1 /* Capstone Disassembler Engine */ 2 /* By Nguyen Anh Quynh <aquynh@gmail.com>, 2013> */ 3 4 import capstone.Capstone; 5 6 public class Test { 7 public static class platform { 8 public int arch; 9 public int mode; 10 public int syntax; 11 public byte[] code; 12 public String comment; 13 platform(int a, int m, int syt, byte[] c, String s)14 public platform(int a, int m, int syt, byte[] c, String s) { 15 arch = a; 16 mode = m; 17 code = c; 18 comment = s; 19 syntax = syt; 20 } 21 platform(int a, int m, byte[] c, String s)22 public platform(int a, int m, byte[] c, String s) { 23 arch = a; 24 mode = m; 25 code = c; 26 comment = s; 27 } 28 }; 29 stringToHex(byte[] code)30 static public String stringToHex(byte[] code) { 31 StringBuilder buf = new StringBuilder(200); 32 for (byte ch: code) { 33 if (buf.length() > 0) 34 buf.append(' '); 35 buf.append(String.format("0x%02x", ch)); 36 } 37 return buf.toString(); 38 } 39 40 public static final byte[] PPC_CODE = new byte[] {(byte)0x80, (byte)0x20, (byte)0x00, (byte)0x00, (byte)0x80, (byte)0x3f, (byte)0x00, (byte)0x00, (byte)0x10, (byte)0x43, (byte)0x23, (byte)0x0e, (byte)0xd0, (byte)0x44, (byte)0x00, (byte)0x80, (byte)0x4c, (byte)0x43, (byte)0x22, (byte)0x02, (byte)0x2d, (byte)0x03, (byte)0x00, (byte)0x80, (byte)0x7c, (byte)0x43, (byte)0x20, (byte)0x14, (byte)0x7c, (byte)0x43, (byte)0x20, (byte)0x93, (byte)0x4f, (byte)0x20, (byte)0x00, (byte)0x21, (byte)0x4c, (byte)0xc8, (byte)0x00, (byte)0x21 }; 41 public static final byte[] X86_CODE = new byte[] { (byte)0x8d, (byte)0x4c, (byte)0x32, (byte)0x08, (byte)0x01, (byte)0xd8, (byte)0x81, (byte)0xc6, (byte)0x34, (byte)0x12, (byte)0x00, (byte)0x00 }; 42 public static final byte[] SPARC_CODE = new byte[] { (byte)0x80, (byte)0xa0, (byte)0x40, (byte)0x02, (byte)0x85, (byte)0xc2, (byte)0x60, (byte)0x08, (byte)0x85, (byte)0xe8, (byte)0x20, (byte)0x01, (byte)0x81, (byte)0xe8, (byte)0x00, (byte)0x00, (byte)0x90, (byte)0x10, (byte)0x20, (byte)0x01, (byte)0xd5, (byte)0xf6, (byte)0x10, (byte)0x16, (byte)0x21, (byte)0x00, (byte)0x00, (byte)0x0a, (byte)0x86, (byte)0x00, (byte)0x40, (byte)0x02, (byte)0x01, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x12, (byte)0xbf, (byte)0xff, (byte)0xff, (byte)0x10, (byte)0xbf, (byte)0xff, (byte)0xff, (byte)0xa0, (byte)0x02, (byte)0x00, (byte)0x09, (byte)0x0d, (byte)0xbf, (byte)0xff, (byte)0xff, (byte)0xd4, (byte)0x20, (byte)0x60, (byte)0x00, (byte)0xd4, (byte)0x4e, (byte)0x00, (byte)0x16, (byte)0x2a, (byte)0xc2, (byte)0x80, (byte)0x03 }; 43 public static final byte[] SYSZ_CODE = new byte[] { (byte)0xed, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x1a, (byte)0x5a, (byte)0x0f, (byte)0x1f, (byte)0xff, (byte)0xc2, (byte)0x09, (byte)0x80, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x07, (byte)0xf7, (byte)0xeb, (byte)0x2a, (byte)0xff, (byte)0xff, (byte)0x7f, (byte)0x57, (byte)0xe3, (byte)0x01, (byte)0xff, (byte)0xff, (byte)0x7f, (byte)0x57, (byte)0xeb, (byte)0x00, (byte)0xf0, (byte)0x00, (byte)0x00, (byte)0x24, (byte)0xb2, (byte)0x4f, (byte)0x00, (byte)0x78 }; 44 public static final byte[] SPARCV9_CODE = new byte[] { (byte)0x81, (byte)0xa8, (byte)0x0a, (byte)0x24, (byte)0x89, (byte)0xa0, (byte)0x10, (byte)0x20, (byte)0x89, (byte)0xa0, (byte)0x1a, (byte)0x60, (byte)0x89, (byte)0xa0, (byte)0x00, (byte)0xe0 }; 45 public static final byte[] XCORE_CODE = new byte[] { (byte)0xfe, (byte)0x0f, (byte)0xfe, (byte)0x17, (byte)0x13, (byte)0x17, (byte)0xc6, (byte)0xfe, (byte)0xec, (byte)0x17, (byte)0x97, (byte)0xf8, (byte)0xec, (byte)0x4f, (byte)0x1f, (byte)0xfd, (byte)0xec, (byte)0x37, (byte)0x07, (byte)0xf2, (byte)0x45, (byte)0x5b, (byte)0xf9, (byte)0xfa, (byte)0x02, (byte)0x06, (byte)0x1b, (byte)0x10 }; 46 main(String argv[])47 static public void main(String argv[]) { 48 platform[] platforms = { 49 new platform( 50 Capstone.CS_ARCH_X86, 51 Capstone.CS_MODE_16, 52 Capstone.CS_OPT_SYNTAX_INTEL, 53 new byte[] { (byte)0x8d, (byte)0x4c, (byte)0x32, (byte)0x08, (byte)0x01, (byte)0xd8, (byte)0x81, (byte)0xc6, (byte)0x34, (byte)0x12, (byte)0x00, (byte)0x00 }, 54 "X86 16bit (Intel syntax)" 55 ), 56 new platform( 57 Capstone.CS_ARCH_X86, 58 Capstone.CS_MODE_32, 59 Capstone.CS_OPT_SYNTAX_ATT, 60 X86_CODE, 61 "X86 32bit (ATT syntax)" 62 ), 63 new platform( 64 Capstone.CS_ARCH_X86, 65 Capstone.CS_MODE_32, 66 X86_CODE, 67 "X86 32 (Intel syntax)" 68 ), 69 new platform( 70 Capstone.CS_ARCH_X86, 71 Capstone.CS_MODE_64, 72 new byte[] {(byte)0x55, (byte)0x48, (byte)0x8b, (byte)0x05, (byte)0xb8, (byte)0x13, (byte)0x00, (byte)0x00 }, 73 "X86 64 (Intel syntax)" 74 ), 75 new platform( 76 Capstone.CS_ARCH_ARM, 77 Capstone.CS_MODE_ARM, 78 new byte[] { (byte)0xED, (byte)0xFF, (byte)0xFF, (byte)0xEB, (byte)0x04, (byte)0xe0, (byte)0x2d, (byte)0xe5, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0xe0, (byte)0x83, (byte)0x22, (byte)0xe5, (byte)0xf1, (byte)0x02, (byte)0x03, (byte)0x0e, (byte)0x00, (byte)0x00, (byte)0xa0, (byte)0xe3, (byte)0x02, (byte)0x30, (byte)0xc1, (byte)0xe7, (byte)0x00, (byte)0x00, (byte)0x53, (byte)0xe3 }, 79 "ARM" 80 ), 81 new platform( 82 Capstone.CS_ARCH_ARM, 83 Capstone.CS_MODE_THUMB, 84 new byte[] {(byte)0x4f, (byte)0xf0, (byte)0x00, (byte)0x01, (byte)0xbd, (byte)0xe8, (byte)0x00, (byte)0x88, (byte)0xd1, (byte)0xe8, (byte)0x00, (byte)0xf0 }, 85 "THUMB-2" 86 ), 87 new platform( 88 Capstone.CS_ARCH_ARM, 89 Capstone.CS_MODE_ARM, 90 new byte[] {(byte)0x10, (byte)0xf1, (byte)0x10, (byte)0xe7, (byte)0x11, (byte)0xf2, (byte)0x31, (byte)0xe7, (byte)0xdc, (byte)0xa1, (byte)0x2e, (byte)0xf3, (byte)0xe8, (byte)0x4e, (byte)0x62, (byte)0xf3 }, 91 "ARM: Cortex-A15 + NEON" 92 ), 93 new platform( 94 Capstone.CS_ARCH_ARM, 95 Capstone.CS_MODE_THUMB, 96 new byte[] {(byte)0x70, (byte)0x47, (byte)0xeb, (byte)0x46, (byte)0x83, (byte)0xb0, (byte)0xc9, (byte)0x68 }, 97 "THUMB" 98 ), 99 new platform( 100 Capstone.CS_ARCH_MIPS, 101 Capstone.CS_MODE_MIPS32 + Capstone.CS_MODE_BIG_ENDIAN, 102 new byte[] {(byte)0x0C, (byte)0x10, (byte)0x00, (byte)0x97, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x24, (byte)0x02, (byte)0x00, (byte)0x0c, (byte)0x8f, (byte)0xa2, (byte)0x00, (byte)0x00, (byte)0x34, (byte)0x21, (byte)0x34, (byte)0x56 }, 103 "MIPS-32 (Big-endian)" 104 ), 105 new platform( 106 Capstone.CS_ARCH_MIPS, 107 Capstone.CS_MODE_MIPS64+ Capstone.CS_MODE_LITTLE_ENDIAN, 108 new byte[] {(byte)0x56, (byte)0x34, (byte)0x21, (byte)0x34, (byte)0xc2, (byte)0x17, (byte)0x01, (byte)0x00 }, 109 "MIPS-64-EL (Little-endian)" 110 ), 111 new platform( 112 Capstone.CS_ARCH_ARM64, 113 Capstone.CS_MODE_ARM, 114 new byte [] { 0x21, 0x7c, 0x02, (byte)0x9b, 0x21, 0x7c, 0x00, 0x53, 0x00, 0x40, 0x21, 0x4b, (byte)0xe1, 0x0b, 0x40, (byte)0xb9 }, 115 "ARM-64" 116 ), 117 new platform ( 118 Capstone.CS_ARCH_PPC, 119 Capstone.CS_MODE_BIG_ENDIAN, 120 PPC_CODE, 121 "PPC-64" 122 ), 123 new platform ( 124 Capstone.CS_ARCH_PPC, 125 Capstone.CS_MODE_BIG_ENDIAN, 126 Capstone.CS_OPT_SYNTAX_NOREGNAME, 127 PPC_CODE, 128 "PPC-64, print register with number only" 129 ), 130 new platform ( 131 Capstone.CS_ARCH_SPARC, 132 Capstone.CS_MODE_BIG_ENDIAN, 133 SPARC_CODE, 134 "Sparc" 135 ), 136 new platform ( 137 Capstone.CS_ARCH_SPARC, 138 Capstone.CS_MODE_BIG_ENDIAN + Capstone.CS_MODE_V9, 139 SPARCV9_CODE, 140 "SparcV9" 141 ), 142 new platform ( 143 Capstone.CS_ARCH_SYSZ, 144 0, 145 SYSZ_CODE, 146 "SystemZ" 147 ), 148 new platform ( 149 Capstone.CS_ARCH_XCORE, 150 0, 151 XCORE_CODE, 152 "XCore" 153 ), 154 }; 155 156 for (int j = 0; j < platforms.length; j++) { 157 System.out.println("****************"); 158 System.out.println(String.format("Platform: %s", platforms[j].comment)); 159 System.out.println(String.format("Code: %s", stringToHex(platforms[j].code))); 160 System.out.println("Disasm:"); 161 162 Capstone cs = new Capstone(platforms[j].arch, platforms[j].mode); 163 if (platforms[j].syntax != 0) 164 cs.setSyntax(platforms[j].syntax); 165 166 Capstone.CsInsn[] all_insn = cs.disasm(platforms[j].code, 0x1000); 167 168 for (int i = 0; i < all_insn.length; i++) { 169 System.out.println(String.format("0x%x: \t%s\t%s", all_insn[i].address, 170 all_insn[i].mnemonic, all_insn[i].opStr)); 171 } 172 System.out.printf("0x%x:\n\n", all_insn[all_insn.length-1].address + all_insn[all_insn.length-1].size); 173 174 // Close when done 175 cs.close(); 176 } 177 } 178 } 179