Python keystone.Ks() Examples
The following are 11
code examples of keystone.Ks().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
keystone
, or try the search function
.
.
Example #1
| Source File: utils.py From cemu with MIT License | 6 votes |
|
def assemble(asm_code: string, mode: int) -> Tuple[bytearray, int]:
"""
Helper function to assemble code receive in parameter `asm_code` using Keystone.
@param asm_code : assembly code in bytes (multiple instructions must be separated by ';')
@param mode : defines the mode to use Keystone with
@return a tuple of bytecodes as bytearray, along with the number of instruction compiled. If failed, the
bytearray will be empty, the count of instruction will be the negative number for the faulty line.
"""
arch, mode, endian = get_arch_mode("keystone", mode)
ks = keystone.Ks(arch, mode | endian)
if is_x86(mode) and mode.syntax == Syntax.ATT:
ks.syntax = keystone.KS_OPT_SYNTAX_ATT
try:
bytecode, cnt = ks.asm(asm_code, as_bytes=True)
except keystone.keystone.KsError as kse:
return (b'', kse.get_asm_count())
return (bytecode, cnt)
Example #2
| Source File: test_armv7unicorn.py From manticore with GNU Affero General Public License v3.0 | 6 votes |
|
def _ks_assemble(asm: str, mode=CS_MODE_ARM) -> bytes:
"""Assemble the given string using Keystone using the specified CPU mode."""
# Explicitly uses late importing so that Keystone will only be imported if this is called.
# This lets us avoid requiring installation of Keystone for running tests.
global ks, ks_thumb
from keystone import Ks, KS_ARCH_ARM, KS_MODE_ARM, KS_MODE_THUMB
if ks is None:
ks = Ks(KS_ARCH_ARM, KS_MODE_ARM)
if ks_thumb is None:
ks_thumb = Ks(KS_ARCH_ARM, KS_MODE_THUMB)
if CS_MODE_ARM == mode:
ords = ks.asm(asm)[0]
elif CS_MODE_THUMB == mode:
ords = ks_thumb.asm(asm)[0]
else:
raise Exception(f"bad processor mode for assembly: {mode}")
if not ords:
raise Exception(f"bad assembly: {asm}")
return binascii.hexlify(bytearray(ords))
Example #3
| Source File: test_armv7cpu.py From manticore with GNU Affero General Public License v3.0 | 6 votes |
|
def _ks_assemble(asm: str, mode=CS_MODE_ARM) -> bytes:
"""Assemble the given string using Keystone using the specified CPU mode."""
# Explicitly uses late importing so that Keystone will only be imported if this is called.
# This lets us avoid requiring installation of Keystone for running tests.
global ks, ks_thumb
from keystone import Ks, KS_ARCH_ARM, KS_MODE_ARM, KS_MODE_THUMB
if ks is None:
ks = Ks(KS_ARCH_ARM, KS_MODE_ARM)
if ks_thumb is None:
ks_thumb = Ks(KS_ARCH_ARM, KS_MODE_THUMB)
if CS_MODE_ARM == mode:
ords = ks.asm(asm)[0]
elif CS_MODE_THUMB == mode:
ords = ks_thumb.asm(asm)[0]
else:
raise Exception(f"bad processor mode for assembly: {mode}")
if not ords:
raise Exception(f"bad assembly: {asm}")
return binascii.hexlify(bytearray(ords))
Example #4
| Source File: assembler.py From chiasm-shell with MIT License | 6 votes |
|
def _set_arch(self, arch, *modes):
"""
Try and set the current architecture
"""
try:
a = self.valid_archs[''.join(['KS_ARCH_', arch.upper()])]
if a is None:
l.error("Invalid architecture selected - run lsarch for valid options")
return False
ms = [self.modes[''.join(['KS_MODE_', m.upper()])] for m in modes]
except KeyError:
l.error("ERROR: Invalid architecture or mode string specified")
return False
try:
_ks = ks.Ks(a, sum(ms))
self._arch = (arch, modes)
l.debug("Architecture set to %s, mode(s): %s", arch, ', '.join(modes))
self._ks = _ks
except ks.KsError as e:
l.error("ERROR: %s", e)
return False
return True
Example #5
| Source File: __base__.py From deen with Apache License 2.0 | 6 votes |
|
def __init__(self):
super(AsmBase, self).__init__()
# Initialize keystone and capstone as soon as an instance
# of this plugin will be created.
if not keystone:
self.log.debug('Keystone is required for ' + self.__class__.__name__)
return
if not capstone:
self.log.debug('Capstone is required for ' + self.__class__.__name__)
return
if getattr(self, 'args', None) and self.args and getattr(self.args, 'bigendian', None) \
and self.args.bigendian:
self.ks = keystone.Ks(self.keystone_arch,
self.keystone_mode + keystone.KS_MODE_BIG_ENDIAN)
self.cs = capstone.Cs(self.capstone_arch,
capstone.CS_MODE_BIG_ENDIAN)
else:
self.ks = keystone.Ks(self.keystone_arch,
self.keystone_mode + keystone.KS_MODE_LITTLE_ENDIAN)
self.cs = capstone.Cs(self.capstone_arch,
capstone.CS_MODE_LITTLE_ENDIAN)
Example #6
| Source File: test_register_analysis.py From retrowrite with MIT License | 6 votes |
|
def get_function(code):
import keystone as ks
ksa = ks.Ks(ks.KS_ARCH_X86, ks.KS_MODE_64)
ksa.syntax = ks.KS_OPT_SYNTAX_ATT
asm, count = ksa.asm(code)
asm = bytes(asm)
func = Function("P7AllocTrace", 0x1000, len(asm), asm)
func.disasm()
container = Container()
container.add_function(func)
return container
Example #7
| Source File: DBGHider.py From DBGHider with Apache License 2.0 | 5 votes |
|
def assemble(code, addr = 0, mode = keystone.KS_MODE_32):
"""
assemble asm code for inline hook
"""
ks = keystone.Ks(keystone.KS_ARCH_X86, mode)
encoding, count = ks.asm(code, addr)
buf = ''.join(chr(c) for c in encoding)
return buf, count
Example #8
| Source File: test_asan_memcheck.py From retrowrite with MIT License | 5 votes |
|
def get_function(code):
import keystone as ks
ksa = ks.Ks(ks.KS_ARCH_X86, ks.KS_MODE_64)
ksa.syntax = ks.KS_OPT_SYNTAX_ATT
asm, count = ksa.asm(code)
asm = bytes(asm)
func = Function("DYNCODE", 0x1000, len(asm), asm)
container = Container()
container.add_function(func)
return container
Example #9
| Source File: pe.py From crave with GNU General Public License v3.0 | 5 votes |
|
def patch_code(self, instructions='ret;',va=0):
""" put instruction(s), at the end of the basic block specified"""
#TODO: get capstone instruction at the end of the basic_block
try:
k = ks.Ks(ks.KS_ARCH_X86, ks.KS_MODE_32)
encoding, count = k.asm(instructions, va+self.OPTIONAL_HEADER.ImageBase)
except ks.KsError as e:
l.error("Error! %s", e)
raise
if not self.set_bytes_at_rva(va, ''.join(map(chr, encoding))):
raise Exception('Cannot patch bytes at %x!', va)
Example #10
| Source File: arch.py From archinfo with BSD 2-Clause "Simplified" License | 5 votes |
|
def keystone(self):
"""
A Keystone instance for this arch
"""
if self._ks is None:
if _keystone is None:
l.warning("Keystone is not installed!")
return None
if self.ks_arch is None:
raise ArchError("Arch %s does not support disassembly with Keystone" % self.name)
self._ks = _keystone.Ks(self.ks_arch, self.ks_mode)
self._configure_keystone()
return self._ks
Example #11
| Source File: arch_arm.py From archinfo with BSD 2-Clause "Simplified" License | 5 votes |
|
def keystone_thumb(self):
if _keystone is None:
l.warning("Keystone is not installed!")
return None
if self._ks_thumb is None:
self._ks_thumb = _keystone.Ks(self.ks_arch, _keystone.KS_MODE_THUMB)
return self._ks_thumb
