1. Advisor
  2. capstone
  3. functions
  4. capstone.x86
View all capstone analysis

How to use the capstone.x86 function in capstone

To help you get started, we’ve selected a few capstone examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github c01db33f / reil / x86 / operand.py View on Github external
ctx.emit(  lshr_ (word_reg, imm(8, 8), byte_reg))

        return byte_reg

    # 16-byte low parts
    low_words = {
        capstone.x86.X86_REG_AX:ctx.accumulator,
        capstone.x86.X86_REG_BX:ctx.base,
        capstone.x86.X86_REG_CX:ctx.counter,
        capstone.x86.X86_REG_DX:ctx.data,
        capstone.x86.X86_REG_SI:ctx.source,
        capstone.x86.X86_REG_DI:ctx.destination,
        capstone.x86.X86_REG_BP:ctx.frame_ptr,
        capstone.x86.X86_REG_SP:ctx.stack_ptr,
        capstone.x86.X86_REG_R8W:r('r8', 64),
        capstone.x86.X86_REG_R9W:r('r9', 64),
        capstone.x86.X86_REG_R10W:r('r10', 64),
        capstone.x86.X86_REG_R11W:r('r11', 64),
        capstone.x86.X86_REG_R12W:r('r12', 64),
        capstone.x86.X86_REG_R13W:r('r13', 64),
        capstone.x86.X86_REG_R14W:r('r14', 64),
        capstone.x86.X86_REG_R15W:r('r15', 64),
    }

    if reg in low_words:
        word_reg = ctx.tmp(16)

        ctx.emit(  str_  (low_words[reg], word_reg))

        return word_reg

    # 32-byte low parts
github c01db33f / reil / x86 / operand.py View on Github external
capstone.x86.X86_REG_R15W:r('r15', 64),
    }

    if reg in low_words:
        word_reg = ctx.tmp(16)

        ctx.emit(  str_  (low_words[reg], word_reg))

        return word_reg

    # 32-byte low parts
    low_dwords = {
        capstone.x86.X86_REG_EAX:ctx.accumulator,
        capstone.x86.X86_REG_EBX:ctx.base,
        capstone.x86.X86_REG_ECX:ctx.counter,
        capstone.x86.X86_REG_EDX:ctx.data,
        capstone.x86.X86_REG_ESI:ctx.source,
        capstone.x86.X86_REG_EDI:ctx.destination,
        capstone.x86.X86_REG_EBP:ctx.frame_ptr,
        capstone.x86.X86_REG_ESP:ctx.stack_ptr,
        capstone.x86.X86_REG_R8D:r('r8', 64),
        capstone.x86.X86_REG_R9D:r('r9', 64),
        capstone.x86.X86_REG_R10D:r('r10', 64),
        capstone.x86.X86_REG_R11D:r('r11', 64),
        capstone.x86.X86_REG_R12D:r('r12', 64),
        capstone.x86.X86_REG_R13D:r('r13', 64),
        capstone.x86.X86_REG_R14D:r('r14', 64),
        capstone.x86.X86_REG_R15D:r('r15', 64),
    }

    if reg in low_dwords:
        dword_reg = ctx.tmp(32)
github c01db33f / reil / x86 / operand.py View on Github external
capstone.x86.X86_REG_R14B:r('r14', 64),
        capstone.x86.X86_REG_R15B:r('r15', 64),
    }

    if reg in low_bytes:
        byte_reg = ctx.tmp(8)

        ctx.emit(  str_  (low_bytes[reg], byte_reg))

        return byte_reg

    # 8-bit high parts
    high_bytes = {
        capstone.x86.X86_REG_AH:ctx.accumulator,
        capstone.x86.X86_REG_BH:ctx.base,
        capstone.x86.X86_REG_CH:ctx.counter,
        capstone.x86.X86_REG_DH:ctx.data
    }

    if reg in high_bytes:

        full_reg = high_bytes[reg]
        word_reg = ctx.tmp(16)
        byte_reg = ctx.tmp(8)

        ctx.emit(  str_  (full_reg, word_reg))
        ctx.emit(  lshr_ (word_reg, imm(8, 8), byte_reg))

        return byte_reg

    # 16-byte low parts
    low_words = {
github ampotos / dynStruct / _dynStruct / access.py View on Github external
import binascii
import _dynStruct
import capstone

unsigned_int_instr = [capstone.x86.X86_INS_ADCX, capstone.x86.X86_INS_ADOX,
                      capstone.x86.X86_INS_DIV, capstone.x86.X86_INS_MUL,
                      capstone.x86.X86_INS_MULX]

xmm_regs = [xmm for xmm in range(capstone.x86.X86_REG_XMM0 - 1, capstone.x86.X86_REG_XMM31)]

class Access:

    def __init__(self, access, orig, addr_start, block, t):
        self.block = block
        self.offset = access
        self.addr = addr_start + self.offset
        self.size = orig["size_access"]
        self.t = t

        if len(orig["opcode"]) % 2:
            orig["opcode"] = "0" + orig["opcode"]
github angr / angr / angr / analyses / disassembly_utils.py View on Github external
import capstone as cs
import logging

from ..misc.ux import once

l = logging.getLogger(name=__name__)


