JoYo
/
subdisassem
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

checking for unessisary disassembly

master
JoYo 2022-01-19 13:33:20 -05:00
parent c4bde9632a
commit b64d04dc3a
3 changed files with 51 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
subdisassem/disassemble.py
View File

@ -30,20 +30,42 @@ import logging
class _CapstoneBase: class _CapstoneBase:
def __init__(self, payload: bytes, offset: int = 0): def __init__(self):
self.disassembly = list() self.arch = self.__class__.__name__
pass
for opcode in self.capstone.disasm(payload, offset):
self.disassembly.append(opcode)
def __repr__(self) -> str: def __repr__(self) -> str:
return self.objdump return self.objdump
def __len__(self) -> int: def __len__(self) -> int:
if not self.disassembly:
logging.debug(
f"payload_missing: use {self.__class__}.load(payload=bytes) prior"
)
return 0
return len(self.disassembly) return len(self.disassembly)
def load(self, payload: bytes, offset: int = 0):
disassembly = list()
for opcode in self.capstone.disasm(payload, offset):
disassembly.append(opcode)
if disassembly:
self.disassembly = disassembly
else:
logging.debug("disassembly_empty")
self.disassembly = list()
@property @property
def objdump(self) -> str: def objdump(self) -> str:
if not self.disassembly:
logging.debug(
f"payload_missing: use {self.__class__}.load(payload=bytes) prior"
)
return ""
opcodes = str() opcodes = str()
for opcode in self.disassembly: for opcode in self.disassembly:
@ -53,6 +75,12 @@ class _CapstoneBase:
@property @property
def disasm(self) -> list: def disasm(self) -> list:
if not self.disassembly:
logging.debug(
f"payload_missing: use {self.__class__}.load(payload=bytes) prior"
)
return []
opcodes = list() opcodes = list()
for opcode in self.disassembly: for opcode in self.disassembly:
@ -70,64 +98,51 @@ class _CapstoneBase:
class X86_intel(_CapstoneBase): class X86_intel(_CapstoneBase):
capstone = Cs(CS_ARCH_X86, CS_MODE_16) capstone = Cs(CS_ARCH_X86, CS_MODE_16)
arch = "x86-16"
class X86(_CapstoneBase): class X86(_CapstoneBase):
capstone = Cs(CS_ARCH_X86, CS_MODE_32) capstone = Cs(CS_ARCH_X86, CS_MODE_32)
arch = "x86-32"
class X86_64(_CapstoneBase): class X86_64(_CapstoneBase):
capstone = Cs(CS_ARCH_X86, CS_MODE_64) capstone = Cs(CS_ARCH_X86, CS_MODE_64)
arch = "x86-64"
class ARM(_CapstoneBase): class ARM(_CapstoneBase):
capstone = Cs(CS_ARCH_ARM, CS_MODE_ARM) capstone = Cs(CS_ARCH_ARM, CS_MODE_ARM)
arch = "ARM"
class Thumb(_CapstoneBase): class Thumb(_CapstoneBase):
capstone = Cs(CS_ARCH_ARM, CS_MODE_THUMB) capstone = Cs(CS_ARCH_ARM, CS_MODE_THUMB)
arch = "Thumb"
class ARM_64(_CapstoneBase): class ARM_64(_CapstoneBase):
capstone = Cs(CS_ARCH_ARM64, CS_MODE_ARM) capstone = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
arch = "ARM 64"
class MIPS_32_eb(_CapstoneBase): class MIPS_32_eb(_CapstoneBase):
capstone = Cs(CS_ARCH_MIPS, CS_MODE_MIPS32 + CS_MODE_BIG_ENDIAN) capstone = Cs(CS_ARCH_MIPS, CS_MODE_MIPS32 + CS_MODE_BIG_ENDIAN)
arch = "MIPS-32 (Big-endian)"
class MIPS_64_el(_CapstoneBase): class MIPS_64_el(_CapstoneBase):
capstone = Cs(CS_ARCH_MIPS, CS_MODE_MIPS64 + CS_MODE_LITTLE_ENDIAN) capstone = Cs(CS_ARCH_MIPS, CS_MODE_MIPS64 + CS_MODE_LITTLE_ENDIAN)
arch = "MIPS-64-EL (Little-endian)"
class PPC_64(_CapstoneBase): class PPC_64(_CapstoneBase):
capstone = Cs(CS_ARCH_PPC, CS_MODE_BIG_ENDIAN) capstone = Cs(CS_ARCH_PPC, CS_MODE_BIG_ENDIAN)
arch = "PPC-64"
class Sparc(_CapstoneBase): class Sparc(_CapstoneBase):
capstone = Cs(CS_ARCH_SPARC, CS_MODE_BIG_ENDIAN) capstone = Cs(CS_ARCH_SPARC, CS_MODE_BIG_ENDIAN)
arch = "Sparc"
class SparcV9(_CapstoneBase): class SparcV9(_CapstoneBase):
capstone = Cs(CS_ARCH_SPARC, CS_MODE_BIG_ENDIAN + CS_MODE_V9) capstone = Cs(CS_ARCH_SPARC, CS_MODE_BIG_ENDIAN + CS_MODE_V9)
arch = "SparcV9"
class SystemZ(_CapstoneBase): class SystemZ(_CapstoneBase):
capstone = Cs(CS_ARCH_SYSZ, 0) capstone = Cs(CS_ARCH_SYSZ, 0)
arch = "SystemZ"
class XCore(_CapstoneBase): class XCore(_CapstoneBase):
capstone = Cs(CS_ARCH_XCORE, 0) capstone = Cs(CS_ARCH_XCORE, 0)
arch = "XCore"

3
subdisassem/schema.py
View File

@ -33,12 +33,11 @@ class Disassembly(Base):
@property @property
def values(self) -> dict: def values(self) -> dict:
values_dict = { values_dict = {
"id": self.id,
"arch": self.arch, "arch": self.arch,
"checksum": self.checksum,
"count": self.count, "count": self.count,
"size": self.size, "size": self.size,
"offset": self.offset, "offset": self.offset,
"path": self.path,
} }
return values_dict return values_dict

29
subdisassem/scripts.py
View File

@ -89,7 +89,22 @@ def subdisassem_script():
for arch in archs: for arch in archs:
for offset in range(args.fuzz): for offset in range(args.fuzz):
disasembler = arch(payload=raw_bytes, offset=offset) disasembler = arch()
exists = (
session.query(Disassembly)
.filter(Disassembly.checksum == checksum)
.filter(Disassembly.offset == offset)
.filter(Disassembly.arch == disasembler.arch)
.first()
)
if exists:
logging.debug(
f"subdiassembly_exists: {[disasembler.arch, checksum, offset]}"
)
continue
disasembler.load(payload=raw_bytes, offset=offset)
row = Disassembly() row = Disassembly()
row.arch = disasembler.arch row.arch = disasembler.arch
row.checksum = checksum row.checksum = checksum
@ -98,17 +113,7 @@ def subdisassem_script():
row.offset = offset row.offset = offset
row.opcodes = disasembler.objdump row.opcodes = disasembler.objdump
row.path = str(args.bin_path.absolute()) row.path = str(args.bin_path.absolute())
session.add(row)
exists = (
session.query(Disassembly)
.filter(Disassembly.checksum == row.checksum)
.filter(Disassembly.offset == row.offset)
.filter(Disassembly.arch == row.arch)
.first()
)
if not exists:
session.add(row)
session.commit() session.commit()