Open IcEy-999 opened 1 year ago
import keystone import capstone HEX2ASM = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64 ) ASM2HEX = keystone.Ks(keystone.KS_ARCH_X86, keystone.KS_MODE_64 ) ASM2HEX.syntax = keystone.KS_OPT_SYNTAX_INTEL asm = """ mov qword ptr ds:[0x14000d250],rcx """ byte,con = ASM2HEX.asm(asm,addr = 0x1400ef00a) for b in byte: print("%02x "%b,end="") print("") bytess = bytes(byte) dis = HEX2ASM.disasm_lite(bytess, offset=0x1400ef00a) for insn in dis: print("%x "%insn[0],end="") print("%s "%insn[2],end="") print("%s"%insn[3])
OUT: 48 89 0d 3f e2 f1 ff 1400ef00a mov qword ptr [rip - 0xe1dc1], rcx This is not an error. 0x1400ef00a - 0xe1dc1 + 0x7 = 0x14000d250
48 89 0d 3f e2 f1 ff 1400ef00a mov qword ptr [rip - 0xe1dc1], rcx
BUT: asm = """ mov rcx,qword ptr ds:[0x14000d250] """
asm = """ mov rcx,qword ptr ds:[0x14000d250] """
OUT: 48 8b 0d 50 d2 00 40 1400ef00a mov rcx, qword ptr [rip + 0x4000d250]
48 8b 0d 50 d2 00 40 1400ef00a mov rcx, qword ptr [rip + 0x4000d250]
0x1400ef00a + 0x4000d250 + 0x7 != 0x14000d250
import keystone import capstone HEX2ASM = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64 ) ASM2HEX = keystone.Ks(keystone.KS_ARCH_X86, keystone.KS_MODE_64 ) ASM2HEX.syntax = keystone.KS_OPT_SYNTAX_INTEL asm = """ mov qword ptr ds:[0x14000d250],rcx """ byte,con = ASM2HEX.asm(asm,addr = 0x1400ef00a) for b in byte: print("%02x "%b,end="") print("") bytess = bytes(byte) dis = HEX2ASM.disasm_lite(bytess, offset=0x1400ef00a) for insn in dis: print("%x "%insn[0],end="") print("%s "%insn[2],end="") print("%s"%insn[3])OUT:
48 89 0d 3f e2 f1 ff 1400ef00a mov qword ptr [rip - 0xe1dc1], rcxThis is not an error. 0x1400ef00a - 0xe1dc1 + 0x7 = 0x14000d250BUT:
asm = """ mov rcx,qword ptr ds:[0x14000d250] """OUT:
48 8b 0d 50 d2 00 40 1400ef00a mov rcx, qword ptr [rip + 0x4000d250]0x1400ef00a + 0x4000d250 + 0x7 != 0x14000d250