Skip to content

Instantly share code, notes, and snippets.

@dumpmycode

dumpmycode/disassembler.py

Created April 3, 2016 12:14
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dumpmycode/991c45456cbcaedf44c91c4cc0f822a8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dumpmycode/991c45456cbcaedf44c91c4cc0f822a8 to your computer and use it in GitHub Desktop.
Download ZIP
Shellcode disassembler
Raw
disassembler.py
#! /usr/bin/env python
# shellcode disassembler using capstone engine
# source = http://hacktracking.blogspot.com.au/2015/05/execute-shellcode-in-python.html
from sys import argv, exit
from capstone import *
if len(argv[:]) < 3:
print("\nUsage: {} [ARCH] [MODE] ['shellcode']\n".format(argv[0]))
exit(0)
CODE = argv[3].replace('\\x', '').decode('hex')
print('\n\n\n\n\n\n')
print('length = {}\n'.format(len(CODE)))
ARCH = {
'all' : CS_ARCH_ALL,
'arm' : CS_ARCH_ARM,
'arm64' : CS_ARCH_ARM64,
'mips' : CS_ARCH_MIPS,
'ppc' : CS_ARCH_PPC,
'x86' : CS_ARCH_X86,
'xcore' : CS_ARCH_XCORE
}
MODE = {
'16' : CS_MODE_16,
'32' : CS_MODE_32,
'64' : CS_MODE_64,
'arm' : CS_MODE_ARM,
'be' : CS_MODE_BIG_ENDIAN,
'le' : CS_MODE_LITTLE_ENDIAN,
'micro' : CS_MODE_MICRO,
'thumb' : CS_MODE_THUMB
}
md = Cs(ARCH[argv[1]], MODE[argv[2]])
for i in md.disasm(CODE, 0x1000):
print '0x{}: \t{} \t{}'.format(i.address, i.mnemonic, i.op_str)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment