55 lines
1.5 KiB
Python
55 lines
1.5 KiB
Python
|
#!/usr/bin/env python3
|
||
|
#
|
||
|
# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
|
||
|
#
|
||
|
|
||
|
from elftools.elf.elffile import ELFFile
|
||
|
|
||
|
from qiling import Qiling
|
||
|
from qiling.const import *
|
||
|
from capstone import *
|
||
|
|
||
|
|
||
|
class QlDisassember():
|
||
|
def __init__(self, ql:Qiling):
|
||
|
self.ql = ql
|
||
|
|
||
|
def disasm_all_lines(self):
|
||
|
disasm_result = []
|
||
|
|
||
|
if self.ql.os.type == QL_OS.LINUX:
|
||
|
disasm_result = self.disasm_elf()
|
||
|
|
||
|
return disasm_result
|
||
|
|
||
|
def disasm_elf(self, seg_name='.text'):
|
||
|
def disasm(ql, address, size):
|
||
|
md = ql.arch.disassembler
|
||
|
md.detail = True
|
||
|
|
||
|
return md.disasm(ql.mem.read(address, size), address)
|
||
|
|
||
|
disasm_result = []
|
||
|
if self.ql.arch.type == QL_ARCH.X86:
|
||
|
BASE = int(self.ql.profile.get("OS32", "load_address"), 16)
|
||
|
seg_start = 0x0
|
||
|
seg_end = 0x0
|
||
|
|
||
|
f = open(self.ql.path, 'rb')
|
||
|
elffile = ELFFile(f)
|
||
|
elf_header = elffile.header
|
||
|
reladyn = elffile.get_section_by_name(seg_name)
|
||
|
|
||
|
# No PIE
|
||
|
if elf_header['e_type'] == 'ET_EXEC':
|
||
|
seg_start = reladyn.header.sh_addr
|
||
|
seg_end = seg_start + reladyn.data_size
|
||
|
# PIE
|
||
|
elif elf_header['e_type'] == 'ET_DYN':
|
||
|
seg_start = BASE + reladyn.header.sh_addr
|
||
|
seg_end = seg_start + reladyn.data_size
|
||
|
|
||
|
for insn in disasm(ql, seg_start, seg_end-seg_start):
|
||
|
disasm_result.append(insn)
|
||
|
|
||
|
return disasm_result
|