Breaking Code

May 27, 2009

Using diStorm with Python 2.6 and Python 3.x

Filed under: Tools — Tags: , , , , , , , — Mario Vilas @ 12:14 am

diStorm is currently my favorite disassember for Intel platforms. It’s small, fast, compiles virtually anywhere, and it’s got Python bindings for 2.3, 2.4 and 2.5. The only problem so far was trying to use it with Python 2.6 and above – the library has to be recompiled for each new version. To solve this problem a pure Python module using ctypes is shipped – but it’s interface is different from the C module, forcing us to code different routines.

So my solution was to code my own ctypes-based diStorm bindings. It’s compatible with the C version and it works in all Python 2.x versions. The DLL library has to be present in the path for it to work.

I’ve also ported it to Python 3.x. Both versions are tested under Windows only, however it should work correctly under Linux – let me know if you try it!

Here is also an example script using diStorm to disassemble a raw binary file. Could come in handy for example to disassemble the shellcode contained in an exploit, or to find anything that resembles shellcode in a packet capture.

Update

Download links (for Python 2.x)

Download links (for Python 3.x)

About these ads

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 2,479 other followers

%d bloggers like this: