unicorn/regress/movsd.py
2015-08-28 20:03:36 -07:00

29 lines
760 B
Python

#!/usr/bin/python
# By Ryan Hileman, issue #3
from capstone import *
from unicorn import *
from unicorn.x86_const import *
code = 'f20f1005aa120000'.decode('hex')
def dis(mem, addr):
md = Cs(CS_ARCH_X86, CS_MODE_64)
return '\n'.join([
'%s %s' % (i.mnemonic, i.op_str)
for i in md.disasm(str(mem), addr)
])
def hook_code(uc, addr, size, user_data):
mem = uc.mem_read(addr, size)
print 'instruction size:', size
print 'instruction:', str(mem).encode('hex'), dis(mem, addr)
print 'reference: ', code.encode('hex'), dis(code, addr)
addr = 0x400000
mu = Uc(UC_ARCH_X86, UC_MODE_64)
mu.hook_add(UC_HOOK_CODE, hook_code)
mu.mem_map(addr, 8 * 1024 * 1024)
mu.mem_write(addr, code)
mu.emu_start(addr, addr + len(code))