1. Advisor
  2. capstone
  3. functions
  4. capstone.CS_MODE_ARM
View all capstone analysis

How to use the capstone.CS_MODE_ARM function in capstone

To help you get started, we’ve selected a few capstone examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github volatilityfoundation / volatility3 / volatility / cli / volshell / generic.py View on Github external
def disassemble(self, offset, count = 128, layer_name = None, architecture = None):
        """Disassembles a number of instructions from the code at offset"""
        remaining_data = self._read_data(offset, count = count, layer_name = layer_name)
        if not has_capstone:
            print("Capstone not available - please install it to use the disassemble command")
        else:
            if isinstance(self.context.layers[layer_name or self.current_layer], intel.Intel32e):
                architecture = 'intel64'
            elif isinstance(self.context.layers[layer_name or self.current_layer], intel.Intel):
                architecture = 'intel'
            disasm_types = {
                'intel': capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32),
                'intel64': capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64),
                'arm': capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM),
                'arm64': capstone.Cs(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM)
            }
            if architecture is not None:
                for i in disasm_types[architecture].disasm(remaining_data, offset):
                    print("0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str))
github pfalcon / ScratchABit / plugins / cpu / arm_32_arm_capstone.py View on Github external
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see .
import capstone
import _any_capstone


dis = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)

def PROCESSOR_ENTRY():
    return _any_capstone.Processor("arm_32", dis)
github google / rekall / rekall-core / rekall / plugins / tools / disassembler.py View on Github external
def __init__(self, mode, **kwargs):
        super(Capstone, self).__init__(mode, **kwargs)

        if self.mode == "I386":
            self.cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
        elif self.mode == "AMD64":
            self.cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
        elif self.mode == "MIPS":
            self.cs = capstone.Cs(capstone.CS_ARCH_MIPS, capstone.CS_MODE_32 +
                                  capstone.CS_MODE_BIG_ENDIAN)
        # This is not really supported yet.
        elif self.mode == "ARM":
            self.cs = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
        else:
            raise NotImplementedError(
                "No disassembler available for this arch.")

        self.cs.detail = True
        self.cs.skipdata_setup = ("db", None, None)
        self.cs.skipdata = True
github pmarkowsky / dash / app / assembler.py View on Github external
(ARM_16, BIG_ENDIAN): ((keystone.KS_ARCH_ARM, 
                                                    keystone.KS_MODE_THUMB|keystone.KS_MODE_BIG_ENDIAN),
                                                   (capstone.CS_ARCH_ARM,
                                                    capstone.CS_MODE_THUMB|capstone.CS_MODE_BIG_ENDIAN)),
                            (ARM_16, LITTLE_ENDIAN): ((keystone.KS_ARCH_ARM, 
                                                       keystone.KS_MODE_THUMB|keystone.KS_MODE_LITTLE_ENDIAN),
                                                      (capstone.CS_ARCH_ARM,
                                                       capstone.CS_MODE_THUMB|capstone.CS_MODE_LITTLE_ENDIAN)),
                            (ARM_32, BIG_ENDIAN): ((keystone.KS_ARCH_ARM,
                                                   keystone.KS_MODE_ARM|keystone.KS_MODE_BIG_ENDIAN),
                                                  (capstone.CS_ARCH_ARM,
                                                   capstone.CS_MODE_ARM|capstone.CS_MODE_BIG_ENDIAN)),
                            (ARM_32, LITTLE_ENDIAN): ((keystone.KS_ARCH_ARM, 
                                                       keystone.KS_MODE_ARM|keystone.KS_MODE_LITTLE_ENDIAN),
                                                      (capstone.CS_ARCH_ARM,
                                                       capstone.CS_MODE_ARM|capstone.CS_MODE_LITTLE_ENDIAN)),
                            (ARM_64, LITTLE_ENDIAN): ((keystone.KS_ARCH_ARM64, 
                                                       keystone.KS_MODE_LITTLE_ENDIAN),
                                                      (capstone.CS_ARCH_ARM64, capstone.CS_MODE_LITTLE_ENDIAN)),
                            (MIPS_32, BIG_ENDIAN): ((keystone.KS_ARCH_MIPS, 
                                                     keystone.KS_MODE_32|keystone.KS_MODE_BIG_ENDIAN|keystone.KS_MODE_MIPS32),
                                                    (capstone.CS_ARCH_MIPS,
                                                     capstone.CS_MODE_32|capstone.CS_MODE_BIG_ENDIAN)),
                            (MIPS_32, LITTLE_ENDIAN): ((keystone.KS_ARCH_MIPS, 
                                                        keystone.KS_MODE_32|keystone.KS_MODE_LITTLE_ENDIAN|keystone.KS_MODE_MIPS32),
                                                       (capstone.CS_ARCH_MIPS,
                                                        capstone.CS_MODE_32|capstone.CS_MODE_LITTLE_ENDIAN))
                            }
        new_settings = arches_and_modes.get((arch_mode, endianess), None)

        if not new_settings:
            # leave the settings as is
github iGio90 / frick / main.py View on Github external
def __init__(self):
        super(Arm64, self).__init__()
        self.unicorn_arch = unicorn.UC_ARCH_ARM64
        self.unicorn_mode = unicorn.UC_MODE_ARM
        self.capstone_arch = capstone.CS_ARCH_ARM64
        self.capstone_mode = capstone.CS_MODE_ARM
github hugsy / cemu / cemu / utils.py View on Github external
else:                    arch, mode, endian = unicorn.UC_ARCH_X86, unicorn.UC_MODE_16, unicorn.UC_MODE_LITTLE_ENDIAN

