Skip to content

Instantly share code, notes, and snippets.

@computerality

computerality/gist:8498267

Created January 18, 2014 23:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save computerality/8498267 to your computer and use it in GitHub Desktop.
Save computerality/8498267 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.py
#!/usr/bin/env python
# Writing your own disassembler? Ain't nobody got time for that!
# or just in case you don't have capstone
# by Jay Little
# Same license as lldb
import argparse
import re
import subprocess
import sys
parser = argparse.ArgumentParser(description="test your bytes for great good and profit", add_help=True)
# archs found in lldb/source/Core/ArchSpec.cpp
arch_str = "your architecture. have confirmed thumbv7s i386 and x86_64 do things. something else might but who knows: arm, armv4, armv4t, armv5, armv5e, armv5t, armv6, armv7, armv7f, armv7k, armv7s, xscale, thumb, thumbv4t, thumbv5, thumbv5e, thumbv6, thumbv7, thumbv7f, thumbv7k, thumbv7s, ppc, ppc601, ppc602, ppc603, ppc603e, ppc603ev, ppc604, ppc604e, ppc620, ppc750, ppc7400, ppc7450, ppc970, ppc64, ppc970-64, sparc, sparcv9, i386, i486, i486sx, x86_64. You can also use systemArch, systemArch32, systemArch64 if you don't know what you are currently running on and want some bytes"
parser.add_argument('-f', '--file', required=True, action='store', help='your file full of bytes', metavar='THEFILE')
parser.add_argument('-a', '--arch', required=True, action='store', help=arch_str, metavar='YOURARCH')
parser.add_argument('--loadaddr', required=False, action='store', help='where the bytes would be loaded')
parser.add_argument('--lldb', required=False, action='store', help='The path to LLDB.framework, if you are bro who loves frameworks')
parser.add_argument('--dump', required=False, action='store_true', default=False)
args = parser.parse_args(sys.argv[1:])
def AddLLDBToSysPathOnMacOSX():
def GetLLDBFrameworkPath():
lldb_path = subprocess.check_output(["xcrun", "-find", "lldb"])
re_result = re.match("(.*)/Developer/usr/bin/lldb", lldb_path)
if re_result == None:
return None
xcode_contents_path = re_result.group(1)
return xcode_contents_path + "/SharedFrameworks/LLDB.framework"
lldb_framework_path = GetLLDBFrameworkPath()
if lldb_framework_path == None:
print "Couldn't find LLDB.framework"
sys.exit(-1)
sys.path.append(lldb_framework_path + "/Resources/Python")
if args.lldb == None:
AddLLDBToSysPathOnMacOSX()
else:
sys.path.append(args.lldb + "/Resources/Python")
import lldb
debugger = lldb.SBDebugger.Create()
if debugger.IsValid() == False:
print "Couldn't create an SBDebugger"
sys.exit(-1)
target = debugger.CreateTargetWithFileAndArch(None, args.arch)
if target.IsValid() == False:
print "Couldn't create an SBTarget for architecture " + args.arch
sys.exit(-1)
#print dir(target)
if args.loadaddr == None:
ea = 0
else:
ea = int(args.loadaddr, 0)
fake_address = lldb.SBAddress()
#print dir(fake_address)
fake_address.SetLoadAddress(ea, target)
buf = open(args.file,'rb').read()
#buf = ("\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80" +
# "\x31\xc0\x31\xdb\x31\xc9\x51\xb1\x06\x51\xb1\x01\x51\xb1\x02" +
# "\x51\x89\xe1\xb3\x01\xb0\x66\xcd\x80\x89\xc2\x31\xc0\x31\xc9\x51\x51\x68")
#'f0b503af2de9000ddcb06c4624f00704a5460490052002f035ff0024'.decode('hex')
#buf = 'f0b503af2de9000ddcb06c4624f00704a5460490052002f035ff0024'.decode('hex')
inst_list = target.GetInstructions(fake_address, buf)
stream = lldb.SBStream()
frame = lldb.SBFrame()
frame.SetPC(fake_address.GetLoadAddress(target))
for i in inst_list:
print '{:<50} # {}'.format(i, i.GetData(target))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment