Python distorm3.DecodeGenerator() Examples
The following are 16
code examples of distorm3.DecodeGenerator().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
distorm3
, or try the search function
.
.
Example #1
| Source File: utils.py From vortessence with GNU General Public License v2.0 | 6 votes |
|
def disassemble(data, start, bits='32bit', stoponret=False):
"""Dissassemble code with distorm3.
@param data: python byte str to decode
@param start: address where `data` is found in memory
@param bits: use 32bit or 64bit decoding
@param stoponret: stop disasm when function end is reached
@returns: tuple of (offset, instruction, hex bytes)
"""
if bits == '32bit':
mode = distorm3.Decode32Bits
else:
mode = distorm3.Decode64Bits
for o, _, i, h in distorm3.DecodeGenerator(start, data, mode):
if stoponret and i.startswith("RET"):
raise StopIteration
yield o, i, h
# copied from volatility
Example #2
| Source File: mbrparser.py From aumfor with GNU General Public License v3.0 | 5 votes |
|
def _get_instructions(self, boot_code):
if self._config.HEX:
return "".join(["{2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code, 0)])
iterable = distorm3.DecodeGenerator(0, boot_code, distorm3.Decode16Bits)
ret = ""
for (offset, size, instruction, hexdump) in iterable:
ret += "{0}".format(instruction)
if instruction == "RET":
hexstuff = "".join(["{2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code[offset + size:], 0)])
ret += hexstuff
break
return ret
Example #3
| Source File: mbrparser.py From aumfor with GNU General Public License v3.0 | 5 votes |
|
def get_disasm_text(self, boot_code, start):
iterable = distorm3.DecodeGenerator(0, boot_code, distorm3.Decode16Bits)
ret = ""
self.code_data = boot_code
for (offset, size, instruction, hexdump) in iterable:
ret += "{0:010x}: {1:<32} {2}\n".format(offset + start, hexdump, instruction)
if instruction == "RET":
self.code_data = boot_code[0:offset + size]
hexstuff = "\n" + "\n".join(["{0:010x}: {1:<48} {2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code[offset + size:], offset + start + size)])
ret += hexstuff
break
return ret
Example #4
| Source File: malfind.py From aumfor with GNU General Public License v3.0 | 5 votes |
|
def Disassemble(data, start, bits = '32bit', stoponret = False):
"""Dissassemble code with distorm3.
@param data: python byte str to decode
@param start: address where `data` is found in memory
@param bits: use 32bit or 64bit decoding
@param stoponret: stop disasm when function end is reached
@returns: tuple of (offset, instruction, hex bytes)
"""
if not has_distorm3:
raise StopIteration
if bits == '32bit':
mode = distorm3.Decode32Bits
else:
mode = distorm3.Decode64Bits
for o, _, i, h in distorm3.DecodeGenerator(start, data, mode):
if stoponret and i.startswith("RET"):
raise StopIteration
yield o, i, h
#--------------------------------------------------------------------------------
# scanners by scudette
#
# unfortunately the existing scanning framework (i.e. scan.BaseScanner) has
# some shortcomings that don't allow us to integrate yara easily.
#
# FIXME: these may need updating after resolving issue 310 which aims to
# enhance the scan.BaseScanner to better support things like this
#--------------------------------------------------------------------------------
Example #5
| Source File: mbrparser.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def _get_instructions(self, boot_code):
if self._config.HEX:
return "".join(["{2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code, 0)])
iterable = distorm3.DecodeGenerator(0, boot_code, distorm3.Decode16Bits)
ret = ""
for (offset, size, instruction, hexdump) in iterable:
ret += "{0}".format(instruction)
if instruction == "RET":
hexstuff = "".join(["{2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code[offset + size:], 0)])
ret += hexstuff
break
return ret
Example #6
| Source File: mbrparser.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def get_disasm_text(self, boot_code, start):
iterable = distorm3.DecodeGenerator(0, boot_code, distorm3.Decode16Bits)
ret = ""
self.code_data = boot_code
for (offset, size, instruction, hexdump) in iterable:
ret += "{0:010x}: {1:<32} {2}\n".format(offset + start, hexdump, instruction)
if instruction == "RET":
self.code_data = boot_code[0:offset + size]
hexstuff = "\n" + "\n".join(["{0:010x}: {1:<48} {2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code[offset + size:], offset + start + size)])
ret += hexstuff
break
return ret
Example #7
| Source File: malfind.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def Disassemble(data, start, bits = '32bit', stoponret = False):
"""Dissassemble code with distorm3.
@param data: python byte str to decode
@param start: address where `data` is found in memory
@param bits: use 32bit or 64bit decoding
@param stoponret: stop disasm when function end is reached
@returns: tuple of (offset, instruction, hex bytes)
"""
if not has_distorm3:
raise StopIteration
if bits == '32bit':
mode = distorm3.Decode32Bits
else:
mode = distorm3.Decode64Bits
for o, _, i, h in distorm3.DecodeGenerator(start, data, mode):
if stoponret and i.startswith("RET"):
raise StopIteration
yield o, i, h
#--------------------------------------------------------------------------------
# scanners by scudette
#
# unfortunately the existing scanning framework (i.e. scan.BaseScanner) has
# some shortcomings that don't allow us to integrate yara easily.
#
# FIXME: these may need updating after resolving issue 310 which aims to
# enhance the scan.BaseScanner to better support things like this
#--------------------------------------------------------------------------------
Example #8
| Source File: mbrparser.py From vortessence with GNU General Public License v2.0 | 5 votes |
|
def _get_instructions(self, boot_code):
if self._config.HEX:
return "".join(["{2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code, 0)])
iterable = distorm3.DecodeGenerator(0, boot_code, distorm3.Decode16Bits)
ret = ""
for (offset, size, instruction, hexdump) in iterable:
ret += "{0}".format(instruction)
if instruction == "RET":
hexstuff = "".join(["{2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code[offset + size:], 0)])
ret += hexstuff
break
return ret
Example #9
| Source File: mbrparser.py From vortessence with GNU General Public License v2.0 | 5 votes |
|
def get_disasm_text(self, boot_code, start):
iterable = distorm3.DecodeGenerator(0, boot_code, distorm3.Decode16Bits)
ret = ""
self.code_data = boot_code
for (offset, size, instruction, hexdump) in iterable:
ret += "{0:010x}: {1:<32} {2}\n".format(offset + start, hexdump, instruction)
if instruction == "RET":
self.code_data = boot_code[0:offset + size]
hexstuff = "\n" + "\n".join(["{0:010x}: {1:<48} {2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code[offset + size:], offset + start + size)])
ret += hexstuff
break
return ret
Example #10
| Source File: malfind.py From vortessence with GNU General Public License v2.0 | 5 votes |
|
def Disassemble(data, start, bits = '32bit', stoponret = False):
"""Dissassemble code with distorm3.
@param data: python byte str to decode
@param start: address where `data` is found in memory
@param bits: use 32bit or 64bit decoding
@param stoponret: stop disasm when function end is reached
@returns: tuple of (offset, instruction, hex bytes)
"""
if not has_distorm3:
raise StopIteration
if bits == '32bit':
mode = distorm3.Decode32Bits
else:
mode = distorm3.Decode64Bits
for o, _, i, h in distorm3.DecodeGenerator(start, data, mode):
if stoponret and i.startswith("RET"):
raise StopIteration
yield o, i, h
#--------------------------------------------------------------------------------
