September 4, 2014 00:57 · August 29, 2015 14:09 · June 4, 2018 06:18 · March 19, 2016 16:42 · June 1, 2016 08:31 · June 2, 2016 03:37
 --- ptrace/disasm.c     2014-04-10 10:30:33.000000000 +1200
 +++ ptrace/disasm2.c    2014-09-04 12:52:53.425315639 +1200
 @@ -4,28 +4,21 @@

 try:
     from ptrace.cpu_info import CPU_I386, CPU_X86_64
 -    try:
 -        from distorm3 import Decode
 -        if CPU_X86_64:
 -            from distorm3 import Decode64Bits as DecodeBits
 diff --git a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
 index 5d594f1..dd1a29b 100644
 --- a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
 +++ b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
 @@ -247,6 +247,11 @@ static DecodeStatus DecodeCacheOp(MCInst &Inst,
                               uint64_t Address,
                               const void *Decoder);
 
 +static DecodeStatus DecodeSyncI(MCInst &Inst,
 +                              unsigned Insn,
 import sys
 from capstone import *

 if len(sys.argv) < 2:
 	print 'Error: need file name argument'
 	exit()

 # Read binary input file into an array
 fileName = sys.argv[1]
 file = open(fileName, "rb")
 using Gee.External.Capstone;
 using Gee.External.Capstone.X86;
 using System;
 using System.Collections.Generic;
 using System.Linq;

 namespace InstructionsCheck
 {
 	/// <summary>This class implements a way to disassemble real-life modules with Capstone.</summary>
 	/// <remarks>Real-life x86 and amd64 code contains inline data.
 from keystone import *
 from capstone import *
 from unicorn import *
 from unicorn.x86_const import *

 from struct import *
 from termcolor import *

 import os
 import sys
 #!/usr/bin/python

 import sys
 from keystone import *
 from unicorn import *
 from unicorn.arm_const import *
 from capstone import *
 from capstone.arm import *
 from capstone.x86 import *
 # Slide : https://docs.google.com/presentation/d/1jLUDucNtvGotHw0LOvDonMYwCkXYcb-cnsOWLNt-Ag0
 import sys
 import pefile
 from capstone import *
 from capstone.x86 import *
 from keystone import *
 from datetime import datetime

 MAX_DISASM_COUNT = 1000 * 1000
 FILE_NAME = r"dump-g4pic.dll"
 #!/bin/env python2
 # -*- coding: utf-8 -*-
 # Solution to Book Cover Crackme from "Praktyczna inżynieria wstecznia
 # Edited by Gynvael Coldwind and Mateusz Jurczyk. (Applied Reverse Engineering)
 # PWN Bookstore: https://ksiegarnia.pwn.pl/Praktyczna-inzynieria-wsteczna,622427233,p.html
 #
 # Props to @radekk for his excellent writeup and for capturing the flag. Read his
 # writeup at https://vulnsec.com/2017/reverse-engineering-a-book-cover/
 #
 # This was a fun opportunity to learn how to use Unicorn Engine, Capstone Engine,
	--- ptrace/disasm.c 2014-04-10 10:30:33.000000000 +1200
	+++ ptrace/disasm2.c 2014-09-04 12:52:53.425315639 +1200
	@@ -4,28 +4,21 @@

	try:
	from ptrace.cpu_info import CPU_I386, CPU_X86_64
	- try:
	- from distorm3 import Decode
	- if CPU_X86_64:
	- from distorm3 import Decode64Bits as DecodeBits
	diff --git a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
	index 5d594f1..dd1a29b 100644
	--- a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
	+++ b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
	@@ -247,6 +247,11 @@ static DecodeStatus DecodeCacheOp(MCInst &Inst,
	uint64_t Address,
	const void *Decoder);

	+static DecodeStatus DecodeSyncI(MCInst &Inst,
	+ unsigned Insn,
	import sys
	from capstone import *

	if len(sys.argv) < 2:
	print 'Error: need file name argument'
	exit()

	# Read binary input file into an array
	fileName = sys.argv[1]
	file = open(fileName, "rb")
	using Gee.External.Capstone;
	using Gee.External.Capstone.X86;
	using System;
	using System.Collections.Generic;
	using System.Linq;

	namespace InstructionsCheck
	{
	/// <summary>This class implements a way to disassemble real-life modules with Capstone.</summary>
	/// <remarks>Real-life x86 and amd64 code contains inline data.
	from keystone import *
	from capstone import *
	from unicorn import *
	from unicorn.x86_const import *

	from struct import *
	from termcolor import *

	import os
	import sys
	#!/usr/bin/python

	import sys
	from keystone import *
	from unicorn import *
	from unicorn.arm_const import *
	from capstone import *
	from capstone.arm import *
	from capstone.x86 import *
	# Slide : https://docs.google.com/presentation/d/1jLUDucNtvGotHw0LOvDonMYwCkXYcb-cnsOWLNt-Ag0
	import sys
	import pefile
	from capstone import *
	from capstone.x86 import *
	from keystone import *
	from datetime import datetime

	MAX_DISASM_COUNT = 1000 * 1000
	FILE_NAME = r"dump-g4pic.dll"
	#!/bin/env python2
	# -- coding: utf-8 --
	# Solution to Book Cover Crackme from "Praktyczna inżynieria wstecznia
	# Edited by Gynvael Coldwind and Mateusz Jurczyk. (Applied Reverse Engineering)
	# PWN Bookstore: https://ksiegarnia.pwn.pl/Praktyczna-inzynieria-wsteczna,622427233,p.html
	#
	# Props to @radekk for his excellent writeup and for capturing the flag. Read his
	# writeup at https://vulnsec.com/2017/reverse-engineering-a-book-cover/
	#
	# This was a fun opportunity to learn how to use Unicorn Engine, Capstone Engine,