jarkkojs · November 7, 2024 08:19
diff --git a/capstone.py b/capstone.py
 raw = open('/home/jarkko/work/nnn/nnn', 'rb')
 from elftools.elf.elffile import ELFFile
 elf = ELFFile(raw)
 symtab = {s.name: s for s in (elf.get_section_by_name('.symtab')).iter_symbols()}
 sym = symtab.get('move_cursor')
 addr = sym['st_value']
 size = sym['st_size']
 text = elf.get_section_by_name('.text')
 offset = addr - text['sh_addr'] + text['sh_offset']
 raw.seek(offset)
 payload = raw.read(size)
 from capstone import Cs, CS_ARCH_ARM64, CS_MODE_ARM)
 disasm =  Cs(CS_ARCH_ARM64, CS_MODE_ARM)
 for opcode in disasm.disasm(payload, addr):
    print(f"0x{opcode.address:x}:\t{opcode.mnemonic}\t{opcode.op_str}")
	raw = open('/home/jarkko/work/nnn/nnn', 'rb')
	from elftools.elf.elffile import ELFFile
	elf = ELFFile(raw)
	symtab = {s.name: s for s in (elf.get_section_by_name('.symtab')).iter_symbols()}
	sym = symtab.get('move_cursor')
	addr = sym['st_value']
	size = sym['st_size']
	text = elf.get_section_by_name('.text')
	offset = addr - text['sh_addr'] + text['sh_offset']
	raw.seek(offset)
	payload = raw.read(size)
	from capstone import Cs, CS_ARCH_ARM64, CS_MODE_ARM)
	disasm = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
	for opcode in disasm.disasm(payload, addr):
	print(f"0x{opcode.address:x}:\t{opcode.mnemonic}\t{opcode.op_str}")