Linux x8664汇编,Linux Udis86 反汇编引擎使用
前兩篇說了capstone/beaengine,這節一起用一用經典的udis86;
github:https://github.com/vmt/udis86
0x01:udis86相比于前面兩個,用起來還是比較簡單的,使用文檔如下所示:
Getting Started
===============
Building and Installing udis86
------------------------------
udis86 is developed for unix-like environments, and like most software,
the basic steps towards building and installing it are as follows.
.. code::
$ ./configure
$ make
$ make install
Depending on your choice of install location, you may need to have root
privileges to do an install. The install scripts copy the necessary header
and library files to appropriate locations in your system.
Interfacing with libudis86: A Quick Example
-------------------------------------------
The following is an example of a program that interfaces with libudis86
and uses the API to generate assembly language output for 64-bit code,
input from STDIN.
.. code-block:: c
#include
#include
int main()
{
ud_t ud_obj;
ud_init(&ud_obj);
ud_set_input_file(&ud_obj, stdin);
ud_set_mode(&ud_obj, 64);
ud_set_syntax(&ud_obj, UD_SYN_INTEL);
while (ud_disassemble(&ud_obj)) {
printf("\t%s\n", ud_insn_asm(&ud_obj));
}
return 0;
}
To compile the program (using gcc):
.. code::
$ gcc -ludis86 example.c -o example
This example should give you an idea of how this library can be used. The
following sections describe, in detail, the complete API of libudis86.
0x02:那就按照這個步驟來,關鍵你會發現,master文件夾中并沒有configure文件,再看看README,先要配置好build環境;
Autotools Build
---------------
You need autotools if building from sources cloned form version control
system, or if you need to regenerate the build system. The wrapper
script 'autogen.sh' is provided that'll generate the build system.
//執行 ./autogen.sh報錯 --> 原因是沒有安裝autoreconf
curits@curits-virtual-machine:~ /Desktop/udis86-master$ sudo ./autogen.sh
./autogen.sh: line 4: autoreconf: command not found
autogen: autoreconf -i failed.
//安裝
curits@curits-virtual-machine:~/Desktop/udis86-master$ sudo apt-get install autoconf automake libtool
//然后再執行./autogen.sh --> 生成build環境
curits@curits-virtual-machine:~/Desktop/udis86-master$ ./autogen.sh
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I build/m4
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'build'.
libtoolize: copying file 'build/ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'build/m4'.
libtoolize: copying file 'build/m4/libtool.m4'
libtoolize: copying file 'build/m4/ltoptions.m4'
libtoolize: copying file 'build/m4/ltsugar.m4'
libtoolize: copying file 'build/m4/ltversion.m4'
libtoolize: copying file 'build/m4/lt~obsolete.m4'
autoreconf: running: /usr/bin/autoconf --force
autoreconf: running: /usr/bin/autoheader --force
autoreconf: running: automake --add-missing --copy --force-missing
configure.ac:43: installing 'build/compile'
configure.ac:24: installing 'build/config.guess'
configure.ac:24: installing 'build/config.sub'
configure.ac:34: installing 'build/install-sh'
configure.ac:34: installing 'build/missing'
libudis86/Makefile.am: installing 'build/depcomp'
autoreconf: Leaving directory `.'
