pypcode

Machine code disassembly and IR translation library for Python using the excellent SLEIGH library from the Ghidra framework (version 10