{"id":6317,"date":"2022-01-15T17:34:51","date_gmt":"2022-01-15T09:34:51","guid":{"rendered":"https:\/\/www.wangonc.com\/?p=6317"},"modified":"2024-04-08T20:18:45","modified_gmt":"2024-04-08T12:18:45","slug":"keystone","status":"publish","type":"post","link":"https:\/\/www.wangonc.com\/index.php\/2022\/01\/15\/keystone\/","title":{"rendered":"keystone"},"content":{"rendered":"<p><strong>keystone\u5b98\u7f51<\/strong><\/p>\n<p><a href=\"http:\/\/www.keystone-engine.org\/\">Keystone<\/a><\/p>\n<p><strong>\u5b98\u65b9\u4f7f\u7528\u6559\u7a0b<\/strong><\/p>\n<p><a href=\"https:\/\/www.keystone-engine.org\/docs\/tutorial.html\">Programming with C &amp; Python<\/a><\/p>\n<h2>keystone<\/h2>\n<p>keystone\u4e3a\u4e00\u6b3e\u6c47\u7f16\u5f15\u64ce\uff0c\u53ef\u4ee5\u5c06\u6c47\u7f16\u6307\u4ee4\u7ffb\u8bd1\u4e3a\u5b57\u8282\u7801<\/p>\n<p>\u5728python\u4e0b\u7684\u793a\u4f8b\u4f7f\u7528\u65b9\u6cd5\u5982\u4e0b\uff08\u4ee5arm64\u6c47\u7f16\u4e3a\u4f8b\uff09<\/p>\n<pre><code class=\"language-python\">from keystone import *\n\ncode =\n&quot;&quot;&quot;\nmov x1,1;\nmov x2,2;\nsub x3,x2,x1;\n&quot;&quot;&quot;\n\nKS = Ks(KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN)\ncode,count=KS.asm(code)\n\nprint(code)\n\n# \u6267\u884c\u8f93\u51fa\u5982\u4e0b\n# [1, 16, 160, 227, 2, 32, 160, 227, 1, 48, 66, 224]<\/code><\/pre>\n<p>\u4e0a\u8ff0\u4ee3\u7801\u4e2dcode\u4e3a\u6c47\u7f16\u4ee3\u7801\uff0c\u5176\u6709\u4e24\u4e2d\u4ee3\u7801\u5206\u9694\u65b9\u5f0f\uff0c\u5373<code>;<\/code>\u6216<code>\/n<\/code><\/p>\n<p><code>Ks(KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN)<\/code> \u4e00\u884c\u7528\u4e8e\u521d\u59cb\u5316Keystone\u7c7b\uff0c\u5176\u6709\u4e24\u4e2a\u53c2\u6570\uff1a\u786c\u4ef6\u67b6\u6784\u548c\u786c\u4ef6\u6a21\u5f0f<\/p>\n<p>\u5982\u679c\u9700\u8981\u4f7f\u7528\u4e0d\u540c\u8bed\u6cd5\u7684\u6307\u4ee4\u96c6\uff0c\u9700\u8981\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u8fdb\u884c\u6307\u5b9a\uff08\u4ee5AT&amp;T\u8bed\u6cd5\u7684x86\u6307\u4ee4\u96c6\u4e3a\u4f8b\uff09<\/p>\n<pre><code class=\"language-python\">ks = Ks(KS_ARCH_X86, KS_MODE_32)\nks.syntax = KS_OPT_SYNTAX_ATT<\/code><\/pre>\n<p><code>code,count=KS.asm(code)<\/code> \u4e00\u53e5\u7684\u542b\u4e49\u4e3a\u8c03\u7528Ks\u7c7b\u7684asm\u65b9\u6cd5\u6765\u5c06\u7ed9\u5b9a\u7684\u6c47\u7f16\u4ee3\u7801\u89e3\u6790\u4e3a\u5b57\u8282\u7801\uff0c\u5176\u53c2\u6570\u4e3a\u6c47\u7f16\u6307\u4ee4\u3002<\/p>\n<p>\u5176\u51fd\u6570\u539f\u578b\u4e3a<code>asm(string, addr=0, as_bytes=False)<\/code><\/p>\n<p><strong>string<\/strong>:\u9700\u8981\u89e3\u6790\u7684\u6307\u4ee4<\/p>\n<p><strong>addr<\/strong>:\u7b2c\u4e00\u6761\u6307\u4ee4\u7684\u5730\u5740\uff08\u67d0\u4e9b\u67b6\u6784\u4e0b\u53ef\u4ee5\u5ffd\u7565\uff09