//接下來就是三板斧 ./configure --> make --> sudo make install (安裝時使用root權限)
然后將example的代碼拷貝下來,按照給定的方法進行方式進行編譯,報錯,究竟為啥沒編譯成功不太清楚;
curits@curits-virtual-machine:~/Desktop/udis86-master$ g++ -ludis86 example.c -o example
/tmp/ccXcpvEg.o: In function `main':
example.c:(.text+0x25): undefined reference to `ud_init'
example.c:(.text+0x3e): undefined reference to `ud_set_input_file'
example.c:(.text+0x52): undefined reference to `ud_set_mode'
example.c:(.text+0x60): undefined reference to `ud_translate_intel'
example.c:(.text+0x6b): undefined reference to `ud_set_syntax'
example.c:(.text+0x7a): undefined reference to `ud_disassemble'
example.c:(.text+0x92): undefined reference to `ud_insn_asm'
collect2: error: ld returned 1 exit status
解決辦法:從make install 的打印信息可以看出,把編譯出來的動態庫拷貝到了/user/local/lib下;
curits@curits-virtual-machine:/usr/local/lib$ ls
libudis86.la libudis86.so libudis86.so.0 libudis86.so.0.0.0 python2.7 python3.6
索性直接把example.c文件夾拷貝到當前目錄,直接用編譯出來的libudis86.so動態庫;
//成功編譯出二進制文件、
curits@curits-virtual-machine:/usr/local/lib$ export LD_LIBRARY_PATH=./
curits@curits-virtual-machine:/usr/local/lib$ sudo g++ -o example example.c libudis86.so
curits@curits-virtual-machine:/usr/local/lib$ ls
example example.c libudis86.la libudis86.so libudis86.so.0 libudis86.so.0.0.0 python2.7 python3.6
//執行example,從stdin中輸入opencode
curits@curits-virtual-machine:/usr/local/lib$ ./example
65 67 89 87 76 65 54 56 78 89 09 00 90
sub eax, 0x35360a78
and [rsi], dh
invalid
and [rax], bh
cmp [rax], esp
cmp [rdi], dh
and [rdi], dh
and [ss:rsi], dh
xor eax, 0x20343520
xor eax, 0x38372036
and [rax], bh
cmp [rax], esp
xor [rcx], bh
and [rax], dh
xor [rax], ah
cmp [rax], esi
雖然生成了反匯編代碼,但是結果卻是有問題的,具體什么問題,還得研究研究源碼;
從官網查看相應API:http://udis86.sourceforge.net/manual/libudis86.html#setup-input
//對input函數 ud_set_input_file的相關說明
void ud_set_input_file(ud_t*, FILE* filep)
Sets the input source to a file pointed to by a given standard library FILE pointer. Note that libudis86 does not perform any checks, and assumes that the file pointer is properly initialized and open for reading.
//example代碼初始化
ud_set_input_file(&ud_obj, stdin);
修改example.c代碼,給ud_set_input_file()傳一個文件指針:
#include
#include
#define FILENAME "/home/curits/Desktop/ins.txt"
int main()
{
ud_t ud_obj;
FILE * filep;
filep = fopen( FILENAME, "rb+");
if(!filep)
{
printf("Can not open file\n");
return 0;
}
ud_init(&ud_obj);
// ud_set_input_file(&ud_obj, stdin);
ud_set_input_file(&ud_obj, filep);
ud_set_mode(&ud_obj, 64);
ud_set_syntax(&ud_obj, UD_SYN_INTEL);
while (ud_disassemble(&ud_obj)) {
printf("\t%s\n", ud_insn_asm(&ud_obj));
}
fclose(filep);
return 0;
}
編譯執行:
//成功將ins.txt文件反匯編
curits@curits-virtual-machine:/usr/local/lib$ ./example
nop [rax+rax]
push rbp
mov rbp, rsp
pop rbp
ret
nop [rax+rax]
//與intel-xed反匯編比較
curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ ./xed -ir /home/curits/Desktop/ins.txt -64
XDIS 0: WIDENOP BASE 0F1F440000 nop dword ptr [rax+rax*1], eax
XDIS 5: PUSH BASE 55 push rbp
XDIS 6: DATAXFER BASE 4889E5 mov rbp, rsp
XDIS 9: POP BASE 5D pop rbp
XDIS a: RET BASE C3 ret
XDIS b: WIDENOP BASE 0F1F440000 nop dword ptr [rax+rax*1], eax
# end of text section.
# Errors: 0
#XED3 DECODE STATS
#Total DECODE cycles: 1071003
#Total instructions DECODE: 6
#Total tail DECODE cycles: 1071003
#Total tail instructions DECODE: 6
#Total cycles/instruction DECODE: 178500.50
#Total tail cycles/instruction DECODE: 178500.50
更多功能可以基于這個開發;
總結
以上是生活随笔為你收集整理的Linux x8664汇编,Linux Udis86 反汇编引擎使用的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 价格屠夫上新了!moto X30 Pro
- 下一篇: java处理linux中的 m_Linu