Nguyen Anh Quynh | a6519b0 | 2014-04-16 20:03:55 +0800 | [diff] [blame] | 1 | #!/usr/bin/env python |
| 2 | |
| 3 | # Capstone Python bindings, by Nguyen Anh Quynnh <aquynh@gmail.com> |
| 4 | from __future__ import print_function |
| 5 | import sys |
| 6 | from capstone import * |
| 7 | |
Nguyen Anh Quynh | 4171e48 | 2014-04-16 20:44:10 +0800 | [diff] [blame] | 8 | CODE32 = b"\xc0\xe0\x02" |
Nguyen Anh Quynh | d711060 | 2014-04-23 12:40:58 +0800 | [diff] [blame] | 9 | CODE32 += b"\xc0\xf6\x02" # sal dh, 0 |
| 10 | CODE32 += b"\xc1\xf6\x00" # sal esi, 0 |
Nguyen Anh Quynh | 33e1636 | 2014-04-20 11:32:00 +0800 | [diff] [blame] | 11 | CODE32 += b"\x82\xc0\x00" |
Nguyen Anh Quynh | d711060 | 2014-04-23 12:40:58 +0800 | [diff] [blame] | 12 | CODE32 += b"\x0f\x1a\x00" # nop dword ptr [eax] |
| 13 | CODE32 += b"\xf7\xc0\x11\x22\x33\x44" # test eax, 0x44332211 |
| 14 | CODE32 += b"\xf7\xc8\x11\x22\x33\x44" # test eax, 0x44332211 |
| 15 | CODE32 += b"\xf7\x88\x00\x00\x00\x00\x00\x00\x00\x00" # test dword ptr [eax], 0 |
| 16 | CODE32 += b"\xf6\x88\x00\x00\x00\x00\x00" # test byte ptr [eax], 0 |
| 17 | |
Nguyen Anh Quynh | 191c070 | 2014-04-24 22:50:54 +0800 | [diff] [blame] | 18 | CODE32 += b"\xd9\xd8" # fstpnce st(0), st(0) |
| 19 | CODE32 += b"\xdf\xdf" # fstp st(7), st(0) |
| 20 | |
| 21 | CODE32 += b"\x0f\x20\x00" # mov eax, cr0 |
| 22 | CODE32 += b"\x0f\x20\x40" # mov eax, cr0 |
| 23 | CODE32 += b"\x0f\x20\x80" # mov eax, cr0 |
| 24 | |
| 25 | CODE32 += b"\x0f\x22\x00" # mov cr0, eax |
| 26 | CODE32 += b"\x0f\x22\x40" # mov cr0, eax |
| 27 | CODE32 += b"\x0f\x22\x80" # mov cr0, eax |
| 28 | |
| 29 | CODE32 += b"\x0f\x21\x00" # mov eax, dr0 |
| 30 | CODE32 += b"\x0f\x21\x40" # mov eax, dr0 |
| 31 | CODE32 += b"\x0f\x21\x80" # mov eax, dr0 |
| 32 | |
| 33 | CODE32 += b"\x0f\x23\x00" # mov dr0, eax |
| 34 | CODE32 += b"\x0f\x23\x40" # mov dr0, eax |
| 35 | CODE32 += b"\x0f\x23\x80" # mov dr0, eax |
| 36 | |
Nguyen Anh Quynh | b008229 | 2014-11-16 19:08:25 +0800 | [diff] [blame] | 37 | CODE32 += b"\x66\x2e\x0f\x58\xc0" # addpd xmm0, xmm0 |
| 38 | CODE32 += b"\x2e\x66\x0f\x58\xc0" # addpd xmm0, xmm0 |
Nguyen Anh Quynh | 57a902d | 2014-11-16 19:48:41 +0800 | [diff] [blame] | 39 | CODE32 += b"\x66\xf2\x0f\x38\xf1\xc3" # crc32w %bx, %eax |
Nguyen Anh Quynh | b008229 | 2014-11-16 19:08:25 +0800 | [diff] [blame] | 40 | CODE32 += b"\xf2\x0f\x38\xf1\x8c\xcb\xef\xbe\xad\xde" # crc32l -0x21524111(%ebx, %ecx, 8), %ecx |
| 41 | |
Nguyen Anh Quynh | 668b96c | 2014-11-02 23:15:18 +0800 | [diff] [blame] | 42 | CODE32_MEMREF = b"\x8b\x84\x91\x23\x01\x00\x00" |
| 43 | CODE32_MEMREF += b"\x8b\x04\x95\x23\x01\x00\x00" |
| 44 | CODE32_MEMREF += b"\x8b\x04\x95\xdd\xfe\xff\xff" |
| 45 | CODE32_MEMREF += b"\xa1\x23\x01\x00\x00" |
| 46 | CODE32_MEMREF += b"\xa1\x00\x00\x00\x00" |
Nguyen Anh Quynh | ed0fbce | 2014-11-02 23:32:39 +0800 | [diff] [blame] | 47 | CODE32_MEMREF += b"\xa1\xdd\xfe\xff\xff" |
Nguyen Anh Quynh | b87f855 | 2014-11-02 23:38:35 +0800 | [diff] [blame] | 48 | CODE32_MEMREF += b"\x8b\x04\x91" |
Nguyen Anh Quynh | 668b96c | 2014-11-02 23:15:18 +0800 | [diff] [blame] | 49 | |
Nguyen Anh Quynh | c352897 | 2014-11-04 11:04:32 +0800 | [diff] [blame] | 50 | CODE64_MEMREF = b"\xa3\x0b\x00\x00\x0f\xbe\xc0\x48\x83" |