\uff0c\u9ed8\u8ba4\u4e3a0<\/p>\n<p><strong>as_bytes<\/strong>:\u662f\u5426\u8fd4\u56debytes\u4e32\uff0c\u9ed8\u8ba4\u8fd4\u56delist<\/p>\n<p>\u8be5\u51fd\u6570\u6709\u4e24\u4e2a\u8fd4\u56de\u503c\uff0c\u7b2c\u4e00\u4e2a\u4e3a<strong>\u89e3\u6790\u7684\u7ed3\u679c<\/strong>\uff08\u6839\u636e\u53c2\u6570\u4e0d\u540c\u8fd4\u56de\u4e3alist\u6216bytes\u4e32\uff09\uff0c\u7b2c\u4e8c\u4e2a\u4e3a<strong>\u8bed\u53e5\u6570\u91cf<\/strong>\uff08\u672a\u627e\u5230\u8be6\u7ec6\u7684\u5b98\u65b9\u8bf4\u660e\uff09<\/p>\n<hr \/>\n<p>\u5176\u652f\u6301\u7684\u67b6\u6784\u5982\u4e0b<\/p>\n<pre><code class=\"language-python\">KS_ARCH_ARM = 1 # ARM \u67b6\u6784 (\u5305\u62ec Thumb, Thumb-2)\nKS_ARCH_ARM64 = 2 # ARM-64, \u4e5f\u79f0 AArch64\nKS_ARCH_MIPS = 3 # Mips \u67b6\u6784\nKS_ARCH_X86 = 4 # X86 \u67b6\u6784 (\u5305\u62ec x86 &amp; x86-64)\nKS_ARCH_PPC = 5 # PowerPC \u67b6\u6784\nKS_ARCH_SPARC = 6 # Sparc \u67b6\u6784\nKS_ARCH_SYSTEMZ = 7 # SystemZ \u67b6\u6784\nKS_ARCH_HEXAGON = 8\nKS_ARCH_EVM = 9\nKS_ARCH_MAX = 10<\/code><\/pre>\n<p>\u5176\u652f\u6301\u7684\u6a21\u5f0f\u5982\u4e0b<\/p>\n<pre><code class=\"language-python\">KS_MODE_LITTLE_ENDIAN = 0,    # \u5c0f\u7aef\u5e8f\u6a21\u5f0f\nKS_MODE_BIG_ENDIAN = 1 &lt;&lt; 30, # \u5927\u7aef\u5e8f\u6a21\u5f0f\n\n# arm \/ arm64\nKS_MODE_ARM = 0,              # ARM \u6a21\u5f0f\nKS_MODE_THUMB = 1 &lt;&lt; 4,       # THUMB \u6a21\u5f0f (\u5305\u62ec Thumb-2)\nKS_MODE_MCLASS = 1 &lt;&lt; 5,      # ARM&#039;s Cortex-M \u7cfb\u5217\nKS_MODE_V8 = 1 &lt;&lt; 6,          # ARMv8 A32 encodings for ARM\n\n# arm (32bit) cpu \u7c7b\u578b\nKS_MODE_ARM926 = 1 &lt;&lt; 7,      # ARM926 CPU \u7c7b\u578b\nKS_MODE_ARM946 = 1 &lt;&lt; 8,      # ARM946 CPU \u7c7b\u578b\nKS_MODE_ARM1176 = 1 &lt;&lt; 9,     # ARM1176 CPU \u7c7b\u578b\n\n# mips\nKS_MODE_MICRO = 1 &lt;&lt; 4,       # MicroMips \u6a21\u5f0f\nKS_MODE_MIPS3 = 1 &lt;&lt; 5,       # Mips III ISA\nKS_MODE_MIPS32R6 = 1 &lt;&lt; 6,    # Mips32r6 ISA\nKS_MODE_MIPS32 = 1 &lt;&lt; 2,      # Mips32 ISA\nKS_MODE_MIPS64 = 1 &lt;&lt; 3,      # Mips64 ISA\n\n# x86 \/ x64\nKS_MODE_16 = 1 &lt;&lt; 1,          # 16-bit \u6a21\u5f0f\nKS_MODE_32 = 1 &lt;&lt; 2,          # 32-bit \u6a21\u5f0f\nKS_MODE_64 = 1 &lt;&lt; 3,          # 64-bit \u6a21\u5f0f\n\n# ppc\nKS_MODE_PPC32 = 1 &lt;&lt; 2,       # 32-bit \u6a21\u5f0f\nKS_MODE_PPC64 = 1 &lt;&lt; 3,       # 64-bit \u6a21\u5f0f\nKS_MODE_QPX = 1 &lt;&lt; 4,         # Quad Processing eXtensions \u6a21\u5f0f\n\n# sparc\nKS_MODE_SPARC32 = 1 &lt;&lt; 2,     # 32-bit\nKS_MODE_SPARC64 = 1 &lt;&lt; 3,     # 64-bit\nKS_MODE_V9 = 1 &lt;&lt; 4,          # SparcV9 \u6a21\u5f0f<\/code><\/pre>\n<p><strong>\u5e38\u89c1\u7684\u67b6\u6784\u4e0e\u6a21\u5f0f\u7ec4\u5408\u5982\u4e0b<\/strong><\/p>\n<pre><code