plasma-disassembler / plasma Goto Github PK
View Code? Open in Web Editor NEWPlasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
License: GNU General Public License v3.0
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
License: GNU General Public License v3.0
diff --git a/plasma/lib/arch/mips/output.py b/plasma/lib/arch/mips/output.py
index 22b204b..67fa1fa 100644
--- a/plasma/lib/arch/mips/output.py
+++ b/plasma/lib/arch/mips/output.py
@@ -31,7 +31,7 @@ from capstone.mips import (MIPS_OP_IMM, MIPS_OP_MEM, MIPS_OP_REG,
from plasma.lib.output import OutputAbs
from plasma.lib.arch.mips.utils import (inst_symbol, is_call, is_jump, is_ret,
is_uncond_jump, cond_symbol)
-
+from capstone.mips import (MIPS_INS_SLT, MIPS_INS_SLTI, MIPS_INS_SLTIU, MIPS_INS_SLTU)
# ASSIGNMENT_OPS = {ARM_INS_EOR, ARM_INS_AND, ARM_INS_ORR}
ASSIGNMENT_OPS = {}
@@ -67,7 +67,7 @@ INST_CHECK = {MIPS_INS_AND, MIPS_INS_SLL, MIPS_INS_SRA, MIPS_INS_SRL,
ADD_CHECK = {MIPS_INS_ADD, MIPS_INS_ADDU, MIPS_INS_ADDIU}
SUB_CHECK = {MIPS_INS_SUB, MIPS_INS_SUBU}
-
+SLT_CHECK = {MIPS_INS_SLT, MIPS_INS_SLTI, MIPS_INS_SLTIU, MIPS_INS_SLTU}
class Output(OutputAbs):
def _operand(self, i, num_op, hexa=False, show_deref=True,
@@ -176,6 +176,15 @@ class Output(OutputAbs):
self._operand(i, 0)
return
+ if i.id in SLT_CHECK:
+ self._operand(i, 0)
+ self._add(" = 1 if ")
+ self._operand(i, 1)
+ self._add(" < ")
+ self._operand(i, 2)
+ self._add(" else 0")
+ return
+
if i.id == MIPS_INS_NEG:
self._operand(i, 0)
self._add(" = -")
Result:
0x80000118: $v0 = 1 if $v0 < 33 else 0
# 0x8000011c: bnez $v0, 0x80000168
0x80000120: $v0 = 48
if == 0 {
But ideally, it's better to do so:
# 0x80000118: $v0 = 1 if $v0 < 33 else 0
# 0x8000011c: bnez $v0, 0x80000168
0x80000120: $v0 = 48
if not ($v0 < 33) {
or
# 0x80000118: $v0 = 1 if $v0 < 33 else 0
# 0x8000011c: bnez $v0, 0x80000168
0x80000120: $v0 = 48
if $v0 >= 33 {
I found some bug, if into elf file doesnt contains section names, the parser may not see or display some sections.
Example:
First section in file has len(name) == 0
diff --git a/plasma/lib/fileformat/elf.py b/plasma/lib/fileformat/elf.py
index c1349b8..2176ade 100644
--- a/plasma/lib/fileformat/elf.py
+++ b/plasma/lib/fileformat/elf.py
@@ -108,7 +108,8 @@ class ELF(Binary):
# Load sections
for s in self.elf.iter_sections():
if not s.name:
- continue
+ s.name = '.unknow'
+ # continue
# Keep only sections R|W|X
# TODO : is it sufficiant ?
Fatal IO error: client killed
I see the Dockerfile, is there a Docker image in the hub?
As reported in the subject.
$ python3 reverse.py /bin/ls -x asd
error: symbol asd not found
error: Try with --sym to see all symbols.
error: If you have set the option --dump or --calls you need to set
error: the option -x (see --help).
Exception ignored in: <bound method Cs.__del__ of <capstone.Cs object at 0x7f48d81a8d68>>
Traceback (most recent call last):
File "/usr/local/lib/python3.4/dist-packages/capstone/__init__.py", line 696, in __del__
TypeError: 'NoneType' object is not callable
Another minor issue here: the --sym
option does not exists, you may intend --symbol
. Please note that the exception is randomly triggered (maybe 1 out of 5 executions). Let me know if can't reproduce it and need further information.
Nose package is also a requirement so add it in the requirements.
I ran the install.sh to create a makefile and when I try to make it every test passes except for this one. Here is the log I am given when I attempt to generate the makefile.
rm -f ./cs.o ./utils.o ./SStream.o ./MCInstrDesc.o ./MCRegisterInfo.o ./arch/ARM/ARMDisassembler.o ./arch/ARM/ARMInstPrinter.o ./arch/ARM/ARMMapping.o ./arch/ARM/ARMModule.o ./arch/AArch64/AArch64BaseInfo.o ./arch/AArch64/AArch64Disassembler.o ./arch/AArch64/AArch64InstPrinter.o ./arch/AArch64/AArch64Mapping.o ./arch/AArch64/AArch64Module.o ./arch/Mips/MipsDisassembler.o ./arch/Mips/MipsInstPrinter.o ./arch/Mips/MipsMapping.o ./arch/Mips/MipsModule.o ./arch/PowerPC/PPCDisassembler.o ./arch/PowerPC/PPCInstPrinter.o ./arch/PowerPC/PPCMapping.o ./arch/PowerPC/PPCModule.o ./arch/Sparc/SparcDisassembler.o ./arch/Sparc/SparcInstPrinter.o ./arch/Sparc/SparcMapping.o ./arch/Sparc/SparcModule.o ./arch/SystemZ/SystemZDisassembler.o ./arch/SystemZ/SystemZInstPrinter.o ./arch/SystemZ/SystemZMapping.o ./arch/SystemZ/SystemZModule.o ./arch/SystemZ/SystemZMCTargetDesc.o ./arch/X86/X86DisassemblerDecoder.o ./arch/X86/X86Disassembler.o ./arch/X86/X86IntelInstPrinter.o ./arch/X86/X86ATTInstPrinter.o ./arch/X86/X86Mapping.o ./arch/X86/X86Module.o ./arch/XCore/XCoreDisassembler.o ./arch/XCore/XCoreInstPrinter.o ./arch/XCore/XCoreMapping.o ./arch/XCore/XCoreModule.o ./MCInst.o
rm -f ./libcapstone.* ./capstone.pc
rm -f ./capstone.pc
make -C cstool clean
make[1]: Entering directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/cstool'
rm -f -rf .o cstool
make[1]: Leaving directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/cstool'
cd tests && make clean
make[1]: Entering directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/tests'
rm -rf ./test_basic.o ./test_detail.o ./test_skipdata.o ./test_iter.o ./test_arm.o ./test_arm64.o ./test_mips.o ./test_ppc.o ./test_sparc.o ./test_systemz.o ./test_x86.o ./test_xcore.o ./test_basic ./test_detail ./test_skipdata ./test_iter ./test_arm ./test_arm64 ./test_mips ./test_ppc ./test_sparc ./test_systemz ./test_x86 ./test_xcore ./.exe ./.static ./libcapstone. ./capstone.*
make[1]: Leaving directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/tests'
rm -f ./tests/libcapstone.so
cd bindings/python && make clean
make[1]: Entering directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/bindings/python'
rm -rf build/ src/ dist/ .egg-info
rm -rf capstone/lib capstone/include pyx/lib pyx/include
rm -f pyx/.c pyx/init.py
for f in capstone/.py; do rm -f pyx/$(basename $f)x; done
rm -f MANIFEST
make[1]: Leaving directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/bindings/python'
cd bindings/java && make clean
make[1]: Entering directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/bindings/java'
rm -rf ./capstone/.class
rm -rf ./.class ./.log ./*.jar
make[1]: Leaving directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/bindings/java'
cd bindings/ocaml && make clean
make[1]: Entering directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/bindings/ocaml'
rm -f *.[oa] *.so *.cm[ixoa] *.cmxa .mli test_basic test_detail test_x86 test_arm test_arm64 test_mips test_ppc test_sparc test_systemz test_xcore
make[1]: Leaving directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/bindings/ocaml'
CC cs.o
CC utils.o
CC SStream.o
CC MCInstrDesc.o
CC MCRegisterInfo.o
CC arch/ARM/ARMDisassembler.o
CC arch/ARM/ARMInstPrinter.o
CC arch/ARM/ARMMapping.o
CC arch/ARM/ARMModule.o
CC arch/AArch64/AArch64BaseInfo.o
CC arch/AArch64/AArch64Disassembler.o
CC arch/AArch64/AArch64InstPrinter.o
CC arch/AArch64/AArch64Mapping.o
CC arch/AArch64/AArch64Module.o
CC arch/Mips/MipsDisassembler.o
CC arch/Mips/MipsInstPrinter.o
CC arch/Mips/MipsMapping.o
CC arch/Mips/MipsModule.o
CC arch/PowerPC/PPCDisassembler.o
CC arch/PowerPC/PPCInstPrinter.o
CC arch/PowerPC/PPCMapping.o
CC arch/PowerPC/PPCModule.o
CC arch/Sparc/SparcDisassembler.o
CC arch/Sparc/SparcInstPrinter.o
CC arch/Sparc/SparcMapping.o
CC arch/Sparc/SparcModule.o
CC arch/SystemZ/SystemZDisassembler.o
CC arch/SystemZ/SystemZInstPrinter.o
CC arch/SystemZ/SystemZMapping.o
CC arch/SystemZ/SystemZModule.o
CC arch/SystemZ/SystemZMCTargetDesc.o
CC arch/X86/X86DisassemblerDecoder.o
CC arch/X86/X86Disassembler.o
CC arch/X86/X86IntelInstPrinter.o
CC arch/X86/X86ATTInstPrinter.o
CC arch/X86/X86Mapping.o
CC arch/X86/X86Module.o
CC arch/XCore/XCoreDisassembler.o
CC arch/XCore/XCoreInstPrinter.o
CC arch/XCore/XCoreMapping.o
CC arch/XCore/XCoreModule.o
CC MCInst.o
LINK libcapstone.so
AR libcapstone.a
GEN capstone.pc
make[1]: Entering directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/cstool'
CC cstool_arm64.o
CC cstool_sparc.o
CC cstool_ppc.o
CC cstool_arm.o
CC cstool_xcore.o
CC cstool.o
CC cstool_x86.o
CC cstool_systemz.o
CC cstool_mips.o
LINK cstool
make[1]: Leaving directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/cstool'
cd tests && make
make[1]: Entering directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/tests'
CC test_basic.o
CC test_detail.o
CC test_skipdata.o
CC test_iter.o
CC test_arm.o
CC test_arm64.o
CC test_mips.o
CC test_ppc.o
CC test_sparc.o
CC test_systemz.o
CC test_x86.o
CC test_xcore.o
LINK test_basic
LINK test_basic.static
LINK test_detail
LINK test_detail.static
LINK test_skipdata
LINK test_skipdata.static
LINK test_iter
LINK test_iter.static
LINK test_arm
LINK test_arm.static
LINK test_arm64
LINK test_arm64.static
LINK test_mips
LINK test_mips.static
LINK test_ppc
LINK test_ppc.static
LINK test_sparc
LINK test_sparc.static
LINK test_systemz
LINK test_systemz.static
LINK test_x86
LINK test_x86.static
LINK test_xcore
LINK test_xcore.static
make[1]: Leaving directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3/tests'
install -m0755 ./libcapstone.so ./tests/
cd ./tests/ && mv libcapstone.so libcapstone.so.3 && ln -s libcapstone.so.3 libcapstone.so
mkdir -p /usr/lib
install -m0755 ./libcapstone.so /usr/lib
cd /usr/lib && mv libcapstone.so libcapstone.so.3 && ln -s libcapstone.so.3 libcapstone.so
install -m0644 ./libcapstone.a /usr/lib
mkdir -p /usr/include/capstone
install -m0644 include/.h /usr/include/capstone
mkdir -p /usr/lib/pkgconfig
install -m0644 ./capstone.pc /usr/lib/pkgconfig/
mkdir -p /usr/bin
install -m0755 cstool/cstool /usr/bin
rm -rf src/
if test -n ""; then
python3 setup.py build install --root="";
else
python3 setup.py build install;
fi
running build
Building C extensions
make[1]: Entering directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/bob/dev/plasma/build/capstone_3.0.5-rc3'
running build_py
creating build
creating build/lib
creating build/lib/capstone
copying capstone/arm64.py -> build/lib/capstone
copying capstone/sysz_const.py -> build/lib/capstone
copying capstone/mips.py -> build/lib/capstone
copying capstone/arm.py -> build/lib/capstone
copying capstone/init.py -> build/lib/capstone
copying capstone/ppc.py -> build/lib/capstone
copying capstone/ppc_const.py -> build/lib/capstone
copying capstone/sparc.py -> build/lib/capstone
copying capstone/x86.py -> build/lib/capstone
copying capstone/systemz.py -> build/lib/capstone
copying capstone/arm_const.py -> build/lib/capstone
copying capstone/xcore.py -> build/lib/capstone
copying capstone/arm64_const.py -> build/lib/capstone
copying capstone/xcore_const.py -> build/lib/capstone
copying capstone/sparc_const.py -> build/lib/capstone
copying capstone/mips_const.py -> build/lib/capstone
copying capstone/x86_const.py -> build/lib/capstone
running egg_info
creating capstone.egg-info
writing top-level names to capstone.egg-info/top_level.txt
writing capstone.egg-info/PKG-INFO
writing dependency_links to capstone.egg-info/dependency_links.txt
writing manifest file 'capstone.egg-info/SOURCES.txt'
reading manifest file 'capstone.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'capstone.egg-info/SOURCES.txt'
creating build/lib/capstone/lib
copying capstone/lib/libcapstone.so -> build/lib/capstone/lib
copying capstone/lib/libcapstone.a -> build/lib/capstone/lib
creating build/lib/capstone/include
creating build/lib/capstone/include/capstone
copying capstone/include/capstone/systemz.h -> build/lib/capstone/include/capstone
copying capstone/include/capstone/platform.h -> build/lib/capstone/include/capstone
copying capstone/include/capstone/sparc.h -> build/lib/capstone/include/capstone
copying capstone/include/capstone/mips.h -> build/lib/capstone/include/capstone
copying capstone/include/capstone/capstone.h -> build/lib/capstone/include/capstone
copying capstone/include/capstone/arm64.h -> build/lib/capstone/include/capstone
copying capstone/include/capstone/xcore.h -> build/lib/capstone/include/capstone
copying capstone/include/capstone/arm.h -> build/lib/capstone/include/capstone
copying capstone/include/capstone/x86.h -> build/lib/capstone/include/capstone
copying capstone/include/capstone/ppc.h -> build/lib/capstone/include/capstone
running install
Checking .pth file support in /usr/local/lib/python3.5/dist-packages/
/usr/bin/python3 -E -c pass
TEST PASSED: /usr/local/lib/python3.5/dist-packages/ appears to support .pth files
running bdist_egg
installing library code to build/bdist.linux-x86_64/egg
running install_lib
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/arm64.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/sysz_const.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/mips.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/arm.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/init.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/ppc.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/ppc_const.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/sparc.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/x86.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/systemz.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/arm_const.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/xcore.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/arm64_const.py -> build/bdist.linux-x86_64/egg/capstone
creating build/bdist.linux-x86_64/egg/capstone/include
creating build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/include/capstone/systemz.h -> build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/include/capstone/platform.h -> build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/include/capstone/sparc.h -> build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/include/capstone/mips.h -> build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/include/capstone/capstone.h -> build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/include/capstone/arm64.h -> build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/include/capstone/xcore.h -> build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/include/capstone/arm.h -> build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/include/capstone/x86.h -> build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/include/capstone/ppc.h -> build/bdist.linux-x86_64/egg/capstone/include/capstone
copying build/lib/capstone/xcore_const.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/sparc_const.py -> build/bdist.linux-x86_64/egg/capstone
creating build/bdist.linux-x86_64/egg/capstone/lib
copying build/lib/capstone/lib/libcapstone.so -> build/bdist.linux-x86_64/egg/capstone/lib
copying build/lib/capstone/lib/libcapstone.a -> build/bdist.linux-x86_64/egg/capstone/lib
copying build/lib/capstone/mips_const.py -> build/bdist.linux-x86_64/egg/capstone
copying build/lib/capstone/x86_const.py -> build/bdist.linux-x86_64/egg/capstone
byte-compiling build/bdist.linux-x86_64/egg/capstone/arm64.py to arm64.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/sysz_const.py to sysz_const.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/mips.py to mips.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/arm.py to arm.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/init.py to init.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/ppc.py to ppc.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/ppc_const.py to ppc_const.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/sparc.py to sparc.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/x86.py to x86.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/systemz.py to systemz.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/arm_const.py to arm_const.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/xcore.py to xcore.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/arm64_const.py to arm64_const.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/xcore_const.py to xcore_const.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/sparc_const.py to sparc_const.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/mips_const.py to mips_const.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/capstone/x86_const.py to x86_const.cpython-35.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying capstone.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying capstone.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying capstone.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying capstone.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying capstone.egg-info/zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO
writing build/bdist.linux-x86_64/egg/EGG-INFO/native_libs.txt
creating dist
creating 'dist/capstone-3.0.5rc2-py3.5.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing capstone-3.0.5rc2-py3.5.egg
Removing /usr/local/lib/python3.5/dist-packages/capstone-3.0.5rc2-py3.5.egg
Copying capstone-3.0.5rc2-py3.5.egg to /usr/local/lib/python3.5/dist-packages
capstone 3.0.5rc2 is already the active version in easy-install.pth
Installed /usr/local/lib/python3.5/dist-packages/capstone-3.0.5rc2-py3.5.egg
Processing dependencies for capstone==3.0.5rc2
Finished processing dependencies for capstone==3.0.5rc2
Requirement already satisfied (use --upgrade to upgrade): pefile in /usr/local/lib/python3.5/dist-packages (from -r requirements.txt (line 1))
Requirement already satisfied (use --upgrade to upgrade): pyelftools in /usr/local/lib/python3.5/dist-packages (from -r requirements.txt (line 2))
Requirement already satisfied (use --upgrade to upgrade): msgpack-python>=0.4.6 in /usr/local/lib/python3.5/dist-packages (from -r requirements.txt (line 3))
Requirement already satisfied (use --upgrade to upgrade): future in /usr/local/lib/python3.5/dist-packages (from pefile->-r requirements.txt (line 1))
Requirement already satisfied (use --upgrade to upgrade): future in /usr/local/lib/python3.5/dist-packages
running build_ext
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/x86/analyzer.cpython-35m-x86_64-linux-gnu.so -> plasma/lib/arch/x86
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/mips/analyzer.cpython-35m-x86_64-linux-gnu.so -> plasma/lib/arch/mips
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/arm/analyzer.cpython-35m-x86_64-linux-gnu.so -> plasma/lib/arch/arm
running install
Checking .pth file support in /usr/local/lib/python3.5/dist-packages/
/usr/bin/python3 -E -c pass
TEST PASSED: /usr/local/lib/python3.5/dist-packages/ appears to support .pth files
running bdist_egg
running egg_info
writing requirements to plasma.egg-info/requires.txt
writing top-level names to plasma.egg-info/top_level.txt
writing plasma.egg-info/PKG-INFO
writing entry points to plasma.egg-info/entry_points.txt
writing dependency_links to plasma.egg-info/dependency_links.txt
reading manifest file 'plasma.egg-info/SOURCES.txt'
writing manifest file 'plasma.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
running build_ext
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/plasma
copying build/lib.linux-x86_64-3.5/plasma/main.py -> build/bdist.linux-x86_64/egg/plasma
creating build/bdist.linux-x86_64/egg/plasma/scripts
copying build/lib.linux-x86_64-3.5/plasma/scripts/strings.py -> build/bdist.linux-x86_64/egg/plasma/scripts
copying build/lib.linux-x86_64-3.5/plasma/scripts/crypto.py -> build/bdist.linux-x86_64/egg/plasma/scripts
copying build/lib.linux-x86_64-3.5/plasma/scripts/disasm.py -> build/bdist.linux-x86_64/egg/plasma/scripts
copying build/lib.linux-x86_64-3.5/plasma/scripts/xrefsto.py -> build/bdist.linux-x86_64/egg/plasma/scripts
copying build/lib.linux-x86_64-3.5/plasma/scripts/asm.py -> build/bdist.linux-x86_64/egg/plasma/scripts
copying build/lib.linux-x86_64-3.5/plasma/init.py -> build/bdist.linux-x86_64/egg/plasma
creating build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/memmap.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/api.py -> build/bdist.linux-x86_64/egg/plasma/lib
creating build/bdist.linux-x86_64/egg/plasma/lib/fileformat
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/binary.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/pefile2.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/elf.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/init.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat
creating build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/arm64.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/amd64.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/defines.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/ppc64.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/mips.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/arm.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/init.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/ppc.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/mips64.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/generic.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/relocations/i386.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/raw.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat
copying build/lib.linux-x86_64-3.5/plasma/lib/fileformat/pe.py -> build/bdist.linux-x86_64/egg/plasma/lib/fileformat
copying build/lib.linux-x86_64-3.5/plasma/lib/graph.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/colors.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/analyzer.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/init.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/memory.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/ast.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/custom_colors.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/consts.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/utils.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/exceptions.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/generate_ast.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/disassembler.py -> build/bdist.linux-x86_64/egg/plasma/lib
copying build/lib.linux-x86_64-3.5/plasma/lib/database.py -> build/bdist.linux-x86_64/egg/plasma/lib
creating build/bdist.linux-x86_64/egg/plasma/lib/ui
copying build/lib.linux-x86_64-3.5/plasma/lib/ui/listbox.py -> build/bdist.linux-x86_64/egg/plasma/lib/ui
copying build/lib.linux-x86_64-3.5/plasma/lib/ui/inlineed.py -> build/bdist.linux-x86_64/egg/plasma/lib/ui
copying build/lib.linux-x86_64-3.5/plasma/lib/ui/console.py -> build/bdist.linux-x86_64/egg/plasma/lib/ui
copying build/lib.linux-x86_64-3.5/plasma/lib/ui/init.py -> build/bdist.linux-x86_64/egg/plasma/lib/ui
copying build/lib.linux-x86_64-3.5/plasma/lib/ui/utils.py -> build/bdist.linux-x86_64/egg/plasma/lib/ui
copying build/lib.linux-x86_64-3.5/plasma/lib/ui/vim.py -> build/bdist.linux-x86_64/egg/plasma/lib/ui
copying build/lib.linux-x86_64-3.5/plasma/lib/ui/disasmbox.py -> build/bdist.linux-x86_64/egg/plasma/lib/ui
copying build/lib.linux-x86_64-3.5/plasma/lib/ui/widget.py -> build/bdist.linux-x86_64/egg/plasma/lib/ui
copying build/lib.linux-x86_64-3.5/plasma/lib/ui/window.py -> build/bdist.linux-x86_64/egg/plasma/lib/ui
copying build/lib.linux-x86_64-3.5/plasma/lib/ui/visual.py -> build/bdist.linux-x86_64/egg/plasma/lib/ui
creating build/bdist.linux-x86_64/egg/plasma/lib/arch
creating build/bdist.linux-x86_64/egg/plasma/lib/arch/arm
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/arm/init.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/arm
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/arm/analyzer.cpython-35m-x86_64-linux-gnu.so -> build/bdist.linux-x86_64/egg/plasma/lib/arch/arm
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/arm/utils.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/arm
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/arm/output.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/arm
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/arm/process_ast.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/arm
creating build/bdist.linux-x86_64/egg/plasma/lib/arch/x86
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/x86/init.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/x86
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/x86/analyzer.cpython-35m-x86_64-linux-gnu.so -> build/bdist.linux-x86_64/egg/plasma/lib/arch/x86
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/x86/utils.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/x86
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/x86/output.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/x86
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/x86/int80.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/x86
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/x86/process_ast.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/x86
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/init.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch
creating build/bdist.linux-x86_64/egg/plasma/lib/arch/mips
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/mips/init.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/mips
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/mips/analyzer.cpython-35m-x86_64-linux-gnu.so -> build/bdist.linux-x86_64/egg/plasma/lib/arch/mips
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/mips/utils.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/mips
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/mips/output.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/mips
copying build/lib.linux-x86_64-3.5/plasma/lib/arch/mips/process_ast.py -> build/bdist.linux-x86_64/egg/plasma/lib/arch/mips
copying build/lib.linux-x86_64-3.5/plasma/lib/output.py -> build/bdist.linux-x86_64/egg/plasma/lib
byte-compiling build/bdist.linux-x86_64/egg/plasma/main.py to main.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/scripts/strings.py to strings.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/scripts/crypto.py to crypto.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/scripts/disasm.py to disasm.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/scripts/xrefsto.py to xrefsto.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/scripts/asm.py to asm.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/init.py to init.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/memmap.py to memmap.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/api.py to api.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/binary.py to binary.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/pefile2.py to pefile2.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/elf.py to elf.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/init.py to init.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/arm64.py to arm64.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/amd64.py to amd64.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/defines.py to defines.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/ppc64.py to ppc64.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/mips.py to mips.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/arm.py to arm.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/init.py to init.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/ppc.py to ppc.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/mips64.py to mips64.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/generic.py to generic.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/relocations/i386.py to i386.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/raw.py to raw.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/fileformat/pe.py to pe.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/graph.py to graph.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/colors.py to colors.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/analyzer.py to analyzer.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/init.py to init.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/memory.py to memory.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ast.py to ast.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/custom_colors.py to custom_colors.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/consts.py to consts.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/utils.py to utils.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/exceptions.py to exceptions.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/generate_ast.py to generate_ast.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/disassembler.py to disassembler.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/database.py to database.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ui/listbox.py to listbox.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ui/inlineed.py to inlineed.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ui/console.py to console.