| 51 | CODE64_MEMREF += b"\xa0\x71\xfa\xff\x48\x85\xc0\x48\x89" |
Nguyen Anh Quynh | a6519b0 | 2014-04-16 20:03:55 +0800 | [diff] [blame] | 52 | |
Nguyen Anh Quynh | ff7bba3 | 2014-11-03 16:32:06 +0800 | [diff] [blame] | 53 | CODE32_ARITH = b"\x83\xe0\xf7" |
| 54 | CODE32_ARITH += b"\x83\xe0\x10" |
| 55 | CODE32_ARITH += b"\x83\xe0\x00" |
| 56 | CODE32_ARITH += b"\x80\x23\x10" |
| 57 | |
| 58 | CODE64_ARITH = b"\x41\x83\xe0\xfa" |
| 59 | CODE64_ARITH += b"\x48\x83\xe4\xf0" |
| 60 | |
Nguyen Anh Quynh | c352897 | 2014-11-04 11:04:32 +0800 | [diff] [blame] | 61 | CODE32_IMM = b"\xc2\xb8\xc0" |
| 62 | CODE32_IMM += b"\xc2\x0f\x92" |
| 63 | CODE32_IMM += b"\x02\x2d\x00\x00\x00\x83" |
| 64 | |
Nguyen Anh Quynh | ff7bba3 | 2014-11-03 16:32:06 +0800 | [diff] [blame] | 65 | |
| 66 | |
Nguyen Anh Quynh | a6519b0 | 2014-04-16 20:03:55 +0800 | [diff] [blame] | 67 | _python3 = sys.version_info.major == 3 |
| 68 | |
| 69 | all_tests = ( |
| 70 | (CS_ARCH_X86, CS_MODE_32, CODE32, "X86 32 (Intel syntax)", 0), |
Nguyen Anh Quynh | 668b96c | 2014-11-02 23:15:18 +0800 | [diff] [blame] | 71 | (CS_ARCH_X86, CS_MODE_32, CODE32, "X86 32 (ATT syntax)", CS_OPT_SYNTAX_ATT), |
Nguyen Anh Quynh | ff7bba3 | 2014-11-03 16:32:06 +0800 | [diff] [blame] | 72 | |
Nguyen Anh Quynh | 668b96c | 2014-11-02 23:15:18 +0800 | [diff] [blame] | 73 | (CS_ARCH_X86, CS_MODE_32, CODE32_MEMREF, "X86 32 MemRef (Intel syntax)", 0), |
| 74 | (CS_ARCH_X86, CS_MODE_32, CODE32_MEMREF, "X86 32 MemRef (ATT syntax)", CS_OPT_SYNTAX_ATT), |
Nguyen Anh Quynh | c352897 | 2014-11-04 11:04:32 +0800 | [diff] [blame] | 75 | (CS_ARCH_X86, CS_MODE_64, CODE64_MEMREF, "X86 64 (Intel syntax)", 0), |
Nguyen Anh Quynh | ff7bba3 | 2014-11-03 16:32:06 +0800 | [diff] [blame] | 76 | |
| 77 | (CS_ARCH_X86, CS_MODE_32, CODE32_ARITH, "X86 32 (Intel syntax)", 0), |
Nguyen Anh Quynh | ff7bba3 | 2014-11-03 16:32:06 +0800 | [diff] [blame] | 78 | (CS_ARCH_X86, CS_MODE_64, CODE64_ARITH, "X86 64 (Intel syntax)", 0), |
Nguyen Anh Quynh | c352897 | 2014-11-04 11:04:32 +0800 | [diff] [blame] | 79 | |
| 80 | (CS_ARCH_X86, CS_MODE_32, CODE32_IMM, "X86 32 (Intel syntax)", 0), |
| 81 | (CS_ARCH_X86, CS_MODE_32, CODE32_IMM, "X86 32 (Intel syntax)", CS_OPT_SYNTAX_ATT), |
Nguyen Anh Quynh | a6519b0 | 2014-04-16 20:03:55 +0800 | [diff] [blame] | 82 | ) |
| 83 | |
| 84 | |
| 85 | def to_hex(s): |
| 86 | if _python3: |
| 87 | return " ".join("0x{0:02x}".format(c) for c in s) # <-- Python 3 is OK |
| 88 | else: |
| 89 | return " ".join("0x{0:02x}".format(ord(c)) for c in s) |
| 90 | |
| 91 | # ## Test cs_disasm_quick() |
| 92 | def test_cs_disasm_quick(): |
| 93 | for (arch, mode, code, comment, syntax) in all_tests: |
| 94 | print("Platform: %s" % comment) |
| 95 | print("Code: %s" %(to_hex(code))), |
| 96 | print("Disasm:") |
Nguyen Anh Quynh | 668b96c | 2014-11-02 23:15:18 +0800 | [diff] [blame] | 97 | md = Cs(arch, mode) |
| 98 | if syntax != 0: |
| 99 | md.syntax = syntax |
| 100 | for insn in md.disasm(code, 0x1000): |
| 101 | print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str)) |
| 102 | print("--------") |
Nguyen Anh Quynh | a6519b0 | 2014-04-16 20:03:55 +0800 | [diff] [blame] | 103 | |
| 104 | |
| 105 | if __name__ == '__main__': |
| 106 | test_cs_disasm_quick() |