keystone icon indicating copy to clipboard operation
keystone copied to clipboard

Published 20 hours ago verified publisher icon keystone-engine

Get label offsets after assembling

Open AlexAltea opened this issue 4 years ago • 1 comments

It would be extremely useful to obtain the offsets of assembly labels, to export symbols.

For instance, given the following snippet:

  mov eax, 1
  mov ecx, 2
L1:
  mov edx, 3
L2:
  mov ebx, 4

How could we get the offsets for L1 (which is 10) and L2 (which is 15)?

I see two possible approaches:

  • Adding a function: However, according to the API, ks_asm only outputs encode, size, count, where encode is just an unsigned char* (which cannot store metadata) so adding an additional function to Keystone would require changes to ks_asm which might not be desirable.

  • Adding a label callback: This would be similar to KS_OPT_SYM_RESOLVER, except for reading labels rather writing them. The signature could be something like typedef bool (*ks_label_callback)(const char *symbol, uint64_t offset);.

AlexAltea avatar Oct 07 '20 12:10 AlexAltea

If really needed, a workaround could be improvised by adding the following code at the end:

.quad L1
.quad L2
; ...

, and then extracting the last n*8 bytes and converting them into integers

abel1502 avatar Jul 18 '22 14:07 abel1502