简介
Keystone是一个汇编器
https://www.keystone-engine.org/
Capstone是一个反汇编器
https://www.capstone-engine.org/
用法
pip install capstone
pip install keystone-engine
import keystone
import capstone
def ins2bcode(arm_ins):
ks = keystone.Ks(keystone.KS_ARCH_ARM, keystone.KS_MODE_ARM)
arm_bytecode=ks.asm(arm_ins,as_bytes=True)
bytecode =int.from_bytes(arm_bytecode[0],"little") # 将汇编后的字节码转换为整数,使用小端序
bytecode_bin =format(bytecode, "032b") # 将整数转换为32位的二进制字符串
print("arm ins: \t",arm_ins)
print("bytecode hex: \t", hex(bytecode))
print("bytecode bin: \t", bytecode_bin)
return arm_bytecode[0]
def bcode2ins(arm_bytecode):
cs=capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
for ins in cs.disasm(arm_bytecode, 0):
print("ins.address: \t",ins.address) # 指令的地址
print("ins.mnemonic: \t",ins.mnemonic) # 指令的助记符(指令名称)
print("ins.op_str: \t",ins.op_str) # 指令的操作数
arm_ins ="B #0x40"
bytecode = ins2bcode(arm_ins)
bcode2ins(bytecode)
输出:
arm ins: B #0x40
bytecode hex: 0xea00000e
bytecode bin: 11101010000000000000000000001110
ins.address: 0
ins.mnemonic: b
ins.op_str: #0x40