Menu
▾
▴
[Capstone-users] Decoding AArch64 (ARM64) instructions via Python bindings (unsuccessful attempts)
|
From: David A. <dav...@gm...> - 2014-10-13 19:05:29
|
Hi,
I decided to try Capstone (3.0 RC1) on AArch64 machine code. From GDB on AArch64 machine:
0x7f330f29b8 <distce_+268>: fsub s18, s5, s15
(gdb) x/x 0x7f330f29b8
0x7f330f29b8 <distce_+268>: 0x1e2f38b2
>>> from capstone import *
>>> CODE = "\x1e\x2f\x38\xb2"
>>> md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
>>> insn = next(md.disasm(CODE, 0x0))
>>> print("0x%x:\t%s\t%s" %(insn.address, insn.mnemonic, insn.op_str))
0x0: orr x30, x24, #0xfff00000fff00
Another example:
0x4F8010A4 (0100'1111 1000'0000 0001'0000 1010'0100)
$ cat inst.s
.text
.inst 0x4F8010A4
$ gas -o inst.o inst.s
$ objdump -d inst.o
[snip]
0000000000000000 <.text>:
0: 4f8010a4 fmla v4.4s, v5.4s, v0.s[0]
>>> from capstone import *
>>> CODE = "\x4F\x80\x10\xA4"
>>> md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
>>> insn = next(md.disasm(CODE, 0x0))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
StopIteration
I am running:
Python 2.7.1 (r271:86832, Jul 31 2011, 19:30:53)
[GCC 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2335.15.00)] on darwin
Am I doing something wrong? Maybe CS_MODE_ARM means AArch32 on ARMv8 silicon and AArch64 is not supported?
Cheers,
david
|