    elif is_x86_32(a):
        if lib=="keystone":     arch, mode, endian = keystone.KS_ARCH_X86, keystone.KS_MODE_32, keystone.KS_MODE_LITTLE_ENDIAN
        elif lib=="capstone":   arch, mode, endian = capstone.CS_ARCH_X86, capstone.CS_MODE_32, capstone.CS_MODE_LITTLE_ENDIAN
        else:                   arch, mode, endian = unicorn.UC_ARCH_X86, unicorn.UC_MODE_32, unicorn.UC_MODE_LITTLE_ENDIAN

    elif is_x86_64(a):
        if lib=="keystone":     arch, mode, endian = keystone.KS_ARCH_X86, keystone.KS_MODE_64, keystone.KS_MODE_LITTLE_ENDIAN
        elif lib=="capstone":   arch, mode, endian = capstone.CS_ARCH_X86, capstone.CS_MODE_64, capstone.CS_MODE_LITTLE_ENDIAN
        else:                   arch, mode, endian = unicorn.UC_ARCH_X86, unicorn.UC_MODE_64, unicorn.UC_MODE_LITTLE_ENDIAN

    # arm
    elif is_arm(a):
        if lib=="keystone":     arch, mode, endian = keystone.KS_ARCH_ARM, keystone.KS_MODE_ARM, keystone.KS_MODE_LITTLE_ENDIAN
        elif lib=="capstone":   arch, mode, endian = capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM, capstone.CS_MODE_LITTLE_ENDIAN
        else:                   arch, mode, endian = unicorn.UC_ARCH_ARM, unicorn.UC_MODE_ARM, unicorn.UC_MODE_LITTLE_ENDIAN
    elif is_arm_thumb(a):
        if lib=="keystone":     arch, mode, endian = keystone.KS_ARCH_ARM, keystone.KS_MODE_THUMB, keystone.KS_MODE_LITTLE_ENDIAN
        elif lib=="capstone":   arch, mode, endian = capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB, capstone.CS_MODE_LITTLE_ENDIAN
        else:                   arch, mode, endian = unicorn.UC_ARCH_ARM, unicorn.UC_MODE_THUMB, unicorn.UC_MODE_LITTLE_ENDIAN

    # aarch64
    elif is_aarch64(a):
        if lib=="keystone":     arch, mode, endian = keystone.KS_ARCH_ARM64, 0, keystone.KS_MODE_LITTLE_ENDIAN
        elif lib=="capstone":   arch, mode, endian = capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM, capstone.CS_MODE_LITTLE_ENDIAN
        else:                   arch, mode, endian = unicorn.UC_ARCH_ARM64, unicorn.UC_MODE_ARM, unicorn.UC_MODE_LITTLE_ENDIAN

    # powerpc (uncomment when unicorn supports ppc)
    # elif is_ppc(m):
    #     if lib=="keystone":     arch, mode, endian = keystone.KS_ARCH_PPC, keystone.KS_MODE_PPC32, keystone.KS_MODE_BIG_ENDIAN
    #     elif lib=="capstone":   arch, mode, endian = capstone.CS_ARCH_PPC, 0, capstone.CS_MODE_BIG_ENDIAN
github pfalcon / ScratchABit / plugins / cpu / arm_32_capstone.py View on Github external
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see .
import capstone
import _any_capstone


arch_id = "arm_32"

dis_arm = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
dis_thumb = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB)

def PROCESSOR_ENTRY():
    return _any_capstone.Processor("arm_32", dis_arm, dis_thumb)
github angr / angr / simuvex / s_arch.py View on Github external
    @property
    def capstone(self):
        if self._cs is None:
            self._cs = _capstone.Cs(self.cs_arch, self.cs_mode + _capstone.CS_MODE_ARM)
            self._cs.detail = True
        return self._cs
github Ledger-Donjon / rainbow / rainbow / generics / arm.py View on Github external
def __init__(self, trace=True, sca_mode=False, local_vars={}):
        super().__init__(trace, sca_mode)
        self.emu = uc.Uc(uc.UC_ARCH_ARM, uc.UC_MODE_ARM)
        self.disasm = cs.Cs(cs.CS_ARCH_ARM, cs.CS_MODE_ARM | cs.CS_MODE_THUMB)
        self.disasm.detail = True
        self.word_size = 4
        self.endianness = "little"
        self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
        self.page_shift = self.page_size.bit_length() - 1
        self.pc = uc.arm_const.UC_ARM_REG_PC

        known_regs = [i[len('UC_ARM_REG_'):] for i in dir(uc.arm_const) if '_REG' in i]
        self.reg_map = {r.lower(): getattr(uc.arm_const, 'UC_ARM_REG_'+r) for r in known_regs}

        self.stubbed_functions = local_vars
        self.setup(sca_mode)
    
        self.reset_stack()
github bx / bootloader_instrumentation_suite / fiddle / database.py View on Github external
    @property
    def mdarm(self):
        if self._mdarm is None:
            self._mdarm = capstone.Cs(capstone.CS_ARCH_ARM,
                                      capstone.CS_MODE_ARM + capstone.CS_MODE_V8)
            self._mdarm.detail = True
        return self._mdarm

capstone

Capstone disassembly engine

GitHub
BSD-2-Clause
Latest version published 3 months ago

Package Health Score

76 / 100
Full package analysis

Popular capstone functions

Similar packages