INS_GROUP_INFO = {
    'X86': {
        cs.x86.X86_GRP_CALL: 'call',
        cs.x86.X86_GRP_JUMP: 'branch',
        cs.x86.X86_GRP_RET: 'return',
    },
    'AMD64': {
        cs.x86.X86_GRP_CALL: 'call',
        cs.x86.X86_GRP_JUMP: 'branch',
        cs.x86.X86_GRP_RET: 'return',
    },
}

try:
    INS_GROUP_INFO['MIPS32'] = {
        cs.mips.MIPS_GRP_CALL: 'call',
        cs.mips.MIPS_GRP_JUMP: 'branch',
        cs.mips.MIPS_GRP_RET: 'return',
    }
except AttributeError:
github angr / angr / angr / analyses / reassembler.py View on Github external
def fill_reg_map():
    # TODO: Support more architectures
    for attr in dir(capstone.x86):
        if attr.startswith('X86_REG_'):
            reg_name = attr[8:]
            reg_offset = getattr(capstone.x86, attr)
            CAPSTONE_REG_MAP['X86'][reg_offset] = reg_name.lower()

    for attr in dir(capstone.x86):
        if attr.startswith('X86_REG_'):
            reg_name = attr[8:]
            reg_offset = getattr(capstone.x86, attr)
            CAPSTONE_REG_MAP['AMD64'][reg_offset] = reg_name.lower()
github EiNSTeiN- / decompiler / src / host / capstone / dis / intel.py View on Github external
def get_operand_expression(self, ea, n):
    """ return an expression representing the 'n'-th operand of the instruction at 'ea'. """

    insn = self.instructions[ea]
    op = insn.operands[n]

    if op.type == capstone.x86.X86_OP_REG:
      expr = regloc_t(self.__reg_index(op.reg), op.size*8, name=insn.reg_name(op.reg))
    elif op.type == capstone.x86.X86_OP_MEM:

      base, index, scale, disp = (None,)*4

      if op.mem.base:
        base = regloc_t(self.__reg_index(op.mem.base), op.size*8, name=insn.reg_name(op.mem.base))

      if op.mem.index:
        index = regloc_t(self.__reg_index(op.mem.index), op.size*8, name=insn.reg_name(op.mem.index))

      if op.mem.scale > 1:
        scale = value_t(op.mem.scale, op.size*8)

      if op.mem.disp:
        disp = value_t(op.mem.disp, op.size*8)
github c01db33f / reil / x86 / translator.py View on Github external
def ends_basic_block(i):
    other_flow_control = {
        capstone.x86.X86_INS_CALL,
        capstone.x86.X86_INS_RET
    }
    if capstone.x86.X86_GRP_JUMP in i.groups:
        return True
    elif i.id in other_flow_control:
        return True
    return False
github c01db33f / reil / x86 / operand.py View on Github external
'r11d':capstone.x86.X86_REG_R11D,
        'r12d':capstone.x86.X86_REG_R12D,
        'r13d':capstone.x86.X86_REG_R13D,
        'r14d':capstone.x86.X86_REG_R14D,
        'r15d':capstone.x86.X86_REG_R15D,

        'rax':capstone.x86.X86_REG_AX,
        'rbx':capstone.x86.X86_REG_BX,
        'rcx':capstone.x86.X86_REG_CX,
        'rdx':capstone.x86.X86_REG_DX,
        'rsi':capstone.x86.X86_REG_SI,
        'rdi':capstone.x86.X86_REG_DI,
        'rbp':capstone.x86.X86_REG_BP,
        'rsp':capstone.x86.X86_REG_SP,
        'r8':capstone.x86.X86_REG_R8,
        'r9':capstone.x86.X86_REG_R9,
        'r10':capstone.x86.X86_REG_R10,
        'r11':capstone.x86.X86_REG_R11,
        'r12':capstone.x86.X86_REG_R12,
        'r13':capstone.x86.X86_REG_R13,
        'r14':capstone.x86.X86_REG_R14,
        'r15':capstone.x86.X86_REG_R15,
        'rip':capstone.x86.X86_REG_RIP
    }

    if name not in register_lookup:
        raise TranslationError('Invalid Register {}'.format(name))

    return register_lookup[name]

capstone

Capstone disassembly engine

GitHub
BSD-2-Clause
Latest version published 3 months ago

Package Health Score

76 / 100
Full package analysis

Popular capstone functions

Similar packages