class=\"language-python\"># X86\nKs(KS_ARCH_X86, KS_MODE_16)\nKs(KS_ARCH_X86, KS_MODE_32)\nKs(KS_ARCH_X86, KS_MODE_64)\n\n# RADIX16 syntax Intel (default syntax)\nKs(KS_ARCH_X86, KS_MODE_32).syntax=KS_OPT_SYNTAX_RADIX16\n\n# ARM\nKs(KS_ARCH_ARM, KS_MODE_ARM)\nKs(KS_ARCH_ARM, KS_MODE_ARM + KS_MODE_BIG_ENDIAN)\nKs(KS_ARCH_ARM, KS_MODE_THUMB)\nKs(KS_ARCH_ARM, KS_MODE_THUMB + KS_MODE_BIG_ENDIAN)\n\n# ARM64\nKs(KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN)\n\n# Hexagon\nKs(KS_ARCH_HEXAGON, KS_MODE_BIG_ENDIAN)\n\n# Mips\nKs(KS_ARCH_MIPS, KS_MODE_MIPS32)\nKs(KS_ARCH_MIPS, KS_MODE_MIPS32 + KS_MODE_BIG_ENDIAN)\nKs(KS_ARCH_MIPS, KS_MODE_MIPS64)\nKs(KS_ARCH_MIPS, KS_MODE_MIPS64 + KS_MODE_BIG_ENDIAN)\n\n# PowerPC\nKs(KS_ARCH_PPC, KS_MODE_PPC32 + KS_MODE_BIG_ENDIAN)\nKs(KS_ARCH_PPC, KS_MODE_PPC64)\nKs(KS_ARCH_PPC, KS_MODE_PPC64 + KS_MODE_BIG_ENDIAN)\n\n# Sparc\nKs(KS_ARCH_SPARC, KS_MODE_SPARC32 + KS_MODE_LITTLE_ENDIAN)\nKs(KS_ARCH_SPARC, KS_MODE_SPARC32 + KS_MODE_BIG_ENDIAN)\n\n# SystemZ\nKs(KS_ARCH_SYSTEMZ, KS_MODE_BIG_ENDIAN)<\/code><\/pre>\n<p>\u5176\u652f\u6301\u7684\u6240\u6709\u8bed\u6cd5\u5982\u4e0b<\/p>\n<pre><code class=\"language-python\">KS_OPT_SYNTAX_INTEL = 1&lt;&lt;0\nKS_OPT_SYNTAX_ATT = 1&lt;&lt;1        #AT&amp;T\nKS_OPT_SYNTAX_NASM = 1&lt;&lt;2\nKS_OPT_SYNTAX_MASM = 1&lt;&lt;3\nKS_OPT_SYNTAX_GAS = 1&lt;&lt;4\nKS_OPT_SYNTAX_RADIX16 = 1&lt;&lt;5    #Radix16<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>keystone\u5b98\u7f51 Keystone \u5b98\u65b9\u4f7f\u7528\u6559\u7a0b Programming with C &amp; Pyt [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6391,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,2,8],"tags":[19],"series":[],"class_list":["post-6317","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-so-reverse-engineering","category-study-notes","category-android-reverse-engineering","tag-keystone"],"_links":{"self":[{"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/posts\/6317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/comments?post=6317"}],"version-history":[{"count":6,"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/posts\/6317\/revisions"}],"predecessor-version":[{"id":7485,"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/posts\/6317\/revisions\/7485"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/media\/6391"}],"wp:attachment":[{"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/media?parent=6317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/categories?post=6317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/tags?post=6317"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/www.wangonc.com\/index.php\/wp-json\/wp\/v2\/series?post=6317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}