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ui/init.py to init.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ui/utils.py to utils.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ui/vim.py to vim.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ui/disasmbox.py to disasmbox.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ui/widget.py to widget.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ui/window.py to window.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/ui/visual.py to visual.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/arm/init.py to init.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/arm/utils.py to utils.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/arm/output.py to output.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/arm/process_ast.py to process_ast.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/x86/init.py to init.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/x86/utils.py to utils.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/x86/output.py to output.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/x86/int80.py to int80.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/x86/process_ast.py to process_ast.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/init.py to init.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/mips/init.py to init.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/mips/utils.py to utils.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/mips/output.py to output.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/mips/process_ast.py to process_ast.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/output.py to output.cpython-35.pyc
creating stub loader for plasma/lib/arch/x86/analyzer.cpython-35m-x86_64-linux-gnu.so
creating stub loader for plasma/lib/arch/mips/analyzer.cpython-35m-x86_64-linux-gnu.so
creating stub loader for plasma/lib/arch/arm/analyzer.cpython-35m-x86_64-linux-gnu.so
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/x86/analyzer.py to analyzer.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/mips/analyzer.py to analyzer.cpython-35.pyc
byte-compiling build/bdist.linux-x86_64/egg/plasma/lib/arch/arm/analyzer.py to analyzer.cpython-35.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying plasma.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying plasma.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying plasma.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying plasma.egg-info/entry_points.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying plasma.egg-info/requires.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying plasma.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
writing build/bdist.linux-x86_64/egg/EGG-INFO/native_libs.txt
creating 'dist/plasma-1.0-py3.5-linux-x86_64.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing plasma-1.0-py3.5-linux-x86_64.egg
removing '/usr/local/lib/python3.5/dist-packages/plasma-1.0-py3.5-linux-x86_64.egg' (and everything under it)
creating /usr/local/lib/python3.5/dist-packages/plasma-1.0-py3.5-linux-x86_64.egg
Extracting plasma-1.0-py3.5-linux-x86_64.egg to /usr/local/lib/python3.5/dist-packages
Removing plasma 1.0 from easy-install.pth file
plasma 1.0 is already the active version in easy-install.pth
Installing plasma script to /usr/local/bin
Installed /usr/local/lib/python3.5/dist-packages/plasma-1.0-py3.5-linux-x86_64.egg
Processing dependencies for plasma==1.0
Searching for msgpack-python==0.5.6
Best match: msgpack-python 0.5.6
Adding msgpack-python 0.5.6 to easy-install.pth file
Using /usr/local/lib/python3.5/dist-packages
Searching for pyelftools==0.24
Best match: pyelftools 0.24
pyelftools 0.24 is already the active version in easy-install.pth
Using /usr/local/lib/python3.5/dist-packages
Searching for pefile==2017.11.5
Best match: pefile 2017.11.5
pefile 2017.11.5 is already the active version in easy-install.pth
Using /usr/local/lib/python3.5/dist-packages
Searching for future==0.16.0
Best match: future 0.16.0
future 0.16.0 is already the active version in easy-install.pth
Installing futurize script to /usr/local/bin
Installing pasteurize script to /usr/local/bin
Using /usr/local/lib/python3.5/dist-packages
Finished processing dependencies for plasma==1.0
Anyone know what the issue might be?
The pefile library seems to be bugged. Sometimes the function pe.load_import_symbols fails because the internal function of pefile, parse_data_directories, throw an exception.
requirements.sh runs fine, installs everything that's needed, however:
python3.4 ./reverse.py tests/nestedloop1.bin
Traceback (most recent call last):
File "./reverse.py", line 29, in <module>
reverse(ctx)
File "/home/reverse/lib/__init__.py", line 234, in reverse
if not load_file(ctx):
File "/home/reverse/lib/__init__.py", line 127, in load_file
ctx.raw_base, ctx.raw_big_endian)
File "/home/reverse/lib/disassembler.py", line 35, in __init__
self.binary = Binary(filename, raw_type, raw_base, raw_big_endian)
File "/home/reverse/lib/fileformat/binary.py", line 48, in __init__
import lib.fileformat.elf as LIB_ELF
File "/home/reverse/lib/fileformat/elf.py", line 20, in <module>
from elftools.elf.elffile import ELFFile
ImportError: No module named 'elftools'
The file keyerror.c
has the following contents:
int main(int argc, char **argv) {
return 0;
}
I compiled several versions that only differ in optimization level:
$ gcc keyerror.c -o keyerror-normal
$ gcc -O1 keyerror.c -o keyerror-o1
$ gcc -O2 keyerror.c -o keyerror-o2
$ gcc -O3 keyerror.c -o keyerror-o3
$ gcc -Os keyerror.c -o keyerror-os
The first two work like it should:
$ python3 reverse.py keyerror-normal
function main {
0x4004b6: push rbp
0x4004b7: rbp = rsp # mov rbp, rsp
0x4004ba: var1 = edi # mov dword ptr [rbp - 4], edi
0x4004bd: var2 = rsi # mov qword ptr [rbp - 0x10], rsi
0x4004c1: eax = 0 # mov eax, 0
0x4004c6: pop rbp
0x4004c7: ret
}
$ python3 reverse.py keyerror-o1
function main {
0x4004b6: eax = 0 # mov eax, 0
0x4004bb: ret
}
However, the other three cause KeyError
like below:
$ python3 reverse.py keyerror-o2
Traceback (most recent call last):
File "reverse.py", line 122, in <module>
gph = dis.extract_func(addr)
File "/home/dnet/_projekt/reverse/lib/disassembler.py", line 195, in extract_func
curr = self.code[addr]
KeyError: 4195264
$ python3 reverse.py keyerror-o3
Traceback (most recent call last):
File "reverse.py", line 122, in <module>
gph = dis.extract_func(addr)
File "/home/dnet/_projekt/reverse/lib/disassembler.py", line 195, in extract_func
curr = self.code[addr]
KeyError: 4195264
$ python3 reverse.py keyerror-os
Traceback (most recent call last):
File "reverse.py", line 122, in <module>
gph = dis.extract_func(addr)
File "/home/dnet/_projekt/reverse/lib/disassembler.py", line 195, in extract_func
curr = self.code[addr]
KeyError: 4195264
I zipped and uploaded the source file and the five binaries to http://vsza.hu/joelpx-reverse-issue-keyerror-20150318.zip
I keep getting this error:
me@my-pc:~/Documents$ plasma libg.so
error: capstone can't disassemble here
me@my-pc:~/Documents$ sudo plasma libg.so
error: capstone can't disassemble here
me@my-pc:~/Documents$
Please help?
