(self, assembly, address, arch=None, mode=None, syntax=None)
| 434 | # assemble code with Keystone |
| 435 | # return (encoding, count), or (None, 0) on failure |
| 436 | def assemble(self, assembly, address, arch=None, mode=None, syntax=None): |
| 437 | |
| 438 | # return assembly with arithmetic equation evaluated |
| 439 | def eval_operand(assembly, start, stop, prefix=''): |
| 440 | imm = assembly[start+1:stop] |
| 441 | try: |
| 442 | eval_imm = eval(imm) |
| 443 | if eval_imm > 0x80000000: |
| 444 | eval_imm = 0xffffffff - eval_imm |
| 445 | eval_imm += 1 |
| 446 | eval_imm = -eval_imm |
| 447 | return assembly.replace(prefix + imm, prefix + hex(eval_imm)) |
| 448 | except: |
| 449 | return assembly |
| 450 | |
| 451 | # IDA uses different syntax from Keystone |
| 452 | # sometimes, we can convert code to be consumable by Keystone |
| 453 | def fix_ida_syntax(assembly): |
| 454 | |
| 455 | # return True if this insn needs to be fixed |
| 456 | def check_arm_arm64_insn(arch, mnem): |
| 457 | if arch == KS_ARCH_ARM: |
| 458 | if mnem.startswith("ldr") or mnem.startswith("str"): |
| 459 | return True |
| 460 | return False |
| 461 | elif arch == KS_ARCH_ARM64: |
| 462 | if mnem.startswith("ldr") or mnem.startswith("str"): |
| 463 | return True |
| 464 | return mnem in ("stp") |
| 465 | return False |
| 466 | |
| 467 | # return True if this insn needs to be fixed |
| 468 | def check_ppc_insn(mnem): |
| 469 | return mnem in ("stw") |
| 470 | |
| 471 | # replace the right most string occurred |
| 472 | def rreplace(s, old, new): |
| 473 | li = s.rsplit(old, 1) |
| 474 | return new.join(li) |
| 475 | |
| 476 | # convert some ARM pre-UAL assembly to UAL, so Keystone can handle it |
| 477 | # example: streqb --> strbeq |
| 478 | def fix_arm_ual(mnem, assembly): |
| 479 | # TODO: this is not an exhaustive list yet |
| 480 | if len(mnem) != 6: |
| 481 | return assembly |
| 482 | |
| 483 | if (mnem[-1] in ('s', 'b', 'h', 'd')): |
| 484 | #print(">> 222", mnem[3:5]) |
| 485 | if mnem[3:5] in ("cc", "eq", "ne", "hs", "lo", "mi", "pl", "vs", "vc", "hi", "ls", "ge", "lt", "gt", "le", "al"): |
| 486 | return assembly.replace(mnem, mnem[:3] + mnem[-1] + mnem[3:5], 1) |
| 487 | |
| 488 | return assembly |
| 489 | |
| 490 | if self.arch != KS_ARCH_X86: |
| 491 | assembly = assembly.lower() |
| 492 | else: |
| 493 | # Keystone does not support immediate 0bh, but only 0Bh |
no test coverage detected