How to use the capstone.CS_ARCH_MIPS function in capstone
To help you get started, we’ve selected a few capstone examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
smuniz / pimp_my_ride / pimp_my_ride.py View on Github 
self.breakpoints_callback = list()
# Convert IDA architectures IDs to our own.
if architecture == "ppc": # FIXME : pyelftools does not recognize
# PowerPC architecture, hence does not
# return its type.
raise PimpMyRideException("PowerPC is unsupported.")
elif architecture == "MIPS":
cur_arch = uc.UC_ARCH_MIPS
if is_little_endian:
cur_mode = uc.UC_MODE_MIPS32 + uc.UC_MODE_LITTLE_ENDIAN
else:
cur_mode = uc.UC_MODE_MIPS32 + uc.UC_MODE_BIG_ENDIAN
cs_arch = cs.CS_ARCH_MIPS
if is_little_endian:
cs_mode = cs.CS_MODE_MIPS32 + cs.CS_MODE_LITTLE_ENDIAN
else:
cs_mode = cs.CS_MODE_MIPS32 + cs.CS_MODE_BIG_ENDIAN
elif architecture == "ARM":
#if self.mode == uc.UC_MODE_ARM:
#elif self.mode == uc.UC_MODE_THUMB:
cur_arch = uc.UC_ARCH_ARM
cur_mode = uc.UC_MODE_ARM
cs_arch = cs.CS_ARCH_ARM
cs_mode = cs.CS_MODE_ARM
elif architecture == "AArch64":
cur_arch = uc.UC_ARCH_ARM64if a.endianness==Endianness.LITTLE:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS32, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS32, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS32, unicorn.UC_MODE_LITTLE_ENDIAN
else:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS32, keystone.KS_MODE_BIG_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS32, capstone.CS_MODE_BIG_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS32, unicorn.UC_MODE_BIG_ENDIAN
elif is_mips64(a):
if a.endianness==Endianness.LITTLE:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS64, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS64, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS64, unicorn.UC_MODE_LITTLE_ENDIAN
else:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS64, keystone.KS_MODE_BIG_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS64, capstone.CS_MODE_BIG_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS64, unicorn.UC_MODE_BIG_ENDIAN
# sparc/sparc64
elif is_sparc(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_SPARC, keystone.KS_MODE_SPARC32, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_SPARC, 0, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_SPARC, unicorn.UC_MODE_SPARC32, unicorn.UC_MODE_LITTLE_ENDIAN
elif is_sparc(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_SPARC, keystone.KS_MODE_SPARC64, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_SPARC, 0, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_SPARC, unicorn.UC_MODE_SPARC64, unicorn.UC_MODE_LITTLE_ENDIAN
if arch is None and mode is None and endian is None:
raise Exception("Failed to get architecture parameter from mode")
return arch, mode, endiandef __init__(self, filename, raw_type, raw_base, raw_big_endian, database):
import capstone as CAPSTONE
arch_lookup = {
"x86": CAPSTONE.CS_ARCH_X86,
"x64": CAPSTONE.CS_ARCH_X86,
"ARM": CAPSTONE.CS_ARCH_ARM,
"MIPS32": CAPSTONE.CS_ARCH_MIPS,
"MIPS64": CAPSTONE.CS_ARCH_MIPS,
}
mode_lookup = {
"x86": CAPSTONE.CS_MODE_32,
"x64": CAPSTONE.CS_MODE_64,
"ARM": CAPSTONE.CS_ARCH_ARM,
"MIPS32": CAPSTONE.CS_MODE_MIPS32,
"MIPS64": CAPSTONE.CS_MODE_MIPS64,
}
word_size_lookup = {
"x86": 4,
"x64": 8,
"ARM": 4,
"MIPS32": 4,0x0C : 'OpenBSD'
}
self.os = os_values[unpack('B', self.binary[offset : offset + BYTE])[0]]
offset = 0x10
type_values = {
1 : 'relocatable',
2 : 'executable',
3 : 'shared',
4 : 'core'
}
self.type = type_values[unpack(self.end + 'H', self.binary[offset : offset + HWORD])[0]]
offset = 0x12
arch_values = {
# 0x02 : capstone.CS_ARCH_SPARC, Next version will have sparc
0x03 : capstone.CS_ARCH_X86,
0x08 : capstone.CS_ARCH_MIPS,
0x14 : capstone.CS_ARCH_PPC,
0x28 : capstone.CS_ARCH_ARM,
0x32 : False, # IA_64 not yet supported in capstone
0x3E : capstone.CS_ARCH_X86, # This is actually x86_64 which I think is taken care of by the CS_MODE_64
0xB7 : capstone.CS_ARCH_ARM64
}
self.arch = arch_values[unpack(self.end + 'H', self.binary[offset : offset + HWORD])[0]]
