Open theqlabs opened 8 years ago
f1 = bv.functions[0] f1b1 = f1.basic_blocks[0] start = f1b1.start end = f1b1.end while start != end: x, size = bv.arch.get_instruction_text(bv.read(start, 4), start) ins.append(x) start += size
print ins results in a nice clean output for Mach-O:
print ins
Mach-O
[['push ', 'rbp'], ['push ', 'rbp'], ['mov ', 'rbp', ', ', 'rsp'], ['push ', 'r15'], ['push ', 'r14'], ['push ', 'r13'], ['push ', 'r12'], ['push ', 'rbx'], ['sub ', 'rsp', ', ', '0x38'], ['mov ', 'r13', ', ', 'rsi'], ['mov ', 'r15d', ', ', 'edi'], ['mov ', 'qword ', '[', 'rbp', '-0x38', ']', ', ', '0x0'], ['lea ', 'r12', ', ', '', '[', '0x100001d5a', ']'], ['lea ', 'r14', ', ', '', '[', '0x100001610', ']'], ['xor ', 'ebx', ', ', 'ebx'], ['xor ', 'eax', ', ', 'eax'], ['xor ', 'ecx', ', ', 'ecx'], ['mov ', 'qword ', '[', 'rbp', '-0x58', ']', ', ', 'rcx'], ['jmp ', '0x100001280']]
and for ELF looks like a giant mess:
ELF
[['stp', ' ', 'x29', ', ', 'x30', ', ', '[', 'sp', ', #', '-0x10', ']!'], ['adrp', ' ', 'x0', ', ', '0x473000'], ['mov', ' ', 'x29', ', ', 'sp'], ['add', ' ', 'x0', ', ', 'x0', ', ', '#', '0xf50'], ['bl', ' ', '0x448214'], ['bl', ' ', '0x439c28'], ['eor', ' ', 'x7', ', ', 'x0', ', ', 'x1'], ['mov', ' ', 'x10', ', ', '#', '0x101010101010101'], ['tst', ' ', 'x7', ', ', '#', '0x7'], ['b.ne', ' ', '0x428960'], ['eor', ' ', 'x7', ', ', 'x0', ', ', 'x1'], ['mov', ' ', 'x10', ', ', '#', '0x101010101010101'], ['tst', ' ', 'x7', ', ', '#', '0x7'], ['b.ne', ' ', '0x428960']]
Wondering why the difference? Tried a few different basic blocks, same output. note: these are two different binaries, i don't really want to go compile the same binary on both archs right now
print insresults in a nice clean output forMach-O:and for
ELFlooks like a giant mess:Wondering why the difference? Tried a few different basic blocks, same output. note: these are two different binaries, i don't really want to go compile the same binary on both archs right now