I lacked something as metasm_shell and nasm_shell that allowed me to translate between assembly instructions and opcodes, and at the same time allow me to switch between x86 and x64. Since I was already playing with the triforce Keystone, Capstone and Unicorn Python bindings, in a different project, I decided to write a small interactive assembly/disassembly shell for various architectures powered by Keystone/Capstone.
It’s extremely easy to use, and install. To install just type:
pip3 install kcshell
By default kcshell starts in ‘assembler’ mode (x86 32 bits). You can change modes with ‘setmode’.
$ kcshell -=[ kcshell 0.0.1 ]=- Default Assembler architecture is x86 (32 bits) asm> lsmodes disasm, asm asm> setmode disasm Default Disassembler architecture is x86 (32 bits) disasm>
You can also change the default architecture for both the ‘assembler’ and ‘disassembler’ with ‘setarch’.
disasm> lsarchs x86, mips32, arm_t, x64, arm, x16, arm64, mips64 disasm> setarch x64 Disassembler architecture is now x64 disasm>
To assemble instructions just type the instructions in the command line.
asm> jmp esp "\xff\xe4" asm> xor eax, eax "\x31\xc0" asm> jmp -500 "\xe9\x07\xfe\xff\xff" asm> add esp,-1500 "\x81\xc4\x24\xfa\xff\xff" asm> xor ecx,ecx ; mov ch, 0xc8 ; mov esi, edi ; mov edi, esp ; rep movsb "\x31\xc9\xb5\xc8\x89\xfe\x89\xe7\xf3\xa4" asm> setarch x64 Assembler architecture is now x64 asm> inc rax "\x48\xff\xc0" asm>
To go from opcodes to instructions just type them in the command line.
disasm> \xff\xe4 0x00400000: jmp esp disasm> \x31\xc0 0x00400000: xor eax, eax disasm> \x31\xc9\xb5\xc8\x89\xfe\x89\xe7\xf3\xa4 0x00400000: xor ecx, ecx 0x00400002: mov ch, 0xc8 0x00400004: mov esi, edi 0x00400006: mov edi, esp 0x00400008: rep movsb byte ptr es:[edi], byte ptr [esi] disasm> setarch x64 Disassembler architecture is now x64 disasm> \x48\xff\xc0 0x00400000: inc rax disasm>
For help just use ‘?’ or ‘help ’.
asm> ? Documented commands (type help <topic>): ======================================== EOF exit help lsarchs lsmodes quit setarch setmode asm> help lsmodes Lists current operational modes available. asm> help lsarchs List supported Assembler architectures. asm> help setarch Set Assembler architecture. To list available options type 'lsarchs'. asm> help setmode Sets 'kcshell' operational mode. For available options run 'lsmodes'. asm> lsarchs systemz, hexagon, arm, arm64, ppc32, mips32, sparc, x64, x16, sparc64, arm_t, x86, mips64, ppc64
To list all the supported architectures just go to the desired mode and use ‘lsarchs’.
asm> lsarchs mips64, sparc64, sparc, arm_t, x64, x16, arm64, hexagon, systemz, mips32, ppc64, x86, arm, ppc32 asm> lsmodes asm, disasm asm> setmode disasm Default Disassembler architecture is x86 (32 bits) disasm> lsarchs mips64, x16, arm64, mips32, arm_t, x86, arm, x64 disasm>
I plan to implement a feature to read assembly instructions or opcodes from files soon. So if you find kcshell useful just keep an eye on github. In the meantime, have fun.
2017-04-08 09:43 +0100