本文整理汇总了Python中capstone.x86方法的典型用法代码示例。如果您正苦于以下问题:Python capstone.x86方法的具体用法?Python capstone.x86怎么用?Python capstone.x86使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类capstone
的用法示例。
在下文中一共展示了capstone.x86方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: branchAddress
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import x86 [as 别名]
def branchAddress(self):
raise "not implemented"
# represents x86 asm line
示例2: referencedString
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import x86 [as 别名]
def referencedString(self):
# get referenced string
if self._refString != None:
return self._refString
asm = self._asm
self._refString = ''
# PUSH <imm>
if asm.id == capstone.x86.X86_INS_PUSH:
if len(asm.operands) == 1:
o = asm.operands[0]
if o.type == capstone.x86.X86_OP_IMM:
value = o.imm
self._refString = self._plugin.stringFromVA(value)
# [RIP + <imm>]
if len(asm.operands) > 1:
o = asm.operands[1]
if o.type == capstone.x86.X86_OP_MEM:
if o.mem.base == capstone.x86.X86_REG_RIP:
x = asm.address + asm.size + o.mem.disp
self._refString = self._plugin.stringFromVA(x)
return self._refString
示例3: symbol
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import x86 [as 别名]
def symbol(self):
# get symbol from plugin (for API calls for eg.)
if self._symbol != None:
return self._symbol
# get symbol
if self.ingroup([capstone.x86.X86_GRP_CALL]):
value = None
asm = self._asm
for o in asm.operands:
if o.type == capstone.x86.X86_OP_IMM:
value = o.imm
if o.type == capstone.x86.X86_OP_MEM:
# todo: should we consider other reg relative ??
if o.mem.base == capstone.x86.X86_REG_RIP:
value = o.mem.disp + asm.size + asm.address
# mainly 32bit
if o.mem.base == capstone.x86.X86_REG_INVALID:
value = o.mem.disp
if value:
sym = self._plugin.disasmSymbol(value)
if sym:
self._symbol = sym
return self._symbol
示例4: isBranch
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import x86 [as 别名]
def isBranch(self):
return self.ingroup([capstone.x86.X86_GRP_JUMP, capstone.x86.X86_GRP_CALL])
示例5: fill_reg_map
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import x86 [as 别名]
def fill_reg_map():
# TODO: Support more architectures
for attr in dir(capstone.x86):
if attr.startswith('X86_REG_'):
reg_name = attr[8:]
reg_offset = getattr(capstone.x86, attr)
CAPSTONE_REG_MAP['X86'][reg_offset] = reg_name.lower()
for attr in dir(capstone.x86):
if attr.startswith('X86_REG_'):
reg_name = attr[8:]
reg_offset = getattr(capstone.x86, attr)
CAPSTONE_REG_MAP['AMD64'][reg_offset] = reg_name.lower()
示例6: _checkCode
# 需要导入模块: import capstone [as 别名]
# 或者: from capstone import x86 [as 别名]
def _checkCode(self, rawCode):
md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_16)
md.detail = True
checkJmp = True
for i in md.disasm(rawCode, 0):
# Check for JUMPs and CALLs before the first PUSH/RET.
if checkJmp and len(i.groups) > 0:
# Group check if available
if hasattr(capstone.x86, 'X86_GRP_CALL') and hasattr(capstone.x86, 'X86_GRP_RET'):
if capstone.x86.X86_GRP_CALL in i.groups or capstone.x86.X86_GRP_JUMP in i.groups:
self._suspiciousBehaviour.append('JMP or CALL before relocation')
checkJmp = False
elif capstone.x86.X86_GRP_RET in i.groups:
# Stop search after the first PUSH/RET
checkJmp = False
# Manual check in case capstone version doesn't support CALL and RET groups
else:
if i.mnemonic[0] == 'j' or i.mnemonic == 'call':
self._suspiciousBehaviour.append('JMP or CALL before relocation')
checkJmp = False
elif i.mnemonic[:3] == 'ret':
# Stop search after the first PUSH/RET
checkJmp = False
# Check for unknown interrupt
if i.mnemonic == 'int' and i.bytes[1] not in (0x10, 0x13, 0x18, 0x1a):
self._suspiciousBehaviour.append('Unknown Interrupt : {0:#x}'.format(i.bytes[1]))