Python capstone.CS_ARCH_X86 Examples
The following are 10
code examples of capstone.CS_ARCH_X86().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
capstone
, or try the search function
.
.
Example #1
| Source File: DisasmViewMode.py From qiew with GNU General Public License v2.0 | 6 votes |
|
def init_disassembler_engine(self):
# init state for disasambler
# set capstone, lexer, asmline
arch, mode = self.plugin.hintDisasm()
self.disasm_engine = capstone.Cs(arch, mode)
self.disasm_engine.detail = True
if arch == capstone.CS_ARCH_X86:
Lexer = X86_Lexer()
if arch == capstone.CS_ARCH_ARM and mode in [capstone.CS_MODE_ARM, capstone.CS_MODE_THUMB]:
Lexer = ARM_Lexer()
if arch == capstone.CS_ARCH_ARM64:
Lexer = ARM64_Lexer()
# todo: ASM_ARM_Line?
self.ASMLine = ASMx86Line
Lexer.build()
self.lexer = Lexer.lexer()
Example #2
| Source File: abstractcpu.py From manticore with GNU Affero General Public License v3.0 | 6 votes |
|
def _reg_name(self, reg_id: int):
"""
Translates a register ID from the disassembler object into the
register name based on manticore's alias in the register file
:param reg_id: Register ID
"""
# XXX: Support other architectures.
if (
(self.cpu.arch == CS_ARCH_ARM64 and reg_id >= ARM64_REG_ENDING)
or (self.cpu.arch == CS_ARCH_X86 and reg_id >= X86_REG_ENDING)
or (self.cpu.arch == CS_ARCH_ARM and reg_id >= ARM_REG_ENDING)
):
logger.warning("Trying to get register name for a non-register")
return None
cs_reg_name = self.cpu.instruction.reg_name(reg_id)
if cs_reg_name is None or cs_reg_name.lower() == "(invalid)":
return None
return self.cpu._regfile._alias(cs_reg_name.upper())
Example #3
| Source File: disasm.py From PyDev.Debugger with Eclipse Public License 1.0 | 5 votes |
|
def _import_dependencies(self):
# Load the Capstone bindings.
global capstone
if capstone is None:
import capstone
# Load the constants for the requested architecture.
self.__constants = {
win32.ARCH_I386:
(capstone.CS_ARCH_X86, capstone.CS_MODE_32),
win32.ARCH_AMD64:
(capstone.CS_ARCH_X86, capstone.CS_MODE_64),
win32.ARCH_THUMB:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB),
win32.ARCH_ARM:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM),
win32.ARCH_ARM64:
(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM),
}
# Test for the bug in early versions of Capstone.
# If found, warn the user about it.
try:
self.__bug = not isinstance(
capstone.cs_disasm_quick(
capstone.CS_ARCH_X86, capstone.CS_MODE_32, "\x90", 1)[0],
capstone.capstone.CsInsn)
except AttributeError:
self.__bug = False
if self.__bug:
warnings.warn(
"This version of the Capstone bindings is unstable,"
" please upgrade to a newer one!",
RuntimeWarning, stacklevel=4)
Example #4
| Source File: disasm.py From OpenXMolar with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def __init__(self, arch = None):
super(CapstoneEngine, self).__init__(arch)
# Load the constants for the requested architecture.
self.__constants = {
win32.ARCH_I386:
(capstone.CS_ARCH_X86, capstone.CS_MODE_32),
win32.ARCH_AMD64:
(capstone.CS_ARCH_X86, capstone.CS_MODE_64),
win32.ARCH_THUMB:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB),
win32.ARCH_ARM:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM),
win32.ARCH_ARM64:
(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM),
}
# Test for the bug in early versions of Capstone.
# If found, warn the user about it.
try:
self.__bug = not isinstance(
list(capstone.cs_disasm_quick(
capstone.CS_ARCH_X86, capstone.CS_MODE_32, "\x90", 1
))[0],
capstone.capstone.CsInsn
)
except AttributeError:
self.__bug = False
if self.__bug:
warnings.warn(
"This version of the Capstone bindings is unstable,"
" please upgrade to a newer one!",
RuntimeWarning, stacklevel=4)
Example #5
| Source File: core.py From unipacker with GNU General Public License v2.0 | 5 votes |
|
def __init__(self, sample):
self.sample = sample
self.clients = []
self.emulator_event = threading.Event()
self.single_instruction = False
self.breakpoints = set()
self.mem_breakpoints = []
self.data_lock = threading.Lock()
self.single_instruction = False
self.apicall_handler = None
self.log_mem_read = False
self.log_mem_write = False
self.log_instr = False
self.log_apicalls = False
self.sections_read = {}
self.sections_written = {}
self.write_targets = []
self.sections_executed = {}
self.apicall_counter = {}
self.start = 0
self.uc = None
self.HOOK_ADDR = 0
self.STACK_ADDR = 0
self.STACK_SIZE = 0
self.PEB_BASE = 0
self.TEB_BASE = 0
self.disassembler = Cs(CS_ARCH_X86, CS_MODE_32)
self.disassembler.detail = True
self.init_uc()
Example #6
| Source File: disasm.py From filmkodi with Apache License 2.0 | 5 votes |
|
def _import_dependencies(self):
