ARCH_ARM, cs.CS_MODE_THUMB | cs.CS_MODE_MCLASS)
self.disasm.detail = True
self.word_size = 4
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.arm_const.UC_ARM_REG_PC
known_regs = [i[len('UC_ARM_REG_'):] for i in dir(uc.arm_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.arm_const, 'UC_ARM_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()
# Force mapping of those addresses so that
# exception returns can be caught in the base
# block hook rather than a code fetch hook
self.map_space(0xfffffff0, 0xffffffff)
self.emu.hook_add(uc.UC_HOOK_INTR, self.intr_hook) 示例13: _set_arch
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def _set_arch(self, arch, *modes):
"""
Try and set the current architecture
"""
try:
a = self.valid_archs[''.join(['CS_ARCH_', arch.upper()])]
if a is None:
l.error("Invalid architecture selected - run lsarch for valid options")
return False
ms = [self.modes[''.join(['CS_MODE_', m.upper()])] for m in modes]
except KeyError:
l.error("ERROR: Invalid architecture or mode string specified")
return False
try:
_cs = cs.Cs(a, sum(ms))
self._arch = (arch, modes)
l.debug("Architecture set to %s, mode(s): %s", arch, ', '.join(modes))
self._cs = _cs
except cs.CsError as e:
l.error("ERROR: %s", e)
return False
return True 示例14: find_rr_writes_capstone
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def find_rr_writes_capstone(address, data):
#print 'Using capstone'
cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
cs.detail = True
writes = []
for insn in cs.disasm(data, address):
if insn.mnemonic[:3] == 'ret':
break
if insn.mnemonic[:3] != 'mov':
continue
# potential write
opnd = insn.operands[0]
if opnd.type != csx86.X86_OP_MEM:
continue
if opnd.mem.base != csx86.X86_REG_RIP:
continue
# RIP-relative write
writes.append((insn.address + insn.size + opnd.mem.disp, opnd.size))
return writes
# Consolidate contiguous writes into single segments 示例15: set_mode
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import Cs [as 别名]
def set_mode(self, mode):
if mode == UC_MODE_32:
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
self.reg_rsp = UC_X86_REG_ESP
self.reg_rbp = UC_X86_REG_EBP
self.reg_rip = UC_X86_REG_EIP
elif mode == UC_MODE_64:
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
self.reg_rsp = UC_X86_REG_RSP
self.reg_rbp = UC_X86_REG_RBP
self.reg_rip = UC_X86_REG_RIP
elif mode == UC_MODE_16:
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_16)
self.reg_rsp = UC_X86_REG_SP
self.reg_rbp = UC_X86_REG_BP
self.reg_rip = UC_X86_REG_IP
else:
raise Exception('Unknown x86 mode: %d' % mode)
self.mode = mode