offset = 0x18
self.entry_point = unpack(self.end + self.word[0], self.binary[offset : offset + self.word[1]])[0]
offset += self.word[1]
self.program_header_offset = unpack(self.end + self.word[0], self.binary[offset : offset + self.word[1]])[0]
offset += self.word[1]
self.section_header_offset = unpack(self.end + self.word[0], self.binary[offset : offset + self.word[1]])[0]
offset += self.word[1]
self.flags = unpack(self.end + 'I', self.binary[offset : offset + WORD])[0]
offset += WORDdef __init__(self, mode):
super(Capstone, self).__init__(mode)
if self.mode == "I386":
self.cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
elif self.mode == "AMD64":
self.cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
elif self.mode == "MIPS":
self.cs = capstone.Cs(capstone.CS_ARCH_MIPS, capstone.CS_MODE_32 +
capstone.CS_MODE_BIG_ENDIAN)
else:
raise NotImplementedError(
"No disassembler available for this arch.")# powerpc (uncomment when unicorn supports ppc)
# elif is_ppc(m):
# if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_PPC, keystone.KS_MODE_PPC32, keystone.KS_MODE_BIG_ENDIAN
# elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_PPC, 0, capstone.CS_MODE_BIG_ENDIAN
# else: arch, mode, endian = unicorn.UC_ARCH_PPC, unicorn.UC_MODE_PPC32, unicorn.UC_MODE_BIG_ENDIAN
# mips/mips64
elif is_mips(a):
if a.endianness==Endianness.LITTLE:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS32, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS32, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS32, unicorn.UC_MODE_LITTLE_ENDIAN
else:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS32, keystone.KS_MODE_BIG_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS32, capstone.CS_MODE_BIG_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS32, unicorn.UC_MODE_BIG_ENDIAN
elif is_mips64(a):
if a.endianness==Endianness.LITTLE:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS64, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS64, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS64, unicorn.UC_MODE_LITTLE_ENDIAN
else:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS64, keystone.KS_MODE_BIG_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS64, capstone.CS_MODE_BIG_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS64, unicorn.UC_MODE_BIG_ENDIAN
# sparc/sparc64
elif is_sparc(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_SPARC, keystone.KS_MODE_SPARC32, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_SPARC, 0, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_SPARC, unicorn.UC_MODE_SPARC32, unicorn.UC_MODE_LITTLE_ENDIAN}
arch_to_UC_consts = {
'i386': parse_consts(U.x86_const),
'x86-64': parse_consts(U.x86_const),
'mips': parse_consts(U.mips_const),
'sparc': parse_consts(U.sparc_const),
'arm': parse_consts(U.arm_const),
'aarch64': parse_consts(U.arm64_const),
}
# Map our internal architecture names onto Unicorn Engine's architecture types.
arch_to_CS = {
'i386': C.CS_ARCH_X86,
'x86-64': C.CS_ARCH_X86,
'mips': C.CS_ARCH_MIPS,
'sparc': C.CS_ARCH_SPARC,
'arm': C.CS_ARCH_ARM,
'aarch64': C.CS_ARCH_ARM64,
# 'powerpc': C.CS_ARCH_PPC,
}
DEBUG = False
def debug(*a,**kw):
if DEBUG: print(*a, **kw)
# Until Unicorn Engine provides full information about the specific instruction
# being executed for all architectures, we must rely on Capstone to provide
# that information.(capstone.CS_ARCH_ARM,
capstone.CS_MODE_ARM|capstone.CS_MODE_BIG_ENDIAN)),
(ARM_32, LITTLE_ENDIAN): ((keystone.KS_ARCH_ARM,
keystone.KS_MODE_ARM|keystone.KS_MODE_LITTLE_ENDIAN),
(capstone.CS_ARCH_ARM,
capstone.CS_MODE_ARM|capstone.CS_MODE_LITTLE_ENDIAN)),
(ARM_64, LITTLE_ENDIAN): ((keystone.KS_ARCH_ARM64,
keystone.KS_MODE_LITTLE_ENDIAN),
(capstone.CS_ARCH_ARM64, capstone.CS_MODE_LITTLE_ENDIAN)),
(MIPS_32, BIG_ENDIAN): ((keystone.KS_ARCH_MIPS,
keystone.KS_MODE_32|keystone.KS_MODE_BIG_ENDIAN|keystone.KS_MODE_MIPS32),
(capstone.CS_ARCH_MIPS,
capstone.CS_MODE_32|capstone.CS_MODE_BIG_ENDIAN)),
(MIPS_32, LITTLE_ENDIAN): ((keystone.KS_ARCH_MIPS,
keystone.KS_MODE_32|keystone.KS_MODE_LITTLE_ENDIAN|keystone.KS_MODE_MIPS32),
(capstone.CS_ARCH_MIPS,
capstone.CS_MODE_32|capstone.CS_MODE_LITTLE_ENDIAN))
}
new_settings = arches_and_modes.get((arch_mode, endianess), None)
if not new_settings:
# leave the settings as is
return
self.arch_mode = arch_mode
self.endianess = endianess
self.asm_arch = new_settings[0][0]
self.asm_mode = new_settings[0][1]
self.disasm_arch = new_settings[1][0]
self.disasm_mode = new_settings[1][1]
self.assembler = keystone.Ks(self.asm_arch, self.asm_mode)
self.disassembler = capstone.Cs(self.disasm_arch, self.disasm_mode)self.bits = 32
self.vex_arch = "VexArchMIPS32"
self.vex_endness = "VexEndnessLE" if endness == "Iend_LE" else "VexEndnessBE"
self.name = "MIPS32"
self.qemu_name = 'mips'
self.ida_processor = 'mipsb'
self.max_inst_bytes = 4
self.ip_offset = 128
self.sp_offset = 116
self.bp_offset = 120
self.ret_offset = 8
self.call_pushes_ret = False
self.stack_change = -4
self.memory_endness = endness
self.register_endness = endness
self.cs_arch = _capstone.CS_ARCH_MIPS
self.cs_mode = _capstone.CS_MODE_32 + (_capstone.CS_MODE_LITTLE_ENDIAN if endness == 'Iend_LE' else _capstone.CS_MODE_BIG_ENDIAN)
if endness == "Iend_LE":
self.function_prologs = {
r"[\x00-\xff]\xff\xbd\x27", # addiu $sp, xxx
r"[\x00-\xff][\x00-\xff]\x1c\x3c[\x00-\xff][\x00-\xff]\x9c\x27", # lui $gp, xxx; addiu $gp, $gp, xxxx
}
else:
self.function_prologs = {
r"\x27\xbd\xff[\x00-\xff]", # addiu $sp, xxx
r"\x3c\x1c[\x00-\xff][\x00-\xff]\x9c\x27[\x00-\xff][\x00-\xff]", # lui $gp, xxx; addiu $gp, $gp, xxxx
}
self.ret_instruction = "\x08\x00\xE0\x03" + "\x25\x08\x20\x00"
self.nop_instruction = "\x00\x00\x00\x00"
self.instruction_alignment = 4
self.persistent_regs = ['gp', 'ra', 't9']# else: arch, mode, endian = unicorn.UC_ARCH_PPC, unicorn.UC_MODE_PPC32, unicorn.UC_MODE_BIG_ENDIAN
# mips/mips64
elif is_mips(a):
if a.endianness==Endianness.LITTLE:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS32, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS32, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS32, unicorn.UC_MODE_LITTLE_ENDIAN
else:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS32, keystone.KS_MODE_BIG_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS32, capstone.CS_MODE_BIG_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS32, unicorn.UC_MODE_BIG_ENDIAN
elif is_mips64(a):
if a.endianness==Endianness.LITTLE:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS64, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS64, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS64, unicorn.UC_MODE_LITTLE_ENDIAN
else:
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_MIPS, keystone.KS_MODE_MIPS64, keystone.KS_MODE_BIG_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS64, capstone.CS_MODE_BIG_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_MIPS, unicorn.UC_MODE_MIPS64, unicorn.UC_MODE_BIG_ENDIAN
# sparc/sparc64
elif is_sparc(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_SPARC, keystone.KS_MODE_SPARC32, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_SPARC, 0, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_SPARC, unicorn.UC_MODE_SPARC32, unicorn.UC_MODE_LITTLE_ENDIAN
elif is_sparc(a):
if lib=="keystone": arch, mode, endian = keystone.KS_ARCH_SPARC, keystone.KS_MODE_SPARC64, keystone.KS_MODE_LITTLE_ENDIAN
elif lib=="capstone": arch, mode, endian = capstone.CS_ARCH_SPARC, 0, capstone.CS_MODE_LITTLE_ENDIAN
else: arch, mode, endian = unicorn.UC_ARCH_SPARC, unicorn.UC_MODE_SPARC64, unicorn.UC_MODE_LITTLE_ENDIAN
Popular capstone functions
- capstone.bindings.python.capstone.__init__.CsError
- capstone.capdb.models.CaseMetadata
- capstone.capdb.models.Citation
- capstone.Cs
- capstone.CS_ARCH_ARM
- capstone.CS_ARCH_ARM64
- capstone.CS_ARCH_MIPS
- capstone.CS_ARCH_X86
- capstone.CS_MODE_32
- capstone.CS_MODE_64
- capstone.CS_MODE_ARM
- capstone.CS_MODE_BIG_ENDIAN
- capstone.CS_MODE_LITTLE_ENDIAN
- capstone.CS_MODE_THUMB
- capstone.suite.test_group_name.GroupTest
- capstone.x86
- capstone.x86.X86_OP_IMM
- capstone.x86.X86_OP_MEM
- capstone.x86.X86_OP_REG
- capstone.x86_const