keystone-engine是一个将汇编指令转换为Hex机器码的工具
下载安装:http://www.keystone-engine.org/download/,下载得到一个压缩包,解压处理得到一个keystone-0.9.1文件夹,然后执行下面命令
$ sudo apt-get install cmake
$ cd keystone-0.9.1 #进入上面解压处理的文件夹
$ mkdir build
$ cd build
$ ../make-share.sh
$ sudo make install
$ sudo ldconfig
$ kstool x32 "add eax, ebx" #测试kstool工具
下面我们就可以使用kstool工具来将汇编指令转换为Hex机器码,kstool支持下面处理器架构,执行执行kstool命令就可以看到。
$ kstool
Kstool v0.9.1 for Keystone Assembler Engine (www.keystone-engine.org)
By Nguyen Anh Quynh, 2016
Syntax: kstool <arch+mode> <assembly-string> [start-address-in-hex-format]
The following <arch+mode> options are supported:
x16: X86 16bit, Intel syntax
x32: X86 32bit, Intel syntax
x64: X86 64bit, Intel syntax
x16att: X86 16bit, AT&T syntax
x32att: X86 32bit, AT&T syntax
x64att: X86 64bit, AT&T syntax
x16nasm: X86 16bit, NASM syntax
x32nasm: X86 32bit, NASM syntax
x64nasm: X86 64bit, NASM syntax
arm: ARM - little endian
armbe: ARM - big endian
thumb: Thumb - little endian
thumbbe: Thumb - big endian
arm64: AArch64
hexagon: Hexagon
mips: Mips - little endian
mipsbe: Mips - big endian
mips64: Mips64 - little endian
mips64be: Mips64 - big endian
ppc32be: PowerPC32 - big endian
ppc64: PowerPC64 - little endian
ppc64be: PowerPC64 - big endian
sparc: Sparc - little endian
sparcbe: Sparc - big endian
sparc64: Sparc64 - little endian
sparc64be: Sparc64 - big endian
systemz: SystemZ (S390x)
参考文章:
https://github.com/keystone-engine/keystone/blob/master/docs/COMPILE.md
http://bbs.pediy.com/thread-212173.htm
http://wooyun.jozxing.cc/static/drops/mobile-10010.html