Disassembler/disas_capstone.py at master · OneofManyMatts/Disassembler · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
from capstone import *
from random import *

conditional_jumps = {'jo', 'jno', 'js', 'jns', 'je', 'jx', 'jne', 'jnz', 'jb', 'jnae', 'jc', 'jnb', 'jae', 'jnc', 'jbe', 'jna', 'ja', 'jnbe', 'jl', 'jnge', 'jge', 'jnl', 'jle', 'jng', 'jg', 'jnle', 'jp', 'jpe', 'jnp', 'jpo', 'jcxz', 'jecxz', 'loop'}
unconditional_jumps = {'jmp', 'call'}


recursive_list = ["0x00"] #We start with only the base value to parse
pairs_list = []
timothy = ""
first = 0
last = 0

def capstone_disasm(file_name, start, size, arch, linear):
	# Load file into a string buffer
	start = start +0
	with open(file_name,'r') as file:
		file.seek(start)
		file_content = file.read()

	if arch == 64:
		md = Cs(CS_ARCH_X86, CS_MODE_64)
	else:
		md = Cs(CS_ARCH_X86, CS_MODE_32)

	if linear:
		print "Running Capstone Linear Disassembler (" + str(arch) + "-bit) starting from " + str(start) + " for " + str(size) + " bytes!"
		for i, oper in enumerate(md.disasm(file_content, start)):
			print("0x%x:\t%s\t%s" %(oper.address, oper.mnemonic, oper.op_str))

			if i > size:
				break
	else:
		with open(file_name,'r') as file:
			recursive_disasm_capstone(start, file, 0x00, md)


def unchecked( address ):
	print("Base: %s"%address)
	for p in pairs_list:
		print("Compare: %s %s"%(int(p[0]), int(p[1])))
		if (address >= p[0]) and (address < p[1]) :
			return False
	#print("Haven't gone there!")
	return True

def update_list():
	for p in pairs_list:
		for g in pairs_list:
			if p == g:
				break
			p_0 = p[0]
			p_1 = p[1]
			g_0 = g[0]
			g_1 = g[1]
			if p_0 == g_0 and p_1 == g_1 :
				pairs_list.remove(g)
				break
			if p_0 <= g_0 and p_1 >= g_1 :
				pairs_list.remove(g)
				break
			if p_0 <= g_0 and p_1 <= g_1 :
				pairs_list.remove(p)
				pairs_list.remove(g)
				addpoints(p_0, g_1)
				break
			if g_0 <= p_0 and g_1 >= p_1 :
				pairs_list.remove(p)
				break
			if g_0 <= p_0 and g_1 <= p_1 :
				pairs_list.remove(p)
				pairs_list.remove(g)
				addpoints(g_0, p_1)

def addpoints ( first, last ):
	newpoint = [first, last]
	print("Adding: %s %s"%(first, last))
	pairs_list.append(newpoint)
	update_list()

def recursive_disasm_capstone(start, f, i, md):
	#print("Going to "+str(i))
	try:
		f.seek(i)
	except IOError as e:
		print("Impossible jump")
		return
	j = i
	for line in f:
		bill = None
		for will in md.disasm(line, start):
			bill = will
			print("0x%x:\t%s\t%s" %(bill.address, bill.mnemonic, bill.op_str))
			if bill.mnemonic == 'ret':
				return
			if bill.mnemonic in unconditional_jumps:
				addpoints(start, bill.address+len(bill.bytes))
				try:
					ti = int(bill.op_str, 0)
					tj = int(start)
					if unchecked(ti): # If we've already written this part there's no need to do it again.
						recursive_disasm_capstone(ti, f, ti-tj+i, md)
				except ValueError as e:
					print("Apologies- Non-int jump")
				return
			if bill.mnemonic in conditional_jumps:
				addpoints(start, bill.address+len(bill.bytes))
				try:
					ti = int(bill.op_str, 0)
					tj = int(start)
					if unchecked(ti): # If we've already written this part there's no need to do it again.
						print("Going to "+bill.op_str)
						recursive_disasm_capstone(ti, f, ti-tj+i, md)
				except ValueError as e:
					print("Apologies- Non-int jump!")