本文整理匯總了Python中capstone.CS_MODE_32屬性的典型用法代碼示例。如果您正苦於以下問題:Python capstone.CS_MODE_32屬性的具體用法?Python capstone.CS_MODE_32怎麽用?Python capstone.CS_MODE_32使用的例子?那麽, 這裏精選的屬性代碼示例或許可以為您提供幫助。您也可以進一步了解該屬性所在類capstone的用法示例。
在下文中一共展示了capstone.CS_MODE_32屬性的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: _locate_gadgets
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def _locate_gadgets(self, section, terminals, gadget_type):
disassembler = cs.Cs(cs.CS_ARCH_X86, cs.CS_MODE_32)
for terminal in terminals:
matches = [match.start() for match in re.finditer(terminal[0],
section["data"])]
for index in matches:
for i in range(self._options.depth):
gadget = ""
instructions = disassembler.disasm_lite(
section["data"][index-i:index+terminal[1]],
section["vaddr"]+index)
for instruction in instructions:
gadget += (str(instruction[2]) + " " +
str(instruction[3]) + " ; ")
if gadget:
gadget = gadget.replace(" ", " ")
gadget = gadget[:-3]
self._gadgets += [{"vaddr" : section["vaddr"]+index-i,
"insts" : gadget,
"gadget_type" : gadget_type}] 示例2: __init__
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def __init__(self, mode, **kwargs):
super(Capstone, self).__init__(mode, **kwargs)
if self.mode == "I386":
self.cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
elif self.mode == "AMD64":
self.cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
elif self.mode == "MIPS":
self.cs = capstone.Cs(capstone.CS_ARCH_MIPS, capstone.CS_MODE_32 +
capstone.CS_MODE_BIG_ENDIAN)
# This is not really supported yet.
elif self.mode == "ARM":
self.cs = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
else:
raise NotImplementedError(
"No disassembler available for this arch.")
self.cs.detail = True
self.cs.skipdata_setup = ("db", None, None)
self.cs.skipdata = True 示例3: __init__
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def __init__(self, arch, mode):
self.arch = arch
self.mode = mode
self.capstone = Cs(self.arch, self.mode)
self.prologues = {
# Triple backslash (\\\) are needed to escape bytes in the compiled regex
CS_MODE_32: [
b"\x55\x89\xE5", # push ebp & mov ebp, esp
b"\x55\x8B\xEC", # push ebp & mov ebp, esp
b"\x55\x8b\x6c\x24", # push ebp & mov ebp, [esp+?]
],
CS_MODE_64: [
b"\x55\x48\x89\xE5", # push rbp & mov rbp, rsp
]
}[mode]
self.conditional_jmp_mnemonics = {'jz', 'je', 'jcxz', 'jecxz', 'jrcxz', 'jnz', 'jp', 'jpe', 'jnp', 'ja', 'jae', 'jb', 'jbe', 'jg', 'jge', 'jl', 'jle', 'js', 'jns', 'jo', 'jno', 'jecxz', 'loop', 'loopne', 'loope', 'jne'}
self.x86_32_registers = {'eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'esp', 'ebp'}
self.max_instruction_size = 16 示例4: __init__
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_X86, uc.UC_MODE_32)
self.disasm = cs.Cs(cs.CS_ARCH_X86, cs.CS_MODE_32)
self.disasm.detail = True
self.word_size = 4
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.x86_const.UC_X86_REG_EIP
known_regs = [i[len('UC_X86_REG_'):] for i in dir(uc.x86_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.x86_const, 'UC_X86_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack() 示例5: set_mode
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def set_mode(self, mode):
if mode == UC_MODE_32:
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
self.reg_rsp = UC_X86_REG_ESP
self.reg_rbp = UC_X86_REG_EBP
self.reg_rip = UC_X86_REG_EIP
elif mode == UC_MODE_64:
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
self.reg_rsp = UC_X86_REG_RSP
self.reg_rbp = UC_X86_REG_RBP
self.reg_rip = UC_X86_REG_RIP
elif mode == UC_MODE_16:
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_16)
self.reg_rsp = UC_X86_REG_SP
self.reg_rbp = UC_X86_REG_BP
self.reg_rip = UC_X86_REG_IP
else:
raise Exception('Unknown x86 mode: %d' % mode)
self.mode = mode 示例6: _import_dependencies
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def _import_dependencies(self):
# Load the Capstone bindings.
global capstone
if capstone is None:
import capstone
# Load the constants for the requested architecture.
self.__constants = {
win32.ARCH_I386:
(capstone.CS_ARCH_X86, capstone.CS_MODE_32),
win32.ARCH_AMD64:
(capstone.CS_ARCH_X86, capstone.CS_MODE_64),
win32.ARCH_THUMB:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB),
win32.ARCH_ARM:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM),
win32.ARCH_ARM64:
(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM),
}
# Test for the bug in early versions of Capstone.
# If found, warn the user about it.
try:
self.__bug = not isinstance(
capstone.cs_disasm_quick(
capstone.CS_ARCH_X86, capstone.CS_MODE_32, "\x90", 1)[0],
capstone.capstone.CsInsn)
except AttributeError:
self.__bug = False
if self.__bug:
warnings.warn(
"This version of the Capstone bindings is unstable,"
" please upgrade to a newer one!",
RuntimeWarning, stacklevel=4) 示例7: extract
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def extract(self):
"""Extract the control flow graph from the binary."""
# Allocate a new graph
self.graph = graph_alloc(0)
# Initialize binary info
self.info = get_inf_structure()
# Initialize Capstone
if self.info.is_64bit():
mode = capstone.CS_MODE_64
else:
mode = capstone.CS_MODE_32
self.capstone = capstone.Cs(capstone.CS_ARCH_X86, mode)
# Get the Entry Point
entry = None
try:
start_ea = self.info.start_ea
if start_ea != 0xffffffff:
entry = start_ea
except:
try:
entry = BeginEA()
except:
pass
if entry is None:
print("WARNING: Could not determine entrypoint")
else:
self.dis(ea=entry, is_child1=None, ifrom=None)
# Scan all the functions
for ea in Functions():
self.dis(ea=ea, is_child1=None, ifrom=None)
update_children_fathers_number(self.graph)
# Information
print("%s graph has %d nodes" % (get_root_filename(),
self.graph.nodes.size)) 示例8: disassemble_raw
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def disassemble_raw(raw_data = None, raw_path = None, dot_path = None, print_listing=False, readable=False,
raw_64=False, entrypoint=None, verbose=False):
if raw_data is None and raw_path is None:
print("ERROR: Missing PE path or data.")
return None
if raw_data is None:
raw_data = open(raw_path, "rb").read()
arch = CS_ARCH_X86
mode = CS_MODE_64 if raw_64 else CS_MODE_32
if entrypoint is not None:
oep_offset = entrypoint
else:
oep_offset = 0
iat_dict = dict()
disass = RawDisassembler(arch=arch, mode=mode)
insts = disass.dis(data=raw_data, offset=oep_offset, iat_api=iat_dict, bin_instance=None, verbose=verbose)
if dot_path is not None:
dot = disass.export_to_dot(insts=insts, oep_offset=oep_offset, displayable=readable)
write_to_file(dot_path, dot)
if print_listing:
disass.display(insts, offset_from=0)
return True 示例9: __init__
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def __init__(self):
TranslationContext.__init__(self)
self.registers = {
capstone.x86.X86_REG_EAX: r('eax', 32),
capstone.x86.X86_REG_EBX: r('ebx', 32),
capstone.x86.X86_REG_ECX: r('ecx', 32),
capstone.x86.X86_REG_EDX: r('edx', 32),
capstone.x86.X86_REG_ESI: r('esi', 32),
capstone.x86.X86_REG_EDI: r('edi', 32),
capstone.x86.X86_REG_EBP: r('ebp', 32),
capstone.x86.X86_REG_ESP: r('esp', 32),
capstone.x86.X86_REG_FS: r('fsbase', 32),
capstone.x86.X86_REG_GS: r('gsbase', 32),
capstone.x86.X86_REG_CS: r('csbase', 32),
capstone.x86.X86_REG_SS: r('ssbase', 32),
capstone.x86.X86_REG_DS: r('dsbase', 32),
capstone.x86.X86_REG_ES: r('esbase', 32),
capstone.x86.X86_REG_XMM0: r('xmm0', 128),
capstone.x86.X86_REG_XMM1: r('xmm1', 128),
capstone.x86.X86_REG_XMM2: r('xmm2', 128),
capstone.x86.X86_REG_XMM3: r('xmm3', 128),
capstone.x86.X86_REG_XMM4: r('xmm4', 128),
capstone.x86.X86_REG_XMM5: r('xmm5', 128),
capstone.x86.X86_REG_XMM6: r('xmm6', 128),
capstone.x86.X86_REG_XMM7: r('xmm7', 128),
}
self.word_size = 32
self.accumulator = self.registers[capstone.x86.X86_REG_EAX]
self.base = self.registers[capstone.x86.X86_REG_EBX]
self.counter = self.registers[capstone.x86.X86_REG_ECX]
self.data = self.registers[capstone.x86.X86_REG_EDX]
self.source = self.registers[capstone.x86.X86_REG_ESI]
self.destination = self.registers[capstone.x86.X86_REG_EDI]
self.frame_ptr = self.registers[capstone.x86.X86_REG_EBP]
self.stack_ptr = self.registers[capstone.x86.X86_REG_ESP]
self.disassembler = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
self.disassembler.detail = True 示例10: __init__
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def __init__(self, arch = None):
super(CapstoneEngine, self).__init__(arch)
