capstone
capstone copied to clipboard
capstone-engine
skipdata doesn't work correctly from python
Work environment
| Questions | Answers |
|---|---|
| OS/arch/bits | MacOS, arm64 |
| Architecture | arm64 |
| Source of Capstone | git clone, pip |
| Version/git commit | v5.0.1 |
Instruction bytes giving faulty results
0xc0, 0x03, 0x5f, 0xd6, 0x98, 0xf2, 0xff, 0xff, 0xc0, 0x03, 0x5f, 0xd6
Expected results
It should be:
1000 c0 03 5f d6 ret
1004 98 f2 ff ff .byte 0x98, 0xf2, 0xff, 0xff
1008 c0 03 5f d6 ret
Steps to get the wrong result
With cstool we got expected result:
$ cstool -s arm64 "c0035fd698f2ffffc0035fd6"
1000 c0 03 5f d6 ret
1004 98 f2 ff ff .byte 0x98, 0xf2, 0xff, 0xff
1008 c0 03 5f d6 ret
With Python code
from capstone import *
CODE = b"\xc0\x03\x5f\xd6\x98\xf2\xff\xff\xc0\x03\x5f\xd6"
md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
md.skipdata = True
for insn in md.disasm(CODE, 0x1000):
print("%x %s %s %s" % (insn.address, "".join(["%02x " % b for b in insn.bytes]), insn.mnemonic, insn.op_str))
Got only first instruction
1000 c0 03 5f d6 ret
NOTE
- Compiled
test_skipdata.cworks as expected. - Use of compiled dynamic library from
v5.0.1release sources from python returns invalid result.
Probably the issue with dynamic library.
I can confirm. Spend a day until noticed that PE is only half-decoded. Capstone breaks on this instruction:
ver 5.0.1, skipdata = True, python 3.8.10, Win7 64
Sorry for the late answer. Currently, we are really busy with many other construction sides in Capstone. So the Python bindings don't get the love they would actually need. We first want to bring the C code base up to date. Because the Python bindings possibly get a complete rewrite. For those two reasons, no one looked at this one yet.
Although, you can try to use the next branch (currently only usable with <= Python3.11).
@Rot127 Thanks for response. At least we know that it is in a road map. We'll be waiting for next release.
The library installed through the PyPi package was found to be invalid because the definition of CS_OPT_ON in python and dll was different。
# bindings/python/capstone/__init__.py
CS_OPT_ON = 1 << 0 # Turn ON an option (CS_OPT_DETAIL)
#include/capstone/capstone.h
CS_OPT_ON = 3, ///< Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA).
The next branch has fixed this.
@Amoystyle In the v5 branch CS_OPT_ON == 3 in the Python bindings and the c header.
So this might not be the reason.
@Rot127 I see that the latest version 5.0.2 has fixed this bug
[v5] python: Fix definition of capstone syntax value option constants by @nmeum in https://github.com/capstone-engine/capstone/pull/2240