用 python 反汇编 - 没有简单的解决方案吗?
我正在尝试创建一个 python 脚本,该脚本将反汇编二进制文件(准确地说是 Windows exe)并分析其代码。 我需要能够获取某个缓冲区,并提取某种包含有关其中指令的信息的结构。
我之前在 C 语言中使用过 libdisasm,我发现它的界面非常直观和舒适。 问题是,它的 Python 接口只能通过 SWIG 获得,我无法让它在 Windows 下正确编译。
在可用性方面,diStorm 提供了一个很好的开箱即用的界面,但它只提供每条指令的助记符,而不提供带有定义指令类型等的枚举的二进制结构。 这对于我的目的来说非常不舒服,并且需要花费大量时间来包装界面以使其满足我的需求。
我还研究了 BeaEngine,它实际上提供了我需要的输出,一个包含每条指令的二进制信息的结构,但它的界面确实很奇怪且违反直觉,并且当提供错误的参数时它几乎立即崩溃。 CTypes 有点让你的 Python 崩溃的终极原因。
因此,我很高兴听到其他解决方案,这些解决方案比使用 djgcc 或 mingw 来制作 SWIGed libdisasm 或为 diStorm 编写 OOP 包装器花费的时间要少一些。 如果有人对如何编译 SWIGed libdisasm 或更好的编译二进制文件(pyd 或 dll+py)有一些指导,我很乐意听到/拥有它。 :)
先谢谢了。
I'm trying to create a python script that will disassemble a binary (a Windows exe to be precise) and analyze its code.
I need the ability to take a certain buffer, and extract some sort of struct containing information about the instructions in it.
I've worked with libdisasm in C before, and I found it's interface quite intuitive and comfortable.
The problem is, its Python interface is available only through SWIG, and I can't get it to compile properly under Windows.
At the availability aspect, diStorm provides a nice out-of-the-box interface, but it provides only the Mnemonic of each instruction, and not a binary struct with enumerations defining instruction type and what not.
This is quite uncomfortable for my purpose, and will require a lot of what I see as spent time wrapping the interface to make it fit my needs.
I've also looked at BeaEngine, which does in fact provide the output I need, a struct with binary info concerning each instruction, but its interface is really odd and counter-intuitive, and it crashes pretty much instantly when provided with wrong arguments.
The CTypes sort of ultimate-death-to-your-python crashes.
So, I'd be happy to hear about other solutions, which are a little less time consuming than messing around with djgcc or mingw to make SWIGed libdisasm, or writing an OOP wrapper for diStorm.
If anyone has some guidance as to how to compile SWIGed libdisasm, or better yet, a compiled binary (pyd or dll+py), I'd love to hear/have it. :)
Thanks ahead.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
好吧,经过多次干预,我成功编译了 SWIGed libdisasm!
不幸的是,它似乎因不正确(有时是正确)的使用而使 python 崩溃。
我是如何做到的:
我使用以下命令行切换了给定的 libdisasm_oop.i 文件
swig -python -shadow -o x86disasm_wrap.c -outdir 。 libdisasm_oop.i
使用 Cygwin 在 libdisasm 根目录中运行 ./configure。您从中得到的唯一真实的东西是 config.h
然后我创建了一个新的 DLL 项目,向其中添加了 x86disasm_wrap.c,将 c:\PythonXX\libs 和 c:\PythonXX\Include 文件夹添加到相应的变量中,设置为发布配置(重要的是,要么执行此操作,要么在包含 python.h 之前执行 #undef _DEBUG)。
另外,您可能需要修复 config.h 的路径。
编译DLL项目,并将输出命名为_x86disasm.dll。
将其放在与 SWIG 生成的 x86disasm.py 相同的文件夹中,然后就完成了。
对于其他不太崩溃的 python disasm 库有什么建议吗?
Well, after much meddling around, I managed to compile SWIGed libdisasm!
Unfortunately, it seems to crash python on incorrect (and sometimes correct) usage.
How I did it:
I SWIGed the given libdisasm_oop.i file with the following command line
swig -python -shadow -o x86disasm_wrap.c -outdir . libdisasm_oop.i
Used Cygwin to run ./configure in the libdisasm root dir. The only real thing you get from this is config.h
I then created a new DLL project, added x86disasm_wrap.c to it, added the c:\PythonXX\libs and c:\PythonXX\Include folders to the corresponding variables, set to Release configuration (important, either this or do #undef _DEBUG before including python.h).
Also, there is a chance you'll need to fix the path to config.h.
Compiled the DLL project, and named the output _x86disasm.dll.
Place that in the same folder as the SWIG generated x86disasm.py and you're done.
Any suggestions for other, less crashy disasm libs for python?
您可以尝试使用 ctypes 直接与 libdisasm 交互,而不是通过 SWIG 层。这可能需要更多的开发时间,但据我所知,您应该能够使用 ctypes 访问底层功能。
You might try using ctypes to interface directly with libdisasm instead of going through a SWIG layer. It may be take more development time but AFAIK you should be able to access the underlying functionality using ctypes.
我建议您查看 Pym 的反汇编库,它也是 Pym 的在线反汇编程序。
I recommend you look at Pym's disassembly library which is also the backend for Pym's online disassembler.
您可以使用 distorm 库:https://code.google.com/p/distorm/
这是另一个版本: http://writingcode.wordpress.com/2009/08/31/using-distorm-with-python-2-6-and-python-3-x-revisited/
还有 BeaEngine : http://www.beaengine.org/
这是 BeaEngine 的 Windows 安装程序: http://writingcode.wordpress.com/2012/04/08/quickpost-installer- for-beaenginepython/
You can use the distorm library: https://code.google.com/p/distorm/
Here's another build: http://breakingcode.wordpress.com/2009/08/31/using-distorm-with-python-2-6-and-python-3-x-revisited/
There's also BeaEngine: http://www.beaengine.org/
Here's a Windows installer for BeaEngine: http://breakingcode.wordpress.com/2012/04/08/quickpost-installer-for-beaenginepython/