search

JonathanSalwan / Triton

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.
https://triton-library.github.io
Apache License 2.0
3.39k stars 524 forks source link

Add Dissasembly callbacks? #1314

Closed Japrajah closed 3 months ago

Japrajah commented 3 months ago

Triton has function that disassembles memory block until reach control flow instruction , but I need function that stops dissasemble when "inst.back().isMemoryRead()" , or I need to stop on specific instruction's chain.

Somithing like this... /

architecture&context


TRITON_EXPORT triton::arch::BasicBlock disassembly(triton::uint64 addr, bool(*cb)(std::vector<triton::arch::Instruction>&))  const {
std::vector<triton::arch::Instruction> ret;
do {
if (!this->isConcreteMemoryValueDefined(addr)) {
break;
}
auto opcodes = this->getConcreteMemoryAreaValue(addr, 16);
auto inst = triton::arch::Instruction(addr, reinterpret_cast<triton::uint8*>(opcodes.data()), opcodes.size());
this->disassembly(inst);
ret.push_back(inst);
addr += inst.getSize();
} while (!cb(ret));
return triton::arch::BasicBlock(ret);
}

triton::arch::BasicBlock disassembly(triton::uint64 addr) const { return this->disassembly(addr, ([](std::vector& ret) {return ret.back().isControlFlow(); })); }

``` c
 // usage 
 const  auto  dism_filter = [](std::vector<triton::arch::Instruction>& ret) -> bool
     {
       auto instr = ret.back().getDisassembly();
       return   instr.contains("[") && !instr.contains("rsp");
     };
         auto block = this->disassembly(address, dism_filter);

Can this be implemented?

JonathanSalwan commented 3 months ago

It could be a great feature. Can you provide a PR for this one?

JonathanSalwan commented 3 months ago

merged