Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

README.md

kcshell

What is it:

Simple Python3 based interactive assembly/disassembly shell for various architectures powered by Keystone/Capstone.

How to install it:

pip3 install kcshell

OR (assuming you have Keystone and Capstone build toolchains installed)

git clone https://github.com/fdiskyou/kcshell
cd kcshell
python setup.py install

Note: if for some reason the above doesn't work for you in a Debian based Linux distro because package maintainers ¯\_(ツ)_/¯ try:

$ sudo apt-get install cmake
$ wget https://github.com/keystone-engine/keystone/archive/0.9.1.tar.gz
$ tar zxvf 0.9.1.tar.gz
$ cd keystone-0.9.1/
$ mkdir build
$ cd build/
$ ../make-share.sh 
$ sudo make install
$ sudo pip3 install kcshell

Usage

By default 'kcshell' starts in 'assembler' mode (x86 32 bits). You can change modes with 'setmode', and you can also change the default architecture for both the 'assembler' and 'disassembler' with 'setarch'.

$ kcshell
-=[ kcshell 0.0.4 ]=-
Default Assembler architecture is x86 (32 bits)
asm> lsmodes
disasm, asm
asm> setmode disasm
Default Disassembler architecture is x86 (32 bits)
disasm> lsarchs
x86, mips32, arm_t, x64, arm, x16, arm64, mips64
disasm> setarch x64
Disassembler architecture is now x64
disasm> 

To assemble instructions just type the instructions in the command line.

asm> jmp esp
"\xff\xe4"
asm> xor eax, eax
"\x31\xc0"
asm> jmp -500
"\xe9\x07\xfe\xff\xff"
asm> add esp,-1500
"\x81\xc4\x24\xfa\xff\xff"
asm> xor ecx,ecx ; mov ch, 0xc8 ; mov esi, edi ; mov edi, esp ; rep movsb
"\x31\xc9\xb5\xc8\x89\xfe\x89\xe7\xf3\xa4"
asm> setarch x64
Assembler architecture is now x64
asm> inc rax
"\x48\xff\xc0"
asm> 

To go from opcodes to instructions just type them in the command line.

disasm> \xff\xe4
0x00400000:     jmp     esp
disasm> \x31\xc0
0x00400000:     xor     eax, eax
disasm> \x31\xc9\xb5\xc8\x89\xfe\x89\xe7\xf3\xa4
0x00400000:	xor	ecx, ecx
0x00400002:	mov	ch, 0xc8
0x00400004:	mov	esi, edi
0x00400006:	mov	edi, esp
0x00400008:	rep movsb	byte ptr es:[edi], byte ptr [esi]
disasm> setarch x64
Disassembler architecture is now x64
disasm> \x48\xff\xc0
0x00400000:     inc     rax
disasm> 

For help just use '?' or 'help <command>'.

asm> ?

Documented commands (type help <topic>):
========================================
EOF  exit  help  lsarchs  lsmodes  quit  setarch  setmode

asm> setmode disasm
Default Disassembler architecture is x86 (32 bits)
disasm> ?

Documented commands (type help <topic>):
========================================
EOF  exit  help  lsarchs  lsmodes  quit  setarch  setmode

disasm>

To list all the supported architectures just go to the desired mode and use 'lsarchs'.

asm> lsarchs
mips64, sparc64, sparc, arm_t, x64, x16, arm64, hexagon, systemz, mips32, ppc64, x86, arm, ppc32
asm> lsmodes
asm, disasm
asm> setmode disasm
Default Disassembler architecture is x86 (32 bits)
disasm> lsarchs
mips64, x16, arm64, mips32, arm_t, x86, arm, x64
disasm> 

Python Package Index

About

Simple Python3 based interactive assembly/disassembly shell for various architectures powered by Keystone/Capstone.

Topics

Resources

License

Packages

No packages published

Languages

You can’t perform that action at this time.