symbol: add disass method

doronz88 · Mar 30, 2022 · 5fa0ce0 · 5fa0ce0
1 parent 6abe685
commit 5fa0ce0
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/src/rpcclient/requirements.txt b/src/rpcclient/requirements.txt
@@ -9,3 +9,4 @@ pygments
 objc_types_decoder
 pycrashreport>=0.0.8
 lief
+capstone
diff --git a/src/rpcclient/rpcclient/symbol.py b/src/rpcclient/rpcclient/symbol.py
@@ -2,9 +2,13 @@
 import os
 import struct
 from contextlib import contextmanager
+from typing import List
 
+from capstone import Cs, CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN, CS_ARCH_X86, CS_MODE_64, CsInsn
 from construct import FormatField
 
+from rpcclient.protocol import arch_t
+
 ADDRESS_SIZE_TO_STRUCT_FORMAT = {1: 'B', 2: 'H', 4: 'I', 8: 'Q'}
 RETVAL_BIT_COUNT = 64
 
@@ -110,6 +114,14 @@ def tell(self):
         """ Construct compliance. """
         return self + self._offset
 
+    def disass(self, size=40) -> List[CsInsn]:
+        """ peek disassembled lines of 'size' bytes """
+        if self._client.arch == arch_t.ARCH_ARM64:
+            return list(Cs(CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN).disasm(self.peek(size), self))
+        else:
+            # assume x86_64 by default
+            return list(Cs(CS_ARCH_X86, CS_MODE_LITTLE_ENDIAN | CS_MODE_64).disasm(self.peek(size), self))
+
     @property
     def c_int64(self) -> int:
         """ cast to c_int64 """