Menu
▾
▴
Re: [Capstone-users] Memory Leak?
|
From: Nguyen A. Q. <aq...@gm...> - 2014-12-03 15:31:43
|
On Wed, Dec 3, 2014 at 4:57 PM, Jan Newger <jan...@ne...> wrote: > Hey, > > I was playing around with a few python scripts (using capstone among > other things) and always ran out of memory - and I have no freaking idea > why. > is this with the latest 3.0 version? thanks, Q > The code is really short: > > > from capstone import Cs > from capstone import CS_ARCH_X86 > from capstone import CS_MODE_32 > from capstone import CS_GRP_JUMP > from capstone import CS_GRP_CALL > from capstone import CS_GRP_RET > from capstone.x86_const import X86_INS_JNE, X86_INS_JMP > > """ > 0x401000: push ecx > 0x401001: pop ecx > 0x401002: mov eax, dword ptr [esp + 0x18] > 0x401006: mov eax, dword ptr [eax] > 0x401008: sar eax, 0 > 0x40100b: xor edi, eax > 0x40100d: nop > 0x40100e: add dword ptr [esp + 0x18], 4 > 0x401013: nop > 0x401014: dec word ptr [esp + 0x14] > 0x401019: shld edi, ecx, 0 > 0x40101d: jne 0x401000 > """ > def get_code(): > CODE = > > "\x51\x59\x8B\x44\x24\x18\x8B\x00\xC1\xF8\x00\x33\xF8\x90\x83\x44\x24\x18\x04\x90\x66\xFF\x4C\x24\x14\x0F\xA4\xCF\x00\x75\xE1" > > return CODE > > def is_branch(instr): > for group in branch_groups: > if group in instr.groups: > return True > return False > #return False > > # Disassemble until we hit basic block end. > def disasm(code): > disasm = Cs(CS_ARCH_X86, CS_MODE_32) > disasm.detail = True > address = 0x401000 > for instr in disasm.disasm(code, address): > print "0x%x:\t%s\t%s" % (instr.address, instr.mnemonic, instr.op_str) > if is_branch(instr): > break > > branch_groups = [CS_GRP_JUMP, CS_GRP_CALL, CS_GRP_RET] > code = get_code() > while True: > disasm(code) > > > That code goes out of memory after a few seconds. The super weird thing > is, that if I change the implementation of "is_branch(instr)" to simply > return False all the time, then the program does not go out of memory! > Does anyone have an idea what's going on? > > Best > Jan > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users > |
