Created
October 1, 2017 08:29
-
-
Save OwenChia/e0eb9e86eb536e800b6d50dc514e672b to your computer and use it in GitHub Desktop.
disasm x86 machine code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| from capstone import ( | |
| Cs, | |
| CS_ARCH_X86, | |
| CS_MODE_32, | |
| CS_OPT_SYNTAX_ATT, | |
| ) | |
| OFFSET = 0x08048060 | |
| md = Cs(CS_ARCH_X86, CS_MODE_32) | |
| md.syntax = CS_OPT_SYNTAX_ATT | |
| def disasm(code: bytes): | |
| for address, size, mnemonic, op_str in md.disasm_lite(code, offset=OFFSET): | |
| print("0x{0:x}\t{1:d}\t{2:s}\t{3:s}".format(address, size, | |
| mnemonic, op_str)) | |
| def type_hex(num): | |
| if num is not None: | |
| return int(num, base=16) | |
| def parse_args(): | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument("file", nargs='?', default="code", | |
| type=argparse.FileType("rb")) | |
| parser.add_argument("--seek", default=None, type=type_hex) | |
| parser.add_argument("--size", default=None, type=type_hex) | |
| args = parser.parse_args() | |
| if args.seek is not None and args.size is None: | |
| parser.error("--seek requires --size.") | |
| return args | |
| def main(): | |
| args = parse_args() | |
| with args.file as fd: | |
| if args.seek is not None: | |
| fd.seek(args.seek) | |
| code = fd.read(args.size) | |
| else: | |
| code = fd.read() | |
| disasm(code) | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment