In [None]:
import dis
import pefile
import capstone
from collections import Counter

# Function to disassemble a binary file
def disassemble_binary(binary_path):
    with open(binary_path, 'rb') as f:
        binary_data = f.read()
    disassembled_code = dis.dis(binary_data)
    return disassembled_code

# Analyze PE file to extract functions, imports, and sections
def analyze_pe_file(binary_path):
    pe = pefile.PE(binary_path)
    functions = []
    imports = []
    sections = []

    for entry in pe.DIRECTORY_ENTRY_IMPORT:
        imports.append(entry.dll)
    
    for section in pe.sections:
        sections.append(section.Name.decode())

    return functions, imports, sections

# Function to detect potentially harmful assembly instructions using Capstone
def detect_harmful_instructions(binary_path):
    md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
    with open(binary_path, 'rb') as f:
        binary_data = f.read()

    instructions = md.disasm(binary_data, 0)
    harmful_instructions = ['jmp', 'call', 'ret']

    harmful_code = []
    for instr in instructions:
        if instr.mnemonic in harmful_instructions:
            harmful_code.append(instr)
    
    return harmful_code

# Reverse engineer malware
def reverse_engineer_malware(binary_path):
    functions, imports, sections = analyze_pe_file(binary_path)
    harmful_code = detect_harmful_instructions(binary_path)

    print("Suspicious Functions:", functions)
    print("Suspicious Imports:", imports)
    print("Malware Sections:", sections)
    print("Harmful Instructions Found:")
    for instr in harmful_code:
        print(f"{instr.address}: {instr.mnemonic} {instr.op_str}")

# Example usage: Reverse engineering a suspicious binary
binary_path = "malicious_sample.exe"
reverse_engineer_malware(binary_path)
