search

keystone-engine / keystone

Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
http://www.keystone-engine.org
GNU General Public License v2.0
2.3k stars 458 forks source link

not expected behavior when using sym resolver #581

Open nyaoouo opened 8 months ago

nyaoouo commented 8 months ago

environment: Python 3.11.8 (tags/v3.11.8:db85d51, Feb 6 2024, 22:03:32) [MSC v.1937 64 bit (AMD64)] on win32 keystone-engine 0.9.2 (from pip)

reproduce code:

import capstone
import keystone

def main():
    ks = keystone.Ks(keystone.KS_ARCH_X86, keystone.KS_MODE_64)
    cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)

    def resolver(key, p_value):
        if key == b'func_':
            p_value[0] = 0x9
            return True
        return False

    ks.sym_resolver = resolver

    code_1 = 'lea rax, [rip + func];call rax;func:mov al,1;ret;'
    code_2 = 'lea rax, [rip + func_];call rax;func:mov al,1;ret;'

    for i in cs.disasm(ks.asm(code_1, 0, True)[0], 0): print(f'{i.address:X}: {i.mnemonic} {i.op_str}')
    print('---')
    for i in cs.disasm(ks.asm(code_2, 0, True)[0], 0): print(f'{i.address:X}: {i.mnemonic} {i.op_str}')

if __name__ == '__main__':
    main()

expected ouptut:

0: lea rax, [rip + 2]
7: call rax
9: mov al, 1
B: ret 
---
0: lea rax, [rip + 2]
7: call rax
9: mov al, 1
B: ret

actual output:

0: lea rax, [rip + 2]
7: call rax
9: mov al, 1
B: ret 
---
0: lea rax, [rip + 6] << here
7: call rax
9: mov al, 1
B: ret