# Load the Capstone bindings.
global capstone
if capstone is None:
import capstone
# Load the constants for the requested architecture.
self.__constants = {
win32.ARCH_I386:
(capstone.CS_ARCH_X86, capstone.CS_MODE_32),
win32.ARCH_AMD64:
(capstone.CS_ARCH_X86, capstone.CS_MODE_64),
win32.ARCH_THUMB:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB),
win32.ARCH_ARM:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM),
win32.ARCH_ARM64:
(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM),
}
# Test for the bug in early versions of Capstone.
# If found, warn the user about it.
try:
self.__bug = not isinstance(
capstone.cs_disasm_quick(
capstone.CS_ARCH_X86, capstone.CS_MODE_32, "\x90", 1)[0],
capstone.capstone.CsInsn)
except AttributeError:
self.__bug = False
if self.__bug:
warnings.warn(
"This version of the Capstone bindings is unstable,"
" please upgrade to a newer one!",
RuntimeWarning, stacklevel=4)
Example #7
| Source File: IntelDisassembler.py From smda with BSD 2-Clause "Simplified" License | 5 votes |
|
def _initCapstone(self):
self.capstone = Cs(CS_ARCH_X86, CS_MODE_64) if self.disassembly.binary_info.bitness == 64 else Cs(CS_ARCH_X86, CS_MODE_32)
Example #8
| Source File: FunctionCandidateManager.py From smda with BSD 2-Clause "Simplified" License | 5 votes |
|
def init(self, disassembly):
if disassembly.binary_info.code_areas:
self._code_areas = disassembly.binary_info.code_areas
self.disassembly = disassembly
self.lang_analyzer = LanguageAnalyzer(disassembly)
self.disassembly.language = self.lang_analyzer.identify()
self.bitness = disassembly.binary_info.bitness
self.capstone = Cs(CS_ARCH_X86, CS_MODE_32)
if self.bitness == 64:
self.capstone = Cs(CS_ARCH_X86, CS_MODE_64)
self.locateCandidates()
self.disassembly.identified_alignment = self.identified_alignment
self._buildQueue()
Example #9
| Source File: IdaExporter.py From smda with BSD 2-Clause "Simplified" License | 5 votes |
|
def _initCapstone(self):
self.capstone = Cs(CS_ARCH_X86, CS_MODE_32)
if self.bitness == 64:
self.capstone = Cs(CS_ARCH_X86, CS_MODE_64)
Example #10
| Source File: shell.py From unipacker with GNU General Public License v2.0 | 4 votes |
|
def __init__(self):
try:
Cmd.__init__(self)
self.allow_cli_args = False
self.register_cmdfinalization_hook(self.finalize_hook)
builtins.print = self.shell_print
self.histfile = ".unpacker_history"
self.clear_queue = False
self.sample = None
self.disassembler = Cs(CS_ARCH_X86, CS_MODE_32)
self.disassembler.detail = True
parser = argparse.ArgumentParser(
prog='unipacker',
description='Automatic and platform-independent unpacker for Windows binaries based on emulation')
parser.add_argument('samples', metavar='sample', type=file_or_dir, nargs='*',
help='The path to a sample (or directory containing samples) you want unpacked')
parser.add_argument('-d', '--dest', nargs='?', default='.',
help='The destination directory for unpacked binaries')
parser.add_argument('-p', '--partition-by-packer', action='store_true',
help='Group the unpacked files by packer')
parser.add_argument('-i', '--interactive', action='store_true',
help='Open the chosen sample(s) in the un{i}packer shell')
parser.add_argument('--version', action='store_true', help='Show version information and exit')
args = parser.parse_args()
if args.version:
print_version_and_exit()
if args.samples:
samples = []
for s in args.samples:
if os.path.exists(s):
samples.extend(Sample.get_samples(s, interactive=args.interactive))
else:
print(f"Path does not exist: {s}")
if args.interactive:
while True:
self.sample_loop(samples)
self.shell_event.wait()
samples = None
else:
IOHandler(samples, args.dest, args.partition_by_packer)
else:
while True:
self.sample_loop()
self.shell_event.wait()
except (EOFError, KeyboardInterrupt):
with open(f"{os.path.dirname(unipacker.__file__)}/fortunes") as f:
fortunes = f.read().splitlines()
print(f"\n{Fore.LIGHTRED_EX}{choice(fortunes)}{Fore.RESET}\n")
sys.exit(0)