# Load the constants for the requested architecture.
self.__constants = {
win32.ARCH_I386:
(capstone.CS_ARCH_X86, capstone.CS_MODE_32),
win32.ARCH_AMD64:
(capstone.CS_ARCH_X86, capstone.CS_MODE_64),
win32.ARCH_THUMB:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB),
win32.ARCH_ARM:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM),
win32.ARCH_ARM64:
(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM),
}
# Test for the bug in early versions of Capstone.
# If found, warn the user about it.
try:
self.__bug = not isinstance(
list(capstone.cs_disasm_quick(
capstone.CS_ARCH_X86, capstone.CS_MODE_32, "\x90", 1
))[0],
capstone.capstone.CsInsn
)
except AttributeError:
self.__bug = False
if self.__bug:
warnings.warn(
"This version of the Capstone bindings is unstable,"
" please upgrade to a newer one!",
RuntimeWarning, stacklevel=4) 示例11: __init__
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def __init__(self, sample):
self.sample = sample
self.clients = []
self.emulator_event = threading.Event()
self.single_instruction = False
self.breakpoints = set()
self.mem_breakpoints = []
self.data_lock = threading.Lock()
self.single_instruction = False
self.apicall_handler = None
self.log_mem_read = False
self.log_mem_write = False
self.log_instr = False
self.log_apicalls = False
self.sections_read = {}
self.sections_written = {}
self.write_targets = []
self.sections_executed = {}
self.apicall_counter = {}
self.start = 0
self.uc = None
self.HOOK_ADDR = 0
self.STACK_ADDR = 0
self.STACK_SIZE = 0
self.PEB_BASE = 0
self.TEB_BASE = 0
self.disassembler = Cs(CS_ARCH_X86, CS_MODE_32)
self.disassembler.detail = True
self.init_uc() 示例12: __init__
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def __init__(self,arch):
if arch == 'x86':
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
elif arch == 'x86-64':
self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
else:
raise NotImplementedError( 'Architecture %s is not supported'%arch )
self.md.detail = True 示例13: _initCapstone
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def _initCapstone(self):
self.capstone = Cs(CS_ARCH_X86, CS_MODE_64) if self.disassembly.binary_info.bitness == 64 else Cs(CS_ARCH_X86, CS_MODE_32) 示例14: init
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def init(self, disassembly):
if disassembly.binary_info.code_areas:
self._code_areas = disassembly.binary_info.code_areas
self.disassembly = disassembly
self.lang_analyzer = LanguageAnalyzer(disassembly)
self.disassembly.language = self.lang_analyzer.identify()
self.bitness = disassembly.binary_info.bitness
self.capstone = Cs(CS_ARCH_X86, CS_MODE_32)
if self.bitness == 64:
self.capstone = Cs(CS_ARCH_X86, CS_MODE_64)
self.locateCandidates()
self.disassembly.identified_alignment = self.identified_alignment
self._buildQueue() 示例15: _initCapstone
# 需要導入模塊: import capstone [as 別名]
# 或者: from capstone import CS_MODE_32 [as 別名]
def _initCapstone(self):
self.capstone = Cs(CS_ARCH_X86, CS_MODE_32)
if self.bitness == 64:
self.capstone = Cs(CS_ARCH_X86, CS_MODE_64)