29 lines
760 B
Python
29 lines
760 B
Python
#!/usr/bin/python
|
|
# By Ryan Hileman, issue #3
|
|
|
|
from capstone import *
|
|
from unicorn import *
|
|
from unicorn.x86_const import *
|
|
|
|
code = 'f20f1005aa120000'.decode('hex')
|
|
|
|
def dis(mem, addr):
|
|
md = Cs(CS_ARCH_X86, CS_MODE_64)
|
|
return '\n'.join([
|
|
'%s %s' % (i.mnemonic, i.op_str)
|
|
for i in md.disasm(str(mem), addr)
|
|
])
|
|
|
|
def hook_code(uc, addr, size, user_data):
|
|
mem = uc.mem_read(addr, size)
|
|
print 'instruction size:', size
|
|
print 'instruction:', str(mem).encode('hex'), dis(mem, addr)
|
|
print 'reference: ', code.encode('hex'), dis(code, addr)
|
|
|
|
addr = 0x400000
|
|
mu = Uc(UC_ARCH_X86, UC_MODE_64)
|
|
mu.hook_add(UC_HOOK_CODE, hook_code)
|
|
mu.mem_map(addr, 8 * 1024 * 1024)
|
|
mu.mem_write(addr, code)
|
|
mu.emu_start(addr, addr + len(code))
|