Menu
▾
▴
Re: [Capstone-users] Decoding AArch64 (ARM64) instructions via Python bindings (unsuccessful attempts)
|
From: Jay O. <ja...@ko...> - 2014-10-13 23:02:08
|
Hi David, this is definitely an issue with the BIG-ENDIAN MODE flag not
being set correctly. By default, all architectures use little endian until
you tell it otherwise.
>>> from capstone import *
>>> CODE = "\x1e\x2f\x38\xb2"
>>> md = Cs(CS_ARCH_ARM64, CS_MODE_ARM | *CS_MODE_BIG_ENDIAN*)
>>> insn = next(md.disasm(CODE, 0x0))
>>> print("0x%x:\t%s\t%s" %(insn.address, insn.mnemonic, insn.op_str))
0x0: fsub s18, s5, s15
On Mon, Oct 13, 2014 at 12:05 PM, David Abdurachmanov <
dav...@gm...> wrote:
> Hi,
>
> I decided to try Capstone (3.0 RC1) on AArch64 machine code. From GDB on
> AArch64 machine:
>
> 0x7f330f29b8 <distce_+268>: fsub s18, s5, s15
>
> (gdb) x/x 0x7f330f29b8
> 0x7f330f29b8 <distce_+268>: 0x1e2f38b2
>
> >>> from capstone import *
> >>> CODE = "\x1e\x2f\x38\xb2"
> >>> md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
> >>> insn = next(md.disasm(CODE, 0x0))
> >>> print("0x%x:\t%s\t%s" %(insn.address, insn.mnemonic, insn.op_str))
> 0x0: orr x30, x24, #0xfff00000fff00
>
> Another example:
>
> 0x4F8010A4 (0100'1111 1000'0000 0001'0000 1010'0100)
>
> $ cat inst.s
> .text
> .inst 0x4F8010A4
>
> $ gas -o inst.o inst.s
>
> $ objdump -d inst.o
> [snip]
> 0000000000000000 <.text>:
> 0: 4f8010a4 fmla v4.4s, v5.4s, v0.s[0]
>
> >>> from capstone import *
> >>> CODE = "\x4F\x80\x10\xA4"
> >>> md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
> >>> insn = next(md.disasm(CODE, 0x0))
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> StopIteration
>
> I am running:
>
> Python 2.7.1 (r271:86832, Jul 31 2011, 19:30:53)
> [GCC 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2335.15.00)] on
> darwin
>
> Am I doing something wrong? Maybe CS_MODE_ARM means AArch32 on ARMv8
> silicon and AArch64 is not supported?
>
> Cheers,
> david
>
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> Capstone-users mailing list
> Cap...@li...
> https://lists.sourceforge.net/lists/listinfo/capstone-users
>
>
|
