From: Nguyen A. Q. <aq...@gm...> - 2017-05-29 01:27:22
|
On Mon, May 29, 2017 at 3:42 AM, JonathonS <the...@gm...> wrote: > Hi, I've been trying use capstone to disassemble functions in memory (e.g. > printf, fread, etc.). Ideally, I'd like to see the function > prologue/epilogue as well as function body. > > I've been using this code here (https://toastedcornflakes. > github.io/articles/fuzzing_capstone_with_afl.html) as a starting point > but I haven't figured out how accomplish what I want. I am a bit confused > on what to provide cs_disasm. > > Here is what I a have: > > #include "capstone.h" > > int main(int argc, char** argv) { > csh handle; > cs_insn *insn; > size_t count; > uint8_t buf[128] = {0}; > > if (cs_open(CS_ARCH_ARM, CS_MODE_ARM, &handle) == CS_ERR_OK) { > count = cs_disasm(handle, buf, sizeof(buf), (uint64_t) printf, 0, &insn); > > // TODO: Print instructions > > cs_free(insn, count); > } > cs_close(&handle); > return 0;} > > However, when I run this code and when I print the instructions, I keep > getting > > andeq r0,r0,r0 > > which I guess is the equivalent of 0/no-op on ARM. This seems incorrect. > buf is an array full of 0, so this is expected, as 00 00 00 00 = NOP. what is wrong here? Thanks, Quynh http://www.keystone-engine.org http://www.capstone-engine.org http://www.unicorn-engine.org |