keystone
keystone copied to clipboard
keystone-engine
Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
I've observed this in the Python version. If a sym_resolver is defined, all immediates will be interpreted as hex values. ``` # normal behavior ks = Ks(KS_ARCH_X86,KS_MODE_64) encoding, count =...
If the `.string` directive argument is enclosed using `'` char, then an infinite loop happens on `AsmParser::Run`. - PoC: ```python from keystone import * ks = Ks(KS_ARCH_X86, KS_MODE_32) # good...
The previous fix https://github.com/keystone-engine/keystone/pull/274 only updated the address for target specific directives. There are a number of generic directives that also emit bytes so the address needs to be updated....
`leal (%eax,%eax), %edx` means `edx = eax + eax`,
``` // A number of ARM fixups in Thumb mode require that the effective PC // address be determined as the 32-bit aligned version of the actual offset. if (ShouldAlignPC)...
when the symbol contains '@', the sym_resolver failed to fire.
``` KEYSTONE_EXPORT ks_err ks_option(ks_engine *ks, ks_opt_type type, size_t value) { ks->MAI->setRadix(16); ``` it is freak that att style `12(%esp) ` is treated as 0x12 where 12 is not after `0x`
The link was not redirecting to the correct webpage earlier due to a small typo.
code generated by gcc ``` .align 4 _MessageBoxA: .long 19089016 LC0: .ascii "\0" push ebp mov ebp, esp sub esp, 24 mov eax, DWORD PTR _MessageBoxA mov ecx, OFFSET FLAT:LC0...
code generated by gcc ``` .align 4 _MessageBoxA: .long 19089016 LC0: .ascii "\0" pushl %ebp movl %esp, %ebp subl $24, %esp movl _MessageBoxA, %eax movl $LC0, %ecx movl $LC0, %edx...
Metadata
Owner
Metadata
Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings