Python keystone.Ks方法代码示例

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def assemble(asm_code: string, mode: int) -> Tuple[bytearray, int]:
    """
    Helper function to assemble code receive in parameter `asm_code` using Keystone.

    @param asm_code : assembly code in bytes (multiple instructions must be separated by ';')
    @param mode : defines the mode to use Keystone with
    @return a tuple of bytecodes as bytearray, along with the number of instruction compiled. If failed, the
    bytearray will be empty, the count of instruction will be the negative number for the faulty line.
    """
    arch, mode, endian = get_arch_mode("keystone", mode)
    ks = keystone.Ks(arch, mode | endian)
    if is_x86(mode) and mode.syntax == Syntax.ATT:
        ks.syntax = keystone.KS_OPT_SYNTAX_ATT

    try:
        bytecode, cnt = ks.asm(asm_code, as_bytes=True)
    except keystone.keystone.KsError as kse:
        return (b'', kse.get_asm_count())

    return (bytecode, cnt) 

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def _ks_assemble(asm: str, mode=CS_MODE_ARM) -> bytes:
    """Assemble the given string using Keystone using the specified CPU mode."""
    # Explicitly uses late importing so that Keystone will only be imported if this is called.
    # This lets us avoid requiring installation of Keystone for running tests.
    global ks, ks_thumb
    from keystone import Ks, KS_ARCH_ARM, KS_MODE_ARM, KS_MODE_THUMB

    if ks is None:
        ks = Ks(KS_ARCH_ARM, KS_MODE_ARM)
    if ks_thumb is None:
        ks_thumb = Ks(KS_ARCH_ARM, KS_MODE_THUMB)

    if CS_MODE_ARM == mode:
        ords = ks.asm(asm)[0]
    elif CS_MODE_THUMB == mode:
        ords = ks_thumb.asm(asm)[0]
    else:
        raise Exception(f"bad processor mode for assembly: {mode}")
    if not ords:
        raise Exception(f"bad assembly: {asm}")
    return binascii.hexlify(bytearray(ords)) 

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def _ks_assemble(asm: str, mode=CS_MODE_ARM) -> bytes:
    """Assemble the given string using Keystone using the specified CPU mode."""
    # Explicitly uses late importing so that Keystone will only be imported if this is called.
    # This lets us avoid requiring installation of Keystone for running tests.
    global ks, ks_thumb
    from keystone import Ks, KS_ARCH_ARM, KS_MODE_ARM, KS_MODE_THUMB

    if ks is None:
        ks = Ks(KS_ARCH_ARM, KS_MODE_ARM)
    if ks_thumb is None:
        ks_thumb = Ks(KS_ARCH_ARM, KS_MODE_THUMB)

    if CS_MODE_ARM == mode:
        ords = ks.asm(asm)[0]

    elif CS_MODE_THUMB == mode:
        ords = ks_thumb.asm(asm)[0]
    else:
        raise Exception(f"bad processor mode for assembly: {mode}")
    if not ords:
        raise Exception(f"bad assembly: {asm}")
    return binascii.hexlify(bytearray(ords)) 

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def _set_arch(self, arch, *modes):
        """
        Try and set the current architecture
        """
        try:
            a = self.valid_archs[''.join(['KS_ARCH_', arch.upper()])]
            if a is None:
                l.error("Invalid architecture selected - run lsarch for valid options")
                return False
            ms = [self.modes[''.join(['KS_MODE_', m.upper()])] for m in modes]
        except KeyError:
            l.error("ERROR: Invalid architecture or mode string specified")
            return False
        try:
            _ks = ks.Ks(a, sum(ms))
            self._arch = (arch, modes)
            l.debug("Architecture set to %s, mode(s): %s", arch, ', '.join(modes))
            self._ks = _ks
        except ks.KsError as e:
            l.error("ERROR: %s", e)
            return False
        return True 

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def __init__(self):
        super(AsmBase, self).__init__()
        # Initialize keystone and capstone as soon as an instance
        # of this plugin will be created.
        if not keystone:
            self.log.debug('Keystone is required for ' + self.__class__.__name__)
            return
        if not capstone:
            self.log.debug('Capstone is required for ' + self.__class__.__name__)
            return
        if getattr(self, 'args', None) and self.args and getattr(self.args, 'bigendian', None) \
                and self.args.bigendian:
            self.ks = keystone.Ks(self.keystone_arch,
                                  self.keystone_mode + keystone.KS_MODE_BIG_ENDIAN)
            self.cs = capstone.Cs(self.capstone_arch,
                                  capstone.CS_MODE_BIG_ENDIAN)
        else:
            self.ks = keystone.Ks(self.keystone_arch,
                                  self.keystone_mode + keystone.KS_MODE_LITTLE_ENDIAN)
            self.cs = capstone.Cs(self.capstone_arch,
                                  capstone.CS_MODE_LITTLE_ENDIAN) 

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def get_function(code):
    import keystone as ks

    ksa = ks.Ks(ks.KS_ARCH_X86, ks.KS_MODE_64)
    ksa.syntax = ks.KS_OPT_SYNTAX_ATT
    asm, count = ksa.asm(code)

    asm = bytes(asm)

    func = Function("P7AllocTrace", 0x1000, len(asm), asm)
    func.disasm()

    container = Container()
    container.add_function(func)

    return container 

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def assemble(code, addr = 0, mode = keystone.KS_MODE_32):
    """
    assemble asm code for inline hook
    """

    ks = keystone.Ks(keystone.KS_ARCH_X86, mode)
    encoding, count = ks.asm(code, addr)
    buf = ''.join(chr(c) for c in encoding)
    return buf, count 

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def get_function(code):
    import keystone as ks

    ksa = ks.Ks(ks.KS_ARCH_X86, ks.KS_MODE_64)
    ksa.syntax = ks.KS_OPT_SYNTAX_ATT
    asm, count = ksa.asm(code)

    asm = bytes(asm)

    func = Function("DYNCODE", 0x1000, len(asm), asm)

    container = Container()
    container.add_function(func)

    return container 

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def patch_code(self, instructions='ret;',va=0):
        """ put instruction(s), at the end of the basic block specified"""
        #TODO: get capstone instruction at the end of the basic_block
        try:
            k = ks.Ks(ks.KS_ARCH_X86, ks.KS_MODE_32)
            encoding, count = k.asm(instructions, va+self.OPTIONAL_HEADER.ImageBase)
        except ks.KsError as e:
            l.error("Error! %s", e)
            raise

        if not self.set_bytes_at_rva(va, ''.join(map(chr, encoding))):
            raise Exception('Cannot patch bytes at %x!', va) 

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def keystone(self):
        """
        A Keystone instance for this arch
        """
        if self._ks is None:
            if _keystone is None:
                l.warning("Keystone is not installed!")
                return None
            if self.ks_arch is None:
                raise ArchError("Arch %s does not support disassembly with Keystone" % self.name)
            self._ks = _keystone.Ks(self.ks_arch, self.ks_mode)
            self._configure_keystone()
        return self._ks 

# 需要导入模块: import keystone [as 别名]
# 或者: from keystone import Ks [as 别名]
def keystone_thumb(self):
        if _keystone is None:
            l.warning("Keystone is not installed!")
            return None
        if self._ks_thumb is None:
            self._ks_thumb = _keystone.Ks(self.ks_arch, _keystone.KS_MODE_THUMB)
        return self._ks_thumb