I'm sure you've been asked many times, but any plans on expanding this to PE or Mach-o?
If you're not looking that way, do you know of similar projects (Python scripts, etc.) that do?
$ make
and1 [OK]
and2 [OK]
and3 [OK]
and4 [OK]
...
shellcode_0x0 [EXCEPTION]
strlen [OK]
$ ./reverse.py --raw x86 tests/shellcode.bin
Traceback (most recent call last):
File "./reverse.py", line 29, in <module>
reverse(ctx)
File "/home/alex/tools/reverse/lib/__init__.py", line 223, in reverse
init_addr(ctx)
File "/home/alex/tools/reverse/lib/__init__.py", line 163, in init_addr
ctx.dis.check_addr(addr)
File "/home/alex/tools/reverse/lib/disassembler.py", line 49, in check_addr
addr_exists, is_exec = self.binary.check_addr(addr)
File "/home/alex/tools/reverse/lib/fileformat/binary.py", line 90, in check_addr
return self.__binary.check_addr(addr)
File "/home/alex/tools/reverse/lib/fileformat/raw.py", line 63, in check_addr
ad = addr - self.raw_base
TypeError: unsupported operand type(s) for -: 'int' and 'NoneType'
This looks like a really cool project. However, after installing all the dependencies and then Plasma, running and then giving the command v main
gives this:
Traceback (most recent call last):
File "/usr/local/lib/python3.4/dist-packages/plasma-1.0-py3.4-linux-x86_64.egg/plasma/lib/ui/console.py", line 526, in exec_command
c.callback_exec(args)
File "/usr/local/lib/python3.4/dist-packages/plasma-1.0-py3.4-linux-x86_64.egg/plasma/lib/ui/console.py", line 655, in __exec_v
Visual(self.gctx, ctx, self.analyzer, self.api)
File "/usr/local/lib/python3.4/dist-packages/plasma-1.0-py3.4-linux-x86_64.egg/plasma/lib/ui/visual.py", line 102, in __init__
curses.init_pair(1, 253, 66) # for the highlight search
_curses.error: init_pair() returned ERR
#include <stdio.h>
#include <stdlib.h>
int main() {
int i, j;
if (i == 1) {
printf("1\n");
goto next;
} else {
printf("2\n");
}
while (i < 1) {
printf("loop\n");
if (j == 6) {
printf("3\n");
} else {
printf("4\n");
}
next:
if (j == 5) {
printf("5\n");
} else {
printf("6\n");
}
i++;
}
return 0;
}
When there is a "C-goto" which jump inside a loop, the program generate a wrong code.
Hi,
I'm trying to execute it with Dockerfile but the files inside don't match with the file that there are on folder. By example:
RUN /plasma/requirements.sh
and requirements.sh doesn't exist on anywhere.
Regards.
Currently, the analyzer compute wrong variable offsets when the sp is modified, example :
mov rbx, [rsp] ; get one qword from rsp
push rax ; first arg of func
call func
; func should pop the arg
mov rbx, [rsp] ; the analyzer gives a different for this one
Running reverse in python < 3.4 results in the following error (tested with python 3.2):
$ ./reverse.py tests/nestedloop1.bin
Traceback (most recent call last):
File "./reverse.py", line 20, in <module>
from lib import reverse, parse_args
File "/home/netantho/reverse/lib/__init__.py", line 24, in <module>
from lib.disassembler import Disassembler
File "/home/netantho/reverse/lib/disassembler.py", line 25, in <module>
from lib.output import print_no_end
File "/home/netantho/reverse/lib/output.py", line 20, in <module>
from lib.colors import (color_addr, color_comment, color_keyword, color_type,
File "/home/netantho/reverse/lib/colors.py", line 21, in <module>
from pathlib import Path
ImportError: No module named pathlib
pathlib
is available only from python 3.4.
Also, the python
command needs to link to python 3.4 to install capstone.
I get the following traceback when installing into a virtual environment.
Traceback (most recent call last):
File "setup.py", line 9, in <module>
from pip.req import parse_requirements
ImportError: No module named 'pip'
Looks like https://github.com/AndCycle/pefile was deleted.
I found a function which starts and ends with :
lea ecx, dword ptr [esp + 4]
and esp, 0xfffffff0
push dword ptr [ecx - 4]
push ebp
mov ebp, esp
push esi
push ebx
push ecx
sub esp, 0xcc
...
mov eax, 0
lea esp, dword ptr [ebp - 0xc]
add esp, 0
pop ecx
pop ebx
pop esi
pop ebp
lea esp, dword ptr [ecx - 4]
ret
The problem here is that the value of esp is pushed and then poped. For this case we should simulate stack memory access.
exposing lua functions so that it can be controlled from lua.
When I give a certain *.so file to script I get following error:
warning: I'm expecting to see a jmp *(ADDR) on each plt entry
warning: opcode \xff\x25 was not found, please report
error: symbol main not found
error: You can see all symbols with -s (if resolution is done).
error: Note: --dump need the option -x.
What am i doing wrong?
This project seems to support msvc symbols starting with "?" :
https://sourceforge.net/projects/php-ms-demangle/
you can take advantage of some advanced API of Capstone to check the semantics of instructions.
since instructions are classified in groups, you can do in Python:
there are few more type of groups such as CS_GRP_CALL, CS_GRP_IRET, etc.
see __init__.py
& x86_const.py
for more info.
When trying a random PE file (I'm on Linux) the script fails with the following error message:
Traceback (most recent call last):
File "/usr/bin/plasma", line 9, in <module>
load_entry_point('plasma==1.0', 'console_scripts', 'plasma')()
File "/usr/lib/python3.5/site-packages/plasma-1.0-py3.5.egg/plasma/main.py", line 44, in console_entry
if not gctx.load_file():
File "/usr/lib/python3.5/site-packages/plasma-1.0-py3.5.egg/plasma/lib/__init__.py", line 195, in load_file
self.db)
File "/usr/lib/python3.5/site-packages/plasma-1.0-py3.5.egg/plasma/lib/disassembler.py", line 77, in __init__
self.binary.load_symbols()
File "/usr/lib/python3.5/site-packages/plasma-1.0-py3.5.egg/plasma/lib/fileformat/binary.py", line 386, in load_symbols
self.__demangle_symbols()
File "/usr/lib/python3.5/site-packages/plasma-1.0-py3.5.egg/plasma/lib/fileformat/binary.py", line 353, in __demangle_symbols
if n.startswith("_Z") or n.startswith("__Z"):
TypeError: startswith first arg must be bytes or a tuple of bytes, not str
Installed dependencies:
python 3.5.1
capstone 3.0.4
python-pyelftools 0.23
python-pefile 2016.3.4
python-msgpack 0.4.7
binutils 2.26
I don't think that it matters but I'm using Arch Linux on x86_64.
During the decompilation, the tool can be lost if functions that never return are encountered. In particularly when the call was put in the middle of the function, the flow continue and it can generate unwanted loops.
2 solutions :
eax = exit ... call eax
?Just build and1.bin and behold stuff like:
0x8500: pop fp, pc
if == {
<$d>
0x8504: r8 = r0 & (r4 << 11) # andeq r8, r0, r4, lsl #11
0x8508: r8 = r0 & (r8 << 11) # andeq r8, r0, r8, lsl #11
0x850c: r8 = r0 & (ip << 11) # andeq r8, r0, ip, lsl #11
}
i.e. it can't even detect return from function.
Out of curiosity, what made you write your own such tool, did you try to reuse an existing one?
This generates a warning because the output was not completed.
103c97a
#include <stdio.h>
#include <stdlib.h>
int main() {
int i, j, k;
//for (i = 0 ; i < 100 ; i++) {
printf("1\n");
while (j < 20) {
printf("2\n");
if (j == 10) {
loop1:
printf("3\n");
}
if (j == 15)
goto loop2;
j++;
}
printf("4\n");
while (k < 30) {
printf("5\n");
if (k == 20) {
loop2:
printf("6\n");
}
if (k == 25)
goto loop1;
k++;
}
//}
return 0;
}
I just played around with reverse a little bit, pulled again and visual mode stopped working. For me, the regression is introduced by 77a5772.
Cool project! :)
daniel:reverse/ (detached*)$ git co 77a577241e5b88b3749b7b19845983abcd28449d
Vorherige Position von HEAD war df2144e... set address line after printing the label
HEAD ist jetzt bei 77a5772... add xrefs (command xrefs in the console and x in visual)
daniel:reverse/ (detached*)$ ./reverse.py -i tests/server.bin
>> v
Traceback (most recent call last):
File "./reverse.py", line 37, in <module>
i = Console(ctx)
File "/home/daniel/apps/reverse/lib/ui/console.py", line 414, in __init__
rl.loop()
File "/home/daniel/apps/reverse/lib/ui/readline.py", line 123, in loop
self.process_key(ch)
File "/home/daniel/apps/reverse/lib/ui/readline.py", line 133, in process_key
self.mapping[ch]()
File "/home/daniel/apps/reverse/lib/ui/readline.py", line 325, in k_enter
self.callback_enter(self.line)
File "/home/daniel/apps/reverse/lib/ui/console.py", line 565, in exec_command
c.callback_exec(args)
File "/home/daniel/apps/reverse/lib/ui/console.py", line 781, in __exec_v
o = self.ctx.dis.dump_asm(self.ctx, NB_LINES_TO_DISASM)
File "/home/daniel/apps/reverse/lib/disassembler.py", line 314, in dump_asm
o._asm_inst(i)
File "/home/daniel/apps/reverse/lib/output.py", line 535, in _asm_inst
modified = self._sub_asm_inst(i, tab, prefix)
File "/home/daniel/apps/reverse/lib/arch/x86/output.py", line 337, in _sub_asm_inst
self._operand(i, 1)
File "/home/daniel/apps/reverse/lib/arch/x86/output.py", line 84, in _operand
force_dont_print_data=force_dont_print_data)
File "/home/daniel/apps/reverse/lib/output.py", line 380, in _imm
self._unk(imm)
File "/home/daniel/apps/reverse/lib/output.py", line 175, in _unk
self.token_lines[-1].append((s, COLOR_UNK.val, COLOR_UNK.bold))
NameError: name 'COLOR_UNK' is not defined
Fresh install from master (the same using the Dockerfile
). Every ELF
file I try to open I receive the following error
$ ./run_plasma.py /bin/ls -x main
Traceback (most recent call last):
File "/plasma/run_plasma.py", line 23, in <module>
console_entry()
File "/plasma/plasma/main.py", line 36, in console_entry
if not gctx.load_file():
File "/plasma/plasma/lib/__init__.py", line 196, in load_file
self.db)
File "/plasma/plasma/lib/disassembler.py", line 102, in __init__
self.load_symbols()
File "/plasma/plasma/lib/disassembler.py", line 167, in load_symbols
self.binary.load_dyn_sym()
File "/plasma/plasma/lib/fileformat/elf.py", line 276, in load_dyn_sym
self.__register_relocs(reloc_sec)
File "/plasma/plasma/lib/fileformat/elf.py", line 413, in __register_relocs
self.__save_symbol(reloc, reloc.symbol.entry.st_value)
File "/plasma/plasma/lib/fileformat/elf.py", line 345, in __save_symbol
name = rel.symbol.name.decode()
AttributeError: 'str' object has no attribute 'decode'
I'm trying this on an Ubuntu
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty
When we scroll up, we can't know which referenced address is before. So we go through each previous bytes until we find a known address or when we saw 1024 bytes. The solution is to add an offset each 1024 bytes. See the comment in reverse.lib.disassembler.find_addr_before
.
