Python capstone.CS_GRP_CALL Examples

The following are 4 code examples of capstone.CS_GRP_CALL(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module capstone , or try the search function .
Example #1
Source File: annotator.py    From bingraphvis with BSD 2-Clause "Simplified" License 5 votes vote down vote up 
def annotate_content(self, node, content):
        if node.obj.is_simprocedure or node.obj.is_syscall:
            return
        for k in content['data']:
            ins = k['_ins']
            if ins.group(capstone.CS_GRP_CALL):
                caddr = ins.operands[0]
                try:
                    addr = int(caddr.value.imm)
                    fm = self.project.kb.functions
                    fname = None
                    if addr in fm:
                        fname = fm[addr].name
                        if fname.find('_Z') == 0:
                            try:
                                fname = self.demangle([fname])[0]
                            except Exception as e:
                                pass
                    
                    if fname:
                        if not ('comment' in k and 'content' in k['comment']):
                            k['comment'] = {
                                'content': "; "+ fname
                            }
                        else:
                            k['comment']['content'] += ", " + fname

                        k['comment']['color'] ='gray'
                        k['comment']['align'] = 'LEFT'
                except: 
                    pass
Example #2
Source File: utils.py    From plasma with GNU General Public License v3.0 5 votes vote down vote up 
def is_call(i):
    return i.group(CS_GRP_CALL) or i.id in JUMPS_LINK
Example #3
Source File: utils.py    From plasma with GNU General Public License v3.0 5 votes vote down vote up 
def is_call(i):
    return i.group(CS_GRP_CALL)
Example #4
Source File: constructs.py    From dispatch with MIT License 5 votes vote down vote up 
def instruction_from_cs_insn(csInsn, executable):
    groups = []

    if executable.architecture in (ARCHITECTURE.ARM, ARCHITECTURE.ARM_64):
        if csInsn.mnemonic.startswith('bl'):
            groups.append(Instruction.GRP_CALL)
        elif csInsn.mnemonic.startswith('b'):
            groups.append(Instruction.GRP_JUMP)
    else:
        if capstone.CS_GRP_JUMP in csInsn.groups:
            groups.append(Instruction.GRP_JUMP)
        if capstone.CS_GRP_CALL in csInsn.groups:
            groups.append(Instruction.GRP_CALL)

    instruction = Instruction(csInsn.address, csInsn.size, csInsn.bytes, csInsn.mnemonic, [], groups, csInsn, executable)

    # We manually pull out the instruction details here so that capstone doesn't deepcopy everything which burns time
    # and memory
    detail = ctypes.cast(csInsn._raw.detail, ctypes.POINTER(capstone._cs_detail)).contents

    if executable.architecture == ARCHITECTURE.X86 or executable.architecture == ARCHITECTURE.X86_64:
        detail = detail.arch.x86
    elif executable.architecture == ARCHITECTURE.ARM:
        detail = detail.arch.arm
    elif executable.architecture == ARCHITECTURE.ARM_64:
        detail = detail.arch.arm64

    operands = [operand_from_cs_op(detail.operands[i], instruction) for i in range(detail.op_count)]

    instruction.operands = operands

    return instruction