fix #89: different output with capstone 4.0

plasma-disassembler · plasma-disassembler · commit 5bb07b3f4a87 · 2018-07-08T16:43:26.000+02:00
- X86_OP_FP removed
- some operands are now interpreted as int instead of char
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ database compatibility could be broken.
 ## Requirements
 
 * python >= 3.4
-* [capstone](https://github.com/aquynh/capstone)
+* [capstone](https://github.com/aquynh/capstone), tested with 4.0-alpha5
 * [python-pyelftools](https://github.com/eliben/pyelftools)
 * [pefile](https://github.com/erocarrera/pefile) + python3-future
 * [python-msgpack](https://github.com/msgpack/msgpack-python) >= 0.4.6
diff --git a/install.sh b/install.sh
@@ -31,7 +31,7 @@ if [ "$1" != "--update" ]; then
     pushd . > /dev/null
     mkdir -p build
     cd build
-    CAPSTONE_VERSION="3.0.5-rc3"
+    CAPSTONE_VERSION="4.0-alpha5"
     if [ -d capstone_$CAPSTONE_VERSION ]; then
         cd capstone_$CAPSTONE_VERSION
         make clean
diff --git a/plasma/lib/arch/x86/output.py b/plasma/lib/arch/x86/output.py
@@ -19,7 +19,7 @@
 
 from capstone.x86 import (X86_INS_ADD, X86_INS_AND, X86_INS_CMP, X86_INS_DEC,
         X86_INS_IDIV, X86_INS_IMUL, X86_INS_INC, X86_INS_MOV, X86_INS_SHL,
-        X86_INS_SHR, X86_INS_SUB, X86_INS_XOR, X86_OP_FP, X86_OP_IMM,
+        X86_INS_SHR, X86_INS_SUB, X86_INS_XOR, X86_OP_IMM,
         X86_OP_INVALID, X86_OP_MEM, X86_OP_REG, X86_REG_EBP, X86_REG_EIP,
         X86_REG_RBP, X86_REG_RIP, X86_INS_CDQE, X86_INS_LEA, X86_INS_MOVSX,
         X86_INS_OR, X86_INS_NOT, X86_PREFIX_REP, X86_PREFIX_REPNE,
@@ -85,8 +85,8 @@ def inv(n):
         elif op.type == X86_OP_REG:
             self._add(i.reg_name(op.value.reg))
 
-        elif op.type == X86_OP_FP:
-            self._add("%f" % op.value.fp)
+        # elif op.type == X86_OP_FP:
+            # self._add("%f" % op.value.fp)
 
         elif op.type == X86_OP_MEM:
             mm = op.mem
diff --git a/tests/analyzer/arrays.rev b/tests/analyzer/arrays.rev
@@ -41,7 +41,7 @@ frame_size = 8
 0x400470: eax = unk_600a2f
 0x400475: push rbp
 0x400476: rax -= __TMC_END__
-0x40047c: rax cmp '\x0e'
+0x40047c: rax cmp 14
 0x400480: rbp = rsp
 0x400483: jbe loc_4004a0
 0x400485: eax = 0
diff --git a/tests/analyzer/overlap.rev b/tests/analyzer/overlap.rev
@@ -26,7 +26,7 @@ function overlap_2 (.text) {
         0x4000f6: ecx++
         # 0x4000f8: cmp ecx, 0xf
         # 0x4000fb: jle 0x4000f1
-        if (ecx > '\x0f')  goto break_0x4000fd
+        if (ecx > 15)  goto break_0x4000fd
     } ; loop
 
     break_0x4000fd:
diff --git a/tests/analyzer/regsim.rev b/tests/analyzer/regsim.rev
@@ -25,7 +25,7 @@ frame_size = 8
 
