Skip to content

Instantly share code, notes, and snippets.

View aquynh's full-sized avatar

Nguyen Anh Quynh aquynh

1.4k followers · 0 following
View GitHub Profile
@aquynh
aquynh / keystone-sample.c
Created March 17, 2016 16:11
// Sample code for Keystone Assembler Engine (www.keystone-enigne.org).
// By Nguyen Anh Quynh, 2016
#include <stdio.h>
#include <string.h>
#include <keystone/keystone.h>
static int test_ks(ks_arch arch, int mode, const char *assembly, int syntax)
{
ks_engine *ks;
@aquynh
aquynh / keystone-sample.py
Created March 17, 2016 06:01
#!/usr/bin/python
from keystone import *
def test_ks(arch, mode, code, syntax=0):
ks = Ks(arch, mode)
if syntax != 0:
ks.syntax = syntax
encoding, count = ks.asm(code)
@aquynh
aquynh / keystone.h
Last active May 17, 2016 01:17
/* Keystone Assembler Engine (www.keystone-engine.org) */
/* By Nguyen Anh Quynh <[email protected]>, 2016 */
#ifndef KEYSTONE_ENGINE_H
#define KEYSTONE_ENGINE_H
#ifdef __cplusplus
extern "C" {
#endif
@aquynh
aquynh / gist:28db2e8a7beb55a45847
Created January 25, 2016 06:46
```
<put all your code here>
```
@aquynh
aquynh / unicorn.py
Created October 25, 2015 16:58
unicorn.py
# Unicorn Python bindings, by Nguyen Anh Quynnh <[email protected]>
import sys
_python2 = sys.version_info[0] < 3
if _python2:
range = xrange
from . import arm_const, arm64_const, mips_const, sparc_const, m68k_const, x86_const
from unicorn_const import *
import ctypes, ctypes.util, sys
from platform import system
@aquynh
aquynh / gist:58f83e579f6d32695e58
Created August 27, 2015 04:32
cc -I../include -L.. -lunicorn ro_mem_test.c -o ro_mem_test
ro_mem_test.c:41:40: warning: passing 'char [16]' to parameter of type 'const uint8_t *' (aka 'const unsigned char *') converts between pointers to integer types with different
sign [-Wpointer-sign]
if (uc_mem_write(handle, 0x400000, PROGRAM, sizeof(PROGRAM))) {
^~~~~~~
ro_mem_test.c:7:17: note: expanded from macro 'PROGRAM'
#define PROGRAM "\xeb\x08\x58\xc7\x00\x78\x56\x34\x12\x90\xe8\xf3\xff\xff\xff"
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../include/unicorn/unicorn.h:306:66: note: passing argument to parameter 'bytes' here
uc_err uc_mem_write(uch handle, uint64_t address, const uint8_t *bytes, size_t size);
@aquynh
aquynh / .txt
Created August 24, 2015 08:55
suite/regress.py
X86-16bit intel: 0xe8 0x35 0x64 = call 0x604e
X86-32bit intel: 0x66 0xe8 0x35 0x64 = call 0x6054
X86-64bit intel: 0x66 0xe8 0x35 0x64 = call 0x6054
X86-16bit intel: 0xe9 0x35 0x64 = jmp 0x605e
X86-16bit intel: 0x66 0xe9 0x35 0x64 0x93 0x53 = jmp 0x53946431
@aquynh
aquynh / test_masm.py
Created August 12, 2015 07:31
This sample shows how to use MASM syntax for Capstone X86
#!/usr/bin/env python
# Demo for MASM syntax of Capstone Python bindings
# By Nguyen Anh Quynnh
from __future__ import print_function
from capstone import *
X86_CODE32 = b"\xba\xcd\xab\x00\x00\x8d\x4c\x32\x08\x81\xc6\x34\x12\x00\x00"
md = Cs(CS_ARCH_X86, CS_MODE_32)
@aquynh
aquynh / opaccess.py
Created August 8, 2015 13:56
# Test op_access feature of Capstone
from __future__ import print_function
from capstone import *
CODE = b"\x8d\x4c\x32\x08\x01\xd8"
md = Cs(CS_ARCH_X86, CS_MODE_32)
md.detail = True
for insn in md.disasm(CODE, 0x1000):
print("%s\t%s" % (insn.mnemonic, insn.op_str))
@aquynh
aquynh / mips_synci.diff
Last active August 29, 2015 14:09 — forked from pamaury/mips_synci.diff
diff --git a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
index 5d594f1..dd1a29b 100644
--- a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
+++ b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
@@ -247,6 +247,11 @@ static DecodeStatus DecodeCacheOp(MCInst &Inst,
uint64_t Address,
const void *Decoder);
+static DecodeStatus DecodeSyncI(MCInst &Inst,
+ unsigned Insn,