How to use the capstone.CS_ARCH_ARM function in capstone
To help you get started, we’ve selected a few capstone examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
ReFirmLabs / binwalk / src / binwalk / modules / disasm.py View on Github 
Architecture(type=capstone.CS_ARCH_PPC,
mode=capstone.CS_MODE_BIG_ENDIAN,
endianness=capstone.CS_MODE_BIG_ENDIAN,
description="PPC executable code, 32/64-bit, big endian"),
Architecture(type=capstone.CS_ARCH_MIPS,
mode=capstone.CS_MODE_64,
endianness=capstone.CS_MODE_BIG_ENDIAN,
description="MIPS executable code, 32/64-bit, big endian"),
Architecture(type=capstone.CS_ARCH_MIPS,
mode=capstone.CS_MODE_64,
endianness=capstone.CS_MODE_LITTLE_ENDIAN,
description="MIPS executable code, 32/64-bit, little endian"),
Architecture(type=capstone.CS_ARCH_ARM,
mode=capstone.CS_MODE_THUMB,
endianness=capstone.CS_MODE_LITTLE_ENDIAN,
description="ARM executable code, 16-bit (Thumb), little endian"),
Architecture(type=capstone.CS_ARCH_ARM,
mode=capstone.CS_MODE_THUMB,
endianness=capstone.CS_MODE_BIG_ENDIAN,
description="ARM executable code, 16-bit (Thumb), big endian"),
]
def init(self):
self.disassemblers = []
if not self.min_insn_count:
self.min_insn_count = self.DEFAULT_MIN_INSN_COUNT
self.disasm_data_size = self.min_insn_count * 10capstone.arm.ARM_REG_R7: r('r7', 32),
capstone.arm.ARM_REG_R8: r('r8', 32),
capstone.arm.ARM_REG_R9: r('r9', 32),
capstone.arm.ARM_REG_R10: r('r10', 32),
capstone.arm.ARM_REG_R11: r('r11', 32),
capstone.arm.ARM_REG_R13: r('sp', 32),
capstone.arm.ARM_REG_R14: r('lr', 32),
capstone.arm.ARM_REG_R15: r('pc', 32),
}
self.word_size = 32
self.thumb = True
self.stack_ptr = self.registers[capstone.arm.ARM_REG_R13]
self.link_reg = self.registers[capstone.arm.ARM_REG_R14]
self.program_ctr = self.registers[capstone.arm.ARM_REG_R15]
self.disassembler = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB)
self.disassembler.detail = Truedef __init__(self):
super(Arm, self).__init__()
self.unicorn_arch = unicorn.UC_ARCH_ARM
self.unicorn_mode = unicorn.UC_MODE_ARM
self.capstone_arch = capstone.CS_ARCH_ARM
self.capstone_mode = capstone.CS_MODE_ARMif not HAVE_CAPSTONE:
raise NotImplementedError('pwnypack requires capstone to disassemble to AT&T and Intel syntax')
if target is None:
target = pwnypack.target.target
if target.arch == pwnypack.target.Target.Arch.x86:
if target.bits is pwnypack.target.Target.Bits.bits_32:
md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
else:
md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
elif target.arch == pwnypack.target.Target.Arch.arm:
mode = 0
if target.bits is pwnypack.target.Target.Bits.bits_32:
arch = capstone.CS_ARCH_ARM
if target.mode and pwnypack.target.Target.Mode.arm_thumb:
mode = capstone.CS_MODE_THUMB
else:
mode = capstone.CS_MODE_ARM
if target.mode and pwnypack.target.Target.Mode.arm_m_class:
mode |= capstone.CS_MODE_MCLASS
if target.mode and pwnypack.target.Target.Mode.arm_v8:
mode |= capstone.CS_MODE_V8
else:
arch = capstone.CS_ARCH_ARM64
if target.endian is pwnypack.target.Target.Endian.little:
mode |= capstone.CS_MODE_LITTLE_ENDIAN
else:def _disassemble(self, ea):
import capstone
size = self.ItemSize(ea)
inst_buf = self.GetManyBytes(ea, size)
segment = self._get_segment(ea)
bitness = 16 << segment.bitness# 16, 32, 64
procname = self.api.idaapi.get_inf_structure().procName.lower()
dis = None
if procname == "arm" and bitness == 64:
dis = self._load_dis(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM)
elif procname == "arm" and bitness == 32:
if size == 2:
dis = self._load_dis(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB)
else:
dis = self._load_dis(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
elif procname in ['metapc', '8086', '80286r', '80286p', '80386r', '80386p','80486r', '80486p', '80586r', '80586p', '80686p', 'k62', 'p2', 'p3', 'athlon', 'p4', '8085']:
if bitness == 16:
dis = self._load_dis(capstone.CS_ARCH_X86, capstone.CS_MODE_16)
elif bitness == 32:
dis = self._load_dis(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
elif bitness == 64:
dis = self._load_dis(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
elif procname == "mipsb":
if bitness == 32:
dis = self._load_dis(capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS32 | capstone.CS_MODE_BIG_ENDIAN)
elif bitness == 64:
dis = self._load_dis(capstone.CS_ARCH_MIPS, capstone.CS_MODE_MIPS64 | capstone.CS_MODE_BIG_ENDIAN)
elif procname == "mipsl":
if bitness == 32:# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
import capstone
import _any_capstone
arch_id = "arm_32_thumb"
dis = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB)
def PROCESSOR_ENTRY():
return _any_capstone.Processor("arm_32", dis)import capstone
import capstone.x86
import ply.lex as lex
MNEMONIC_COLUMN = 30
MNEMONIC_WIDTH = 15
Disasm_x86_16bit = (capstone.CS_ARCH_X86, capstone.CS_MODE_16)
Disasm_x86_32bit = (capstone.CS_ARCH_X86, capstone.CS_MODE_32)
Disasm_x86_64bit = (capstone.CS_ARCH_X86, capstone.CS_MODE_64)
#Disasm_ARM = (capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
Disasm_ARM = (capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB)
Disasm_ARM_Thumb = (capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB)
Disasm_ARM64 = (capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM)
class ASMLexer(object):
def __init__(self):
pass
def set(self, name, value):
setattr(self, name, value)
# Build the lexer
def build(self,**kwargs):
self._lexer = lex.lex(module=self, **kwargs)
def lexer(self):self.bits = 32
self.vex_arch = "VexArchARM"
self.vex_endness = "VexEndnessLE" if endness == "Iend_LE" else "VexEndnessBE"
self.name = "ARM"
self.qemu_name = 'arm'
self.ida_processor = 'armb'
self.max_inst_bytes = 4
self.ip_offset = 68
self.sp_offset = 60
self.bp_offset = 60
self.ret_offset = 8
self.call_pushes_ret = False
self.stack_change = -4
self.memory_endness = endness
self.register_endness = endness
self.cs_arch = _capstone.CS_ARCH_ARM
self.cs_mode = _capstone.CS_MODE_LITTLE_ENDIAN if endness == 'Iend_LE' else _capstone.CS_MODE_BIG_ENDIAN
#self.ret_instruction = "\x0E\xF0\xA0\xE1" # this is mov pc, lr
self.ret_instruction = "\x1E\xFF\x2F\xE1" # this is bx lr
self.nop_instruction = "\x00\x00\x00\x00"
if endness == "Iend_LE":
self.function_prologs = {
r"[\x00-\xff][\x00-\xff]\x2d\xe9", # stmfd sp!, {xxxxx}
}
else:
self.function_prologs = {
r"\xe9\x2d[\x00-\xff][\x00-\xff]", # stmfd sp!, {xxxxx}
}
self.instruction_alignment = 4
self.concretize_unique_registers.add(64)
self.default_register_values = [
( 'sp', self.initial_sp, True, 'global' ), # the stack
Popular capstone functions
- capstone.bindings.python.capstone.__init__.CsError
- capstone.capdb.models.CaseMetadata
- capstone.capdb.models.Citation
- capstone.Cs
- capstone.CS_ARCH_ARM
- capstone.CS_ARCH_ARM64
- capstone.CS_ARCH_MIPS
- capstone.CS_ARCH_X86
- capstone.CS_MODE_32
- capstone.CS_MODE_64
- capstone.CS_MODE_ARM
- capstone.CS_MODE_BIG_ENDIAN
- capstone.CS_MODE_LITTLE_ENDIAN
- capstone.CS_MODE_THUMB
- capstone.suite.test_group_name.GroupTest
- capstone.x86
- capstone.x86.X86_OP_IMM
- capstone.x86.X86_OP_MEM
- capstone.x86.X86_OP_REG
- capstone.x86_const