Giters

capstone-engine / capstone

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

Home Page:http://www.capstone-engine.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

skipdata doesn't work correctly from python

cyb3rc opened this issue · comments

commented

Work environment

Questions Answers
OS/arch/bits MacOS, arm64
Architecture arm64
Source of Capstone git clone, pip
Version/git commit v5.0.1

Instruction bytes giving faulty results

0xc0, 0x03, 0x5f, 0xd6, 0x98, 0xf2, 0xff, 0xff, 0xc0, 0x03, 0x5f, 0xd6

Expected results

It should be:

1000  c0 03 5f d6  ret
1004  98 f2 ff ff  .byte	0x98, 0xf2, 0xff, 0xff
1008  c0 03 5f d6  ret

Steps to get the wrong result

With cstool we got expected result:

$ cstool -s arm64 "c0035fd698f2ffffc0035fd6"
1000  c0 03 5f d6  ret
1004  98 f2 ff ff  .byte	0x98, 0xf2, 0xff, 0xff
1008  c0 03 5f d6  ret

With Python code

from capstone import *

CODE = b"\xc0\x03\x5f\xd6\x98\xf2\xff\xff\xc0\x03\x5f\xd6"

md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
md.skipdata = True
for insn in md.disasm(CODE, 0x1000):
    print("%x  %s %s %s" % (insn.address, "".join(["%02x " % b for b in insn.bytes]), insn.mnemonic, insn.op_str))

Got only first instruction

1000  c0 03 5f d6  ret

NOTE

  1. Compiled test_skipdata.c works as expected.
  2. Use of compiled dynamic library from v5.0.1 release sources from python returns invalid result.

Probably the issue with dynamic library.