[experiment]: Use capstone to implement ELF.libc_start_main_ret#2580
Open
tesuji wants to merge 5 commits intoGallopsled:devfrom
Open
[experiment]: Use capstone to implement ELF.libc_start_main_ret#2580tesuji wants to merge 5 commits intoGallopsled:devfrom
ELF.libc_start_main_ret#2580tesuji wants to merge 5 commits intoGallopsled:devfrom
Conversation
tesuji
changed the title
ELF.libc_start_mainELF.libc_start_main
tesuji
changed the title
ELF.libc_start_mainELF.libc_start_main_ret
Arusekk
requested changes
Feb 20, 2026
| if arch in bfdnames: | ||
| return bfdnames[arch] | ||
| else: | ||
| name = bfdnames.get(arch) |
| self.config['version'] = self.version | ||
|
|
||
| def cs_disasm(self, md: cs.Cs, address, n_bytes): | ||
| if self.arch == 'arm' and address & 1: |
Member
There was a problem hiding this comment.
Suggested change
| if self.arch == 'arm' and address & 1: | |
| if self.arch in ('arm','thumb'): | |
| address &= ~1 |
| if self.arch in ['arm', 'thumb']: | ||
| call_instructions = set(['blx', 'bl']) | ||
| # FIXME: I have no idea why setting self.arch = 'armhf' does not work | ||
| if b'armhf' in self.linker: eabi = 'hf' |
Member
There was a problem hiding this comment.
I don't like this. Maybe just always use just arm and always try eabihf first for disassembly as it handles a strict superset of instructions?
| call_instructions = set(['bal', 'jalr']) | ||
| # Account for the delay slot. | ||
| call_return_offset = 2 | ||
| elif self.arch in ['i386', 'amd64', 'ia64']: |
Member
There was a problem hiding this comment.
Maybe move the empty suites to the end or remove them altogether and also remove the error case?
| calls = [(index, line) for index, line in enumerate(lines) if set(line.split()) & call_instructions] | ||
| from pwnlib.asm import get_cs_disassembler | ||
| md = get_cs_disassembler(arch=self.arch, endian=self.endian, bits=self.bits, eabi=eabi) | ||
| dis = list(self.cs_disasm(md, func.address, func.size)) |
Member
There was a problem hiding this comment.
Maybe this should be made an API of the Function object, like disasm? It will be more useful across pwntools.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Use capstone to implement
ELF.libc_start_main_ret.Reasons:
powerpc64 still fail after this PR.
I marked this PR as draft to get some early feedback, and some volunteer testers.
Testing
Need more testing!!! And some design works to make the code cleaner.
This PR has been manually tested on (
✓is pass,Xis failure):Failure cases:
Failure arch on dev:
Fail to decompile this target, this should use
arm-linux-gnueabihf-objdump.