Merge pull request #122 from doronz88/feature/extended_symbol_info

Feature/extended symbol info

src/rpcclient/requirements.txt

@@ -9,3 +9,4 @@ pygments
 objc_types_decoder
 pycrashreport>=0.0.8
 lief
+capstone

src/rpcclient/rpcclient/darwin/symbol.py

@@ -11,6 +11,13 @@ def objc_call(self, selector, *params, **kwargs):
 
         return self._client.symbols.objc_msgSend(self, sel, *params, **kwargs)
 
+    @property
+    def region(self):
+        """ get corresponding region """
+        for region in self._client.processes.get_by_pid(self._client.pid).regions:
+            if (self >= region.start) and (self <= region.end):
+                return region
+
     @property
     def cfdesc(self):
         """

src/rpcclient/rpcclient/symbol.py

@@ -2,9 +2,13 @@
 import os
 import struct
 from contextlib import contextmanager
+from typing import List
 
+from capstone import Cs, CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN, CS_ARCH_X86, CS_MODE_64, CsInsn
 from construct import FormatField
 
+from rpcclient.protocol import arch_t
+
 ADDRESS_SIZE_TO_STRUCT_FORMAT = {1: 'B', 2: 'H', 4: 'I', 8: 'Q'}
 RETVAL_BIT_COUNT = 64
 
@@ -110,6 +114,14 @@ def tell(self):
         """ Construct compliance. """
         return self + self._offset
 
+    def disass(self, size=40) -> List[CsInsn]:
+        """ peek disassembled lines of 'size' bytes """
+        if self._client.arch == arch_t.ARCH_ARM64:
+            return list(Cs(CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN).disasm(self.peek(size), self))
+        else:
+            # assume x86_64 by default
+            return list(Cs(CS_ARCH_X86, CS_MODE_LITTLE_ENDIAN | CS_MODE_64).disasm(self.peek(size), self))
+
     @property
     def c_int64(self) -> int:
         """ cast to c_int64 """