 loop:
 0x4000e9: rax += 1
-0x4000ed: rax cmp '\n'
+0x4000ed: rax cmp 10
 0x4000f1: jne loop
 0x4000f3: rbx = 10
 0x4000fa: rax = rbx + 4194467
diff --git a/tests/analyzer/switch.rev b/tests/analyzer/switch.rev
@@ -37,7 +37,7 @@ frame_size = 8
 0x400440: eax = unk_6009df
 0x400445: push rbp
 0x400446: rax -= __TMC_END__
-0x40044c: rax cmp '\x0e'
+0x40044c: rax cmp 14
 0x400450: rbp = rsp
 0x400453: jbe loc_400470
 0x400455: eax = 0
@@ -175,7 +175,7 @@ int        var_c     = -0xc
 0x400515: var_c cmp 10
 0x400519: ja loc_400564
 0x40051b: eax = var_c
-0x40051e: !rax = &jmptable_400620[0]
+0x40051e: rax = *((rax*8) + &jmptable_400620[0])
 0x400526: jmp rax ; switch statement jmptable_400620[11]
 
 ; case 2  jmptable_400620
diff --git a/tests/andor5.rev b/tests/andor5.rev
@@ -9,21 +9,21 @@ function main (.text) {
     0x4004f4: call rand
     0x4004f9: ebx = eax
     0x4004fb: call rand
-    0x400500: ebx cmp '\x01'
+    0x400500: ebx cmp 1
     0x400503: ebp = eax
     # 0x400505: je 0x400515
     if != {
         # 0x400507: cmp eax, 1
         # 0x40050a: je 0x400524
-        if (eax == '\x01') {
+        if (eax == 1) {
             goto 0x400524
         }
     } else {
         0x400515: edi = 0x4006b4 "2"
         0x40051a: call puts
         # 0x40051f: cmp ebp, 2
         # 0x400522: jne 0x40050c
-        if (ebp == '\x02') {
+        if (ebp == 2) {
             0x400524: edi = 0x4006b6 "1"
             0x400529: call puts
             0x40052e: jmp ret_0x40050c
diff --git a/tests/andor6.rev b/tests/andor6.rev
@@ -9,12 +9,12 @@ function main (.text) {
     0x4004f6: call rand
     # 0x4004fb: cmp ebx, 1
     # 0x4004fe: je 0x400513
-    if (ebx != '\x01') {
+    if (ebx != 1) {
         0x400500: edi = 0x4006b6 "2"
         0x400505: call puts
         # 0x40050a: cmp ebx, 2
         # 0x40050d: je 0x400517
-        if (ebx == '\x02') {
+        if (ebx == 2) {
             goto 0x400517
         }
     } else {
diff --git a/tests/pendu____main.rev b/tests/pendu____main.rev
@@ -10,9 +10,9 @@ function ___main (.text) {
         0x4018d0: eax = *(___CTOR_LIST__)
         0x4018d5: ebx = 1
         0x4018da: *(0x404020) = ebx
-        # 0x4018e0: cmp eax, 0xff
+        # 0x4018e0: cmp eax, -1
         # 0x4018e3: je 0x40190a
-        if (eax == '\xff') {
+        if (eax == -1) {
             0x40190a: ecx = *(0x401e94)
             0x401910: eax = 0
             0x401912: test ecx, ecx
diff --git a/tests/pendu___imp___cexit.rev b/tests/pendu___imp___cexit.rev
@@ -61,9 +61,9 @@ function __imp___cexit (.text) {
         0x401206: call __setmode
         0x40120b: edx = *(_iob)
         0x401211: jmp 0x40116b
-        # 0x40116b: cmp edx, 0xe0
+        # 0x40116b: cmp edx, -0x20
         # 0x40116e: je 0x401190
-        if (edx != '\xe0') {
+        if (edx != -32) {
             0x401170: eax = *(0x404010)
             0x401175: *(esp + 4) = eax
             0x401179: ebx = *(_iob)
@@ -72,9 +72,9 @@ function __imp___cexit (.text) {
             0x401185: call __setmode
             0x40118a: edx = *(_iob)
         }
-        # 0x401190: cmp edx, 0xc0
+        # 0x401190: cmp edx, -0x40
         # 0x401193: je 0x4011b0
-        if (edx != '\xc0') {
+        if (edx != -64) {
             0x401195: ebx = *(0x404010)
             0x40119b: *(esp + 4) = ebx
             0x40119f: ecx = *(_iob)
