帮酷LOGO
  • 显示原文与译文双语对照的内容
文章标签:LLDB  capstone  lld  cap  scripts  
Capstone disassemble scripts for lldb

  • 源代码名称:lldb-capstone-arm
  • 源代码网址:http://www.github.com/upbit/lldb-capstone-arm
  • lldb-capstone-arm源代码文档
  • lldb-capstone-arm源代码下载
  • Git URL:
    git://www.github.com/upbit/lldb-capstone-arm.git
  • Git Clone代码到本地:
    git clone http://www.github.com/upbit/lldb-capstone-arm
  • Subversion代码到本地:
    $ svn co --depth empty http://www.github.com/upbit/lldb-capstone-arm
    Checked out revision 1.
    $ cd repo
    $ svn up trunk
  • lldb-capstone-arm

    disassemble lldb ( 拇指)/arm64代码的脚本,由顶点引擎

    设置

    安装顶点和 python 绑定:

    brew install capstone
    sudo pip install capstone

    然后部署脚本:

    • *.py 解压缩并移动到磅的~/.lldb
    • 在lldb中加载脚本如下: command script import ~/.lldb/dis_capstone.py

    或者添加 command script import ~/.lldb/dis_capstone.py~/.lldbinit ( 如果不存在则创建)

    示例

    Thumb代码反汇编比较:

    Screenshot

    带和-h的光盘:

    (lldb) discs -f
     SBThread: tid = 0x357e9, frame #0: 0x31c366ba libobjc.A.dylib`objc_retain + 10
     Address: libobjc.A.dylib[0x2f2286ba] (libobjc.A.dylib.__TEXT.__text + 116410)
     Summary: libobjc.A.dylib`objc_retain + 10
    -> 0x31c366ba: 09 7C ldrb r1, [r1, #0x10]
     0x31c366bc: 11 F0 02 0F tst.w r1, #2
     0x31c366c0: 18 BF it ne
     0x31c366c2: 00 F0 8F B9 b.w #0x31c369e4
     0x31c366c6: 47 F6 0A 21 movw r1, #0x7a0a
     0x31c366ca: C0 F2 CF 21 movt r1, #0x2cf
     0x31c366ce: 79 44 add r1, pc
     0x31c366d0: 09 68 ldr r1, [r1]
     0x31c366d2: 09 68 ldr r1, [r1]
     0x31c366d4: F2 F7 44 BC b.w #0x31c28f60
     0x31c366d8: F0 B5 push {r4, r5, r6, r7, lr}
    (lldb) discs -h
    Usage: discs (-f) (-s <addr>) (-l <len>) (-A <arm|arm64>) (-M <arm|thumb>)
    Options:
     -h, --help show this help message and exit
     -s START_ADDR, --start-addr=START_ADDR
     start address (default: pc)
     -l LENGTH, --length=LENGTH
     decode bytes length (default: 32)
     -A ARCH, --arch=ARCH arch type: arm,arm64 (default: arm)
     -M MODE, --mode=MODE mode type: arm,thumb (auto select by cpsr[b:5])
     -f, --full show full outputs


    文章标签:cap  scripts  lld  LLDB  capstone  

    Copyright © 2011 HelpLib All rights reserved.    知识分享协议 京ICP备05059198号-3  |  如果智培  |  酷兔英语