When sections are mapped in low memory, the analyzer add too much xrefs. It could be better to check first if there is memory access when an immediate value is encountered.
[rip + DISP] is only computed during the display, but not done by the analyzer.
hello,
"vim dowhile1.bin.rev -S dowhile1.bin.vim" output without color in vim. i there anything wrong i did?
syn keyword RevKeywords infiniteloop function goto if else loop and
syn keyword RevTypes int8_t int16_t int32_t int64_t
syn match RevAddr "0x[0-9a-f]\+:"
syn match RevComment "#.\+$"
syn match RevInternComment ";.\+$"
syn match RevVar "var[a-z0-9A-Z_]\+"
syn match RevRetCall "ret\|call"
syn match RevString "<[a-zA-Z_@]\+>"
syn match RevString "\".\+\""
syn match RevString "'.\+'"
hi RevKeywords ctermfg=161 cterm=bold gui=bold guifg=#d7005f
hi RevTypes ctermfg=81 guifg=#5fd7ff
hi RevAddr ctermfg=242 guifg=#6c6c6c
hi RevComment ctermfg=242 guifg=#6c6c6c
hi RevInternComment ctermfg=38 guifg=#00afd7
hi RevString ctermfg=144 guifg=#afaf87
hi RevVar ctermfg=208 cterm=bold gui=bold guifg=#ff8700
hi RevRetCall ctermfg=161 guifg=#d7005f
syn match RevAddr_1 "0x400533:\?" containedin=RevComment
hi RevAddr_1 ctermfg=114 guifg=#87d787
At the moment, the script fail when it encounters a jmp rax. The flow graph cannot be created.
GCC generate sometime a jmp rax when we use a switch :
switch (i) {
case 1:
printf("1\n");
break;
case 2:
printf("2\n");
break;
case 3:
printf("3\n");
break;
case 4:
printf("4\n");
break;
case 5:
printf("5\n");
break;
}
When I use reverse in Docker, everything works, except visual mode. As soon as I use the 'v' command, it crashes. Will add the error later, but it has to do with curses.
I discovered this during disassembly of an existing binary, but have been unsuccessful in producing C code that compiles to a program triggering the bug. Here is a piece of code that almost triggers it (all code is in https://github.com/jspam/plasma/tree/loop-issue/tests):
nestedloop7.c
#include <stdio.h>
#include <stdlib.h>
int main() {
int i, j, k, l, m, n, o;
while (i != 0) {
if (j == 0) {
if (k == 0) {
while (l < 0) {
printf("4\n");
}
}
printf("5\n");
} else {
printf("6\n");
do {
if (m < 0) {
goto loop2end;
}
} while (n <= 0);
while(o > 0) {
printf("7\n");
loop2end:
;
}
printf("8\n");
}
}
return 0;
}
This disassembles fine (nestedloop7-orig.bin, compiled with gcc 7.1.1), but when making the jump at 0x400549 go directly to the loop header (change the byte at offset 0x54A from 0x14 to 0x15, yielding nestedloop7.bin), as shown in the picture
the disassembly becomes:
function main (.text) {
0x400507: push rbp
0x400508: rbp = rsp
0x40050b: rsp -= 32
0x40050f: jmp 0x400570
}
Further investigation shows that the loop starting at 0x400560 is detected, however it is immediately discarded because block 0x400560 is still waiting
for predecessor block 0x400551 which is not contained in the loop.
As a result, the loop detection wrongly marks some other blocks as loop headers. The false loop detection then marks many of these false loops, but also the real loop starting at 0x400570, which therefore does not show up in the disassembly.
I just finish the installation.
(./requirements.sh
python3 setup.py install)
However , there meet difficulty,:(
root@kali:~/reverse# reverse
Traceback (most recent call last):
File "/usr/local/bin/reverse", line 9, in
load_entry_point('reverse==1.0', 'console_scripts', 'reverse')()
File "/usr/lib/python3/dist-packages/pkg_resources.py", line 356, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python3/dist-packages/pkg_resources.py", line 2476, in load_entry_point
return ep.load()
File "/usr/lib/python3/dist-packages/pkg_resources.py", line 2190, in load
['name'])
File "/usr/local/lib/python3.4/dist-packages/reverse-1.0-py3.4.egg/reverse/main.py", line 22, in
File "/usr/local/lib/python3.4/dist-packages/reverse-1.0-py3.4.egg/reverse/lib/init.py", line 25, in
ImportError: cannot import name 'lib'
Could someone implement m68k and apollo-core http://www.apollo-core.com/ support for this awesome tool ?
Making this pip-installabe would make it more accessible to a bunch of folks. It would also be great if there were Windows, OS X and maybe even manylinux binary wheels (although I appreciate that these are less important than they are for other projects, since if you care about disassembly you probably have a C compiler lying around).
(As a side note, thanks for doing this, this looks amazing)
Installed everything as described w/o any error. System is Debian jessie 64bit (VirtualBox Image).
Above error appears when trying to run tests
The analyzer must save any computed immediate values. Checking the immediate value is not sufficient, we can have : call *(rip + OFF)
where rip + OFF = exit. This bug occurs often in PE.
This feature will be very useful to simulate the li
instruction in MIPS. li
is a pseudo instruction, it uses 2 other instructions (example ori + addiu).
When i am trying to read any file.
If i set raw option, output is empty
Hello;
i have compiled plasma with all dependencies. I run plasma with your test binaries. And the "x" command works. Like i enter "x main" and enter, i see a good-looking disassembly.
Bu the the v command doesn't work, it gives a traceback error :
`# plasma -i /var/pisi/plasma-0.0-1/work/plasma-0.0/tests/server.bin
plasma> v main
Traceback (most recent call last):
File "/usr/lib/python3.4/site-packages/plasma/lib/ui/console.py", line 526, in exec_command
c.callback_exec(args)
File "/usr/lib/python3.4/site-packages/plasma/lib/ui/console.py", line 655, in exec_v
Visual(self.gctx, ctx, self.analyzer, self.api)
File "/usr/lib/python3.4/site-packages/plasma/lib/ui/visual.py", line 102, in __init
curses.init_pair(1, 253, 66) # for the highlight search
_curses.error: init_pair() returned ERR
plasma>`
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.