# scanners by scudette
#
# unfortunately the existing scanning framework (i.e. scan.BaseScanner) has
# some shortcomings that don't allow us to integrate yara easily.
#
# FIXME: these may need updating after resolving issue 310 which aims to
# enhance the scan.BaseScanner to better support things like this
#--------------------------------------------------------------------------------
Example #11
| Source File: mbrparser.py From DAMM with GNU General Public License v2.0 | 5 votes |
|
def _get_instructions(self, boot_code):
if self._config.HEX:
return "".join(["{2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code, 0)])
iterable = distorm3.DecodeGenerator(0, boot_code, distorm3.Decode16Bits)
ret = ""
for (offset, size, instruction, hexdump) in iterable:
ret += "{0}".format(instruction)
if instruction == "RET":
hexstuff = "".join(["{2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code[offset + size:], 0)])
ret += hexstuff
break
return ret
Example #12
| Source File: mbrparser.py From DAMM with GNU General Public License v2.0 | 5 votes |
|
def get_disasm_text(self, boot_code, start):
iterable = distorm3.DecodeGenerator(0, boot_code, distorm3.Decode16Bits)
ret = ""
self.code_data = boot_code
for (offset, size, instruction, hexdump) in iterable:
ret += "{0:010x}: {1:<32} {2}\n".format(offset + start, hexdump, instruction)
if instruction == "RET":
self.code_data = boot_code[0:offset + size]
hexstuff = "\n" + "\n".join(["{0:010x}: {1:<48} {2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code[offset + size:], offset + start + size)])
ret += hexstuff
break
return ret
Example #13
| Source File: malfind.py From DAMM with GNU General Public License v2.0 | 5 votes |
|
def Disassemble(data, start, bits = '32bit', stoponret = False):
"""Dissassemble code with distorm3.
@param data: python byte str to decode
@param start: address where `data` is found in memory
@param bits: use 32bit or 64bit decoding
@param stoponret: stop disasm when function end is reached
@returns: tuple of (offset, instruction, hex bytes)
"""
if not has_distorm3:
raise StopIteration
if bits == '32bit':
mode = distorm3.Decode32Bits
else:
mode = distorm3.Decode64Bits
for o, _, i, h in distorm3.DecodeGenerator(start, data, mode):
if stoponret and i.startswith("RET"):
raise StopIteration
yield o, i, h
#--------------------------------------------------------------------------------
# scanners by scudette
#
# unfortunately the existing scanning framework (i.e. scan.BaseScanner) has
# some shortcomings that don't allow us to integrate yara easily.
#
# FIXME: these may need updating after resolving issue 310 which aims to
# enhance the scan.BaseScanner to better support things like this
#--------------------------------------------------------------------------------
Example #14
| Source File: mbrparser.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def _get_instructions(self, boot_code):
if self._config.HEX:
return "".join(["{2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code, 0)])
iterable = distorm3.DecodeGenerator(0, boot_code, distorm3.Decode16Bits)
ret = ""
for (offset, size, instruction, hexdump) in iterable:
ret += "{0}".format(instruction)
if instruction == "RET":
hexstuff = "".join(["{2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code[offset + size:], 0)])
ret += hexstuff
break
return ret
Example #15
| Source File: mbrparser.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def get_disasm_text(self, boot_code, start):
iterable = distorm3.DecodeGenerator(0, boot_code, distorm3.Decode16Bits)
ret = ""
self.code_data = boot_code
for (offset, size, instruction, hexdump) in iterable:
ret += "{0:010x}: {1:<32} {2}\n".format(offset + start, hexdump, instruction)
if instruction == "RET":
self.code_data = boot_code[0:offset + size]
hexstuff = "\n" + "\n".join(["{0:010x}: {1:<48} {2}".format(o, h, ''.join(c)) for o, h, c in self.Hexdump(boot_code[offset + size:], offset + start + size)])
ret += hexstuff
break
return ret
Example #16
| Source File: malfind.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def Disassemble(data, start, bits = '32bit', stoponret = False):
"""Dissassemble code with distorm3.
@param data: python byte str to decode
@param start: address where `data` is found in memory
@param bits: use 32bit or 64bit decoding
@param stoponret: stop disasm when function end is reached
@returns: tuple of (offset, instruction, hex bytes)
"""
if not has_distorm3:
raise StopIteration
if bits == '32bit':
mode = distorm3.Decode32Bits
else:
mode = distorm3.Decode64Bits
for o, _, i, h in distorm3.DecodeGenerator(start, data, mode):
if stoponret and i.startswith("RET"):
raise StopIteration
yield o, i, h
#--------------------------------------------------------------------------------
# scanners by scudette
#
# unfortunately the existing scanning framework (i.e. scan.BaseScanner) has
# some shortcomings that don't allow us to integrate yara easily.
#
# FIXME: these may need updating after resolving issue 310 which aims to
# enhance the scan.BaseScanner to better support things like this
#--------------------------------------------------------------------------------
