Created
April 16, 2025 21:19
-
-
Save Rurik/ad519b6cfd0252ee0aecc9d323cffb36 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def op_to_hex(op): | |
| if hasattr(op, 'text'): | |
| op_text = op.text | |
| if op.type == InstructionTextTokenType.IntegerToken: | |
| # If integer token, use its value directly | |
| return f'0x{op.value:02X}' | |
| # If it's a text representation of a number | |
| if op_text.isdigit(): | |
| return f'0x{int(op_text):02X}' | |
| elif op_text.startswith('0x'): | |
| try: | |
| return f'0x{int(op_text, 16):02X}' | |
| except ValueError: | |
| return op_text | |
| return op_text | |
| # If op is an integer | |
| elif isinstance(op, int): | |
| return f'0x{op:02X}' | |
| # If op is a string | |
| elif isinstance(op, str): | |
| if op.isdigit(): | |
| return f'0x{int(op):02X}' | |
| elif op.startswith('0x'): | |
| try: | |
| return f'0x{int(op[2:], 16):02X}' | |
| except ValueError: | |
| return op | |
| return str(op) | |
| def find_xor_shift_operations(bv): | |
| for func in bv.functions: | |
| func_name = func.name.ljust(50) | |
| for block in func: | |
| for insn in block: | |
| if len(insn) == 0: | |
| continue | |
| mnemonic = str(insn[0][0]) | |
| if mnemonic in ["xor", "shl", "shr"]: | |
| if len(insn[0]) < 5: # Need at least operation and two operands, and BN includes null sections as entities | |
| continue | |
| op1 = insn[0][2] | |
| op2 = insn[0][4] | |
| if op1 != op2: | |
| op2_value = op_to_hex(op2) | |
| instruction = f'{mnemonic} {op1}, {op2_value}' | |
| line = f'{func_name}\t{instruction}' | |
| print(line) | |
| find_xor_shift_operations(bv) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment