capstone

Posted on 2022-11-06

# Preface:

# A write up in hnctf use `capstone` to solved the problem `maze` . It’s the first time I heard of it, so I am writing to this blog for later review.

# Most thing I write can be found in Official file.

# An example you can try before reading:

# test1.py
from capstone import *

CODE = b"\x55\x48\x8b\x05\xb8\x13\x00\x00"

md = Cs(CS_ARCH_X86, CS_MODE_64)
for i in md.disasm(CODE, 0x1000):
    print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))

# It's the official example, you can try to change the CODE and see what happens.(Such as add a few '\x55' or '\x48' or whatever you like)

Trying this problem, you get the basic idea how capstone, or rather, how a .exe file works. It translate the binary numbers into assembly language in a queue, and when you add some thing, the whole procedure might when wrong.(You may think thit is simple, but some time we just didn’t remember to relate the whole file with simple binary numbers like wht upper CODE )

We need to know what does the function mean:

~to be continue

# Preface:

# A write up in hnctf use capstone to solved the problem maze . It’s the first time I heard of it, so I am writing to this blog for later review.

# Most thing I write can be found in Official file.

# An example you can try before reading:

# A write up in hnctf use `capstone` to solved the problem `maze` . It’s the first time I heard of it, so I am writing to this blog for later review.