1*9a0e4156SSadaf Ebrahimi /* Capstone Disassembler Engine */ 2*9a0e4156SSadaf Ebrahimi /* By Nguyen Anh Quynh <[email protected]>, 2013> */ 3*9a0e4156SSadaf Ebrahimi 4*9a0e4156SSadaf Ebrahimi import capstone.Capstone; 5*9a0e4156SSadaf Ebrahimi 6*9a0e4156SSadaf Ebrahimi public class TestBasic { 7*9a0e4156SSadaf Ebrahimi public static class platform { 8*9a0e4156SSadaf Ebrahimi public int arch; 9*9a0e4156SSadaf Ebrahimi public int mode; 10*9a0e4156SSadaf Ebrahimi public int syntax; 11*9a0e4156SSadaf Ebrahimi public byte[] code; 12*9a0e4156SSadaf Ebrahimi public String comment; 13*9a0e4156SSadaf Ebrahimi platform(int a, int m, int syt, byte[] c, String s)14*9a0e4156SSadaf Ebrahimi public platform(int a, int m, int syt, byte[] c, String s) { 15*9a0e4156SSadaf Ebrahimi arch = a; 16*9a0e4156SSadaf Ebrahimi mode = m; 17*9a0e4156SSadaf Ebrahimi code = c; 18*9a0e4156SSadaf Ebrahimi comment = s; 19*9a0e4156SSadaf Ebrahimi syntax = syt; 20*9a0e4156SSadaf Ebrahimi } 21*9a0e4156SSadaf Ebrahimi platform(int a, int m, byte[] c, String s)22*9a0e4156SSadaf Ebrahimi public platform(int a, int m, byte[] c, String s) { 23*9a0e4156SSadaf Ebrahimi arch = a; 24*9a0e4156SSadaf Ebrahimi mode = m; 25*9a0e4156SSadaf Ebrahimi code = c; 26*9a0e4156SSadaf Ebrahimi comment = s; 27*9a0e4156SSadaf Ebrahimi } 28*9a0e4156SSadaf Ebrahimi }; 29*9a0e4156SSadaf Ebrahimi stringToHex(byte[] code)30*9a0e4156SSadaf Ebrahimi static public String stringToHex(byte[] code) { 31*9a0e4156SSadaf Ebrahimi StringBuilder buf = new StringBuilder(200); 32*9a0e4156SSadaf Ebrahimi for (byte ch: code) { 33*9a0e4156SSadaf Ebrahimi if (buf.length() > 0) 34*9a0e4156SSadaf Ebrahimi buf.append(' '); 35*9a0e4156SSadaf Ebrahimi buf.append(String.format("0x%02x", ch)); 36*9a0e4156SSadaf Ebrahimi } 37*9a0e4156SSadaf Ebrahimi return buf.toString(); 38*9a0e4156SSadaf Ebrahimi } 39*9a0e4156SSadaf Ebrahimi 40*9a0e4156SSadaf Ebrahimi public static final byte[] PPC_CODE = new byte[] {(byte)0x80, (byte)0x20, (byte)0x00, (byte)0x00, (byte)0x80, (byte)0x3f, (byte)0x00, (byte)0x00, (byte)0x10, (byte)0x43, (byte)0x23, (byte)0x0e, (byte)0xd0, (byte)0x44, (byte)0x00, (byte)0x80, (byte)0x4c, (byte)0x43, (byte)0x22, (byte)0x02, (byte)0x2d, (byte)0x03, (byte)0x00, (byte)0x80, (byte)0x7c, (byte)0x43, (byte)0x20, (byte)0x14, (byte)0x7c, (byte)0x43, (byte)0x20, (byte)0x93, (byte)0x4f, (byte)0x20, (byte)0x00, (byte)0x21, (byte)0x4c, (byte)0xc8, (byte)0x00, (byte)0x21 }; 41*9a0e4156SSadaf Ebrahimi public static final byte[] X86_CODE = new byte[] { (byte)0x8d, (byte)0x4c, (byte)0x32, (byte)0x08, (byte)0x01, (byte)0xd8, (byte)0x81, (byte)0xc6, (byte)0x34, (byte)0x12, (byte)0x00, (byte)0x00 }; 42*9a0e4156SSadaf Ebrahimi public static final byte[] SPARC_CODE = new byte[] { (byte)0x80, (byte)0xa0, (byte)0x40, (byte)0x02, (byte)0x85, (byte)0xc2, (byte)0x60, (byte)0x08, (byte)0x85, (byte)0xe8, (byte)0x20, (byte)0x01, (byte)0x81, (byte)0xe8, (byte)0x00, (byte)0x00, (byte)0x90, (byte)0x10, (byte)0x20, (byte)0x01, (byte)0xd5, (byte)0xf6, (byte)0x10, (byte)0x16, (byte)0x21, (byte)0x00, (byte)0x00, (byte)0x0a, (byte)0x86, (byte)0x00, (byte)0x40, (byte)0x02, (byte)0x01, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x12, (byte)0xbf, (byte)0xff, (byte)0xff, (byte)0x10, (byte)0xbf, (byte)0xff, (byte)0xff, (byte)0xa0, (byte)0x02, (byte)0x00, (byte)0x09, (byte)0x0d, (byte)0xbf, (byte)0xff, (byte)0xff, (byte)0xd4, (byte)0x20, (byte)0x60, (byte)0x00, (byte)0xd4, (byte)0x4e, (byte)0x00, (byte)0x16, (byte)0x2a, (byte)0xc2, (byte)0x80, (byte)0x03 }; 43*9a0e4156SSadaf Ebrahimi public static final byte[] SYSZ_CODE = new byte[] { (byte)0xed, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x1a, (byte)0x5a, (byte)0x0f, (byte)0x1f, (byte)0xff, (byte)0xc2, (byte)0x09, (byte)0x80, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x07, (byte)0xf7, (byte)0xeb, (byte)0x2a, (byte)0xff, (byte)0xff, (byte)0x7f, (byte)0x57, (byte)0xe3, (byte)0x01, (byte)0xff, (byte)0xff, (byte)0x7f, (byte)0x57, (byte)0xeb, (byte)0x00, (byte)0xf0, (byte)0x00, (byte)0x00, (byte)0x24, (byte)0xb2, (byte)0x4f, (byte)0x00, (byte)0x78 }; 44*9a0e4156SSadaf Ebrahimi public static final byte[] SPARCV9_CODE = new byte[] { (byte)0x81, (byte)0xa8, (byte)0x0a, (byte)0x24, (byte)0x89, (byte)0xa0, (byte)0x10, (byte)0x20, (byte)0x89, (byte)0xa0, (byte)0x1a, (byte)0x60, (byte)0x89, (byte)0xa0, (byte)0x00, (byte)0xe0 }; 45*9a0e4156SSadaf Ebrahimi public static final byte[] XCORE_CODE = new byte[] { (byte)0xfe, (byte)0x0f, (byte)0xfe, (byte)0x17, (byte)0x13, (byte)0x17, (byte)0xc6, (byte)0xfe, (byte)0xec, (byte)0x17, (byte)0x97, (byte)0xf8, (byte)0xec, (byte)0x4f, (byte)0x1f, (byte)0xfd, (byte)0xec, (byte)0x37, (byte)0x07, (byte)0xf2, (byte)0x45, (byte)0x5b, (byte)0xf9, (byte)0xfa, (byte)0x02, (byte)0x06, (byte)0x1b, (byte)0x10 }; 46*9a0e4156SSadaf Ebrahimi main(String argv[])47*9a0e4156SSadaf Ebrahimi static public void main(String argv[]) { 48*9a0e4156SSadaf Ebrahimi platform[] platforms = { 49*9a0e4156SSadaf Ebrahimi new platform( 50*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_X86, 51*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_16, 52*9a0e4156SSadaf Ebrahimi Capstone.CS_OPT_SYNTAX_INTEL, 53*9a0e4156SSadaf Ebrahimi new byte[] { (byte)0x8d, (byte)0x4c, (byte)0x32, (byte)0x08, (byte)0x01, (byte)0xd8, (byte)0x81, (byte)0xc6, (byte)0x34, (byte)0x12, (byte)0x00, (byte)0x00 }, 54*9a0e4156SSadaf Ebrahimi "X86 16bit (Intel syntax)" 55*9a0e4156SSadaf Ebrahimi ), 56*9a0e4156SSadaf Ebrahimi new platform( 57*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_X86, 58*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_32, 59*9a0e4156SSadaf Ebrahimi Capstone.CS_OPT_SYNTAX_ATT, 60*9a0e4156SSadaf Ebrahimi X86_CODE, 61*9a0e4156SSadaf Ebrahimi "X86 32bit (ATT syntax)" 62*9a0e4156SSadaf Ebrahimi ), 63*9a0e4156SSadaf Ebrahimi new platform( 64*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_X86, 65*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_32, 66*9a0e4156SSadaf Ebrahimi X86_CODE, 67*9a0e4156SSadaf Ebrahimi "X86 32 (Intel syntax)" 68*9a0e4156SSadaf Ebrahimi ), 69*9a0e4156SSadaf Ebrahimi new platform( 70*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_X86, 71*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_64, 72*9a0e4156SSadaf Ebrahimi new byte[] {(byte)0x55, (byte)0x48, (byte)0x8b, (byte)0x05, (byte)0xb8, (byte)0x13, (byte)0x00, (byte)0x00 }, 73*9a0e4156SSadaf Ebrahimi "X86 64 (Intel syntax)" 74*9a0e4156SSadaf Ebrahimi ), 75*9a0e4156SSadaf Ebrahimi new platform( 76*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_ARM, 77*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_ARM, 78*9a0e4156SSadaf Ebrahimi new byte[] { (byte)0xED, (byte)0xFF, (byte)0xFF, (byte)0xEB, (byte)0x04, (byte)0xe0, (byte)0x2d, (byte)0xe5, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0xe0, (byte)0x83, (byte)0x22, (byte)0xe5, (byte)0xf1, (byte)0x02, (byte)0x03, (byte)0x0e, (byte)0x00, (byte)0x00, (byte)0xa0, (byte)0xe3, (byte)0x02, (byte)0x30, (byte)0xc1, (byte)0xe7, (byte)0x00, (byte)0x00, (byte)0x53, (byte)0xe3 }, 79*9a0e4156SSadaf Ebrahimi "ARM" 80*9a0e4156SSadaf Ebrahimi ), 81*9a0e4156SSadaf Ebrahimi new platform( 82*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_ARM, 83*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_THUMB, 84*9a0e4156SSadaf Ebrahimi new byte[] {(byte)0x4f, (byte)0xf0, (byte)0x00, (byte)0x01, (byte)0xbd, (byte)0xe8, (byte)0x00, (byte)0x88, (byte)0xd1, (byte)0xe8, (byte)0x00, (byte)0xf0 }, 85*9a0e4156SSadaf Ebrahimi "THUMB-2" 86*9a0e4156SSadaf Ebrahimi ), 87*9a0e4156SSadaf Ebrahimi new platform( 88*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_ARM, 89*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_ARM, 90*9a0e4156SSadaf Ebrahimi new byte[] {(byte)0x10, (byte)0xf1, (byte)0x10, (byte)0xe7, (byte)0x11, (byte)0xf2, (byte)0x31, (byte)0xe7, (byte)0xdc, (byte)0xa1, (byte)0x2e, (byte)0xf3, (byte)0xe8, (byte)0x4e, (byte)0x62, (byte)0xf3 }, 91*9a0e4156SSadaf Ebrahimi "ARM: Cortex-A15 + NEON" 92*9a0e4156SSadaf Ebrahimi ), 93*9a0e4156SSadaf Ebrahimi new platform( 94*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_ARM, 95*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_THUMB, 96*9a0e4156SSadaf Ebrahimi new byte[] {(byte)0x70, (byte)0x47, (byte)0xeb, (byte)0x46, (byte)0x83, (byte)0xb0, (byte)0xc9, (byte)0x68 }, 97*9a0e4156SSadaf Ebrahimi "THUMB" 98*9a0e4156SSadaf Ebrahimi ), 99*9a0e4156SSadaf Ebrahimi new platform( 100*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_MIPS, 101*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_MIPS32 + Capstone.CS_MODE_BIG_ENDIAN, 102*9a0e4156SSadaf Ebrahimi new byte[] {(byte)0x0C, (byte)0x10, (byte)0x00, (byte)0x97, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x24, (byte)0x02, (byte)0x00, (byte)0x0c, (byte)0x8f, (byte)0xa2, (byte)0x00, (byte)0x00, (byte)0x34, (byte)0x21, (byte)0x34, (byte)0x56 }, 103*9a0e4156SSadaf Ebrahimi "MIPS-32 (Big-endian)" 104*9a0e4156SSadaf Ebrahimi ), 105*9a0e4156SSadaf Ebrahimi new platform( 106*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_MIPS, 107*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_MIPS64+ Capstone.CS_MODE_LITTLE_ENDIAN, 108*9a0e4156SSadaf Ebrahimi new byte[] {(byte)0x56, (byte)0x34, (byte)0x21, (byte)0x34, (byte)0xc2, (byte)0x17, (byte)0x01, (byte)0x00 }, 109*9a0e4156SSadaf Ebrahimi "MIPS-64-EL (Little-endian)" 110*9a0e4156SSadaf Ebrahimi ), 111*9a0e4156SSadaf Ebrahimi new platform( 112*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_ARM64, 113*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_ARM, 114*9a0e4156SSadaf Ebrahimi new byte [] { 0x21, 0x7c, 0x02, (byte)0x9b, 0x21, 0x7c, 0x00, 0x53, 0x00, 0x40, 0x21, 0x4b, (byte)0xe1, 0x0b, 0x40, (byte)0xb9 }, 115*9a0e4156SSadaf Ebrahimi "ARM-64" 116*9a0e4156SSadaf Ebrahimi ), 117*9a0e4156SSadaf Ebrahimi new platform ( 118*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_PPC, 119*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_BIG_ENDIAN, 120*9a0e4156SSadaf Ebrahimi PPC_CODE, 121*9a0e4156SSadaf Ebrahimi "PPC-64" 122*9a0e4156SSadaf Ebrahimi ), 123*9a0e4156SSadaf Ebrahimi new platform ( 124*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_PPC, 125*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_BIG_ENDIAN, 126*9a0e4156SSadaf Ebrahimi Capstone.CS_OPT_SYNTAX_NOREGNAME, 127*9a0e4156SSadaf Ebrahimi PPC_CODE, 128*9a0e4156SSadaf Ebrahimi "PPC-64, print register with number only" 129*9a0e4156SSadaf Ebrahimi ), 130*9a0e4156SSadaf Ebrahimi new platform ( 131*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_SPARC, 132*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_BIG_ENDIAN, 133*9a0e4156SSadaf Ebrahimi SPARC_CODE, 134*9a0e4156SSadaf Ebrahimi "Sparc" 135*9a0e4156SSadaf Ebrahimi ), 136*9a0e4156SSadaf Ebrahimi new platform ( 137*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_SPARC, 138*9a0e4156SSadaf Ebrahimi Capstone.CS_MODE_BIG_ENDIAN + Capstone.CS_MODE_V9, 139*9a0e4156SSadaf Ebrahimi SPARCV9_CODE, 140*9a0e4156SSadaf Ebrahimi "SparcV9" 141*9a0e4156SSadaf Ebrahimi ), 142*9a0e4156SSadaf Ebrahimi new platform ( 143*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_SYSZ, 144*9a0e4156SSadaf Ebrahimi 0, 145*9a0e4156SSadaf Ebrahimi SYSZ_CODE, 146*9a0e4156SSadaf Ebrahimi "SystemZ" 147*9a0e4156SSadaf Ebrahimi ), 148*9a0e4156SSadaf Ebrahimi new platform ( 149*9a0e4156SSadaf Ebrahimi Capstone.CS_ARCH_XCORE, 150*9a0e4156SSadaf Ebrahimi 0, 151*9a0e4156SSadaf Ebrahimi XCORE_CODE, 152*9a0e4156SSadaf Ebrahimi "XCore" 153*9a0e4156SSadaf Ebrahimi ), 154*9a0e4156SSadaf Ebrahimi }; 155*9a0e4156SSadaf Ebrahimi 156*9a0e4156SSadaf Ebrahimi for (int j = 0; j < platforms.length; j++) { 157*9a0e4156SSadaf Ebrahimi System.out.println("****************"); 158*9a0e4156SSadaf Ebrahimi System.out.println(String.format("Platform: %s", platforms[j].comment)); 159*9a0e4156SSadaf Ebrahimi System.out.println(String.format("Code: %s", stringToHex(platforms[j].code))); 160*9a0e4156SSadaf Ebrahimi System.out.println("Disasm:"); 161*9a0e4156SSadaf Ebrahimi 162*9a0e4156SSadaf Ebrahimi Capstone cs = new Capstone(platforms[j].arch, platforms[j].mode); 163*9a0e4156SSadaf Ebrahimi if (platforms[j].syntax != 0) 164*9a0e4156SSadaf Ebrahimi cs.setSyntax(platforms[j].syntax); 165*9a0e4156SSadaf Ebrahimi 166*9a0e4156SSadaf Ebrahimi Capstone.CsInsn[] all_insn = cs.disasm(platforms[j].code, 0x1000); 167*9a0e4156SSadaf Ebrahimi 168*9a0e4156SSadaf Ebrahimi for (int i = 0; i < all_insn.length; i++) { 169*9a0e4156SSadaf Ebrahimi System.out.println(String.format("0x%x: \t%s\t%s", all_insn[i].address, 170*9a0e4156SSadaf Ebrahimi all_insn[i].mnemonic, all_insn[i].opStr)); 171*9a0e4156SSadaf Ebrahimi } 172*9a0e4156SSadaf Ebrahimi System.out.printf("0x%x:\n\n", all_insn[all_insn.length-1].address + all_insn[all_insn.length-1].size); 173*9a0e4156SSadaf Ebrahimi 174*9a0e4156SSadaf Ebrahimi // Close when done 175*9a0e4156SSadaf Ebrahimi cs.close(); 176*9a0e4156SSadaf Ebrahimi } 177*9a0e4156SSadaf Ebrahimi } 178*9a0e4156SSadaf Ebrahimi } 179