73 lines
2.0 KiB
Python
73 lines
2.0 KiB
Python
|
## -*- coding: utf-8 -*-
|
||
|
##
|
||
|
## Jonathan Salwan - 2014-05-12
|
||
|
##
|
||
|
## http://shell-storm.org
|
||
|
## http://twitter.com/JonathanSalwan
|
||
|
##
|
||
|
|
||
|
from capstone import *
|
||
|
|
||
|
class Raw(object):
|
||
|
def __init__(self, binary, arch, mode, endian):
|
||
|
self.__binary = bytearray(binary)
|
||
|
self.__arch = arch
|
||
|
self.__mode = mode
|
||
|
self.__endian = endian
|
||
|
|
||
|
def getEntryPoint(self):
|
||
|
return 0x0
|
||
|
|
||
|
def getExecSections(self):
|
||
|
return [{"name": "raw", "offset": 0x0, "size": len(self.__binary), "vaddr": 0x0, "opcodes": bytes(self.__binary)}]
|
||
|
|
||
|
def getDataSections(self):
|
||
|
return []
|
||
|
|
||
|
def getArch(self):
|
||
|
arch = {
|
||
|
"x86": CS_ARCH_X86,
|
||
|
"arm": CS_ARCH_ARM,
|
||
|
"arm64": CS_ARCH_ARM64,
|
||
|
"sparc": CS_ARCH_SPARC,
|
||
|
"mips": CS_ARCH_MIPS,
|
||
|
"ppc": CS_ARCH_PPC
|
||
|
}
|
||
|
try:
|
||
|
ret = arch[self.__arch]
|
||
|
except:
|
||
|
print("[Error] Raw.getArch() - Architecture not supported. Only supported: x86 arm arm64 sparc mips ppc")
|
||
|
return None
|
||
|
return ret
|
||
|
|
||
|
def getArchMode(self):
|
||
|
mode = {
|
||
|
"32": CS_MODE_32,
|
||
|
"64": CS_MODE_64,
|
||
|
"arm": CS_MODE_ARM,
|
||
|
"thumb": CS_MODE_THUMB
|
||
|
}
|
||
|
try:
|
||
|
ret = mode[self.__mode]
|
||
|
except:
|
||
|
print("[Error] Raw.getArchMode() - Mode not supported. Only supported: 32 64 arm thumb")
|
||
|
return None
|
||
|
return ret
|
||
|
|
||
|
def getEndian(self):
|
||
|
if self.getArch() == CS_ARCH_X86:
|
||
|
return 0
|
||
|
endian ={
|
||
|
"little": 0,
|
||
|
"big": CS_MODE_BIG_ENDIAN
|
||
|
}
|
||
|
try:
|
||
|
ret = endian[self.__endian]
|
||
|
except:
|
||
|
print("[Error] Raw.getArchEndian() - Endianness not supported. Only supported: little big")
|
||
|
return None
|
||
|
return ret
|
||
|
|
||
|
def getFormat(self):
|
||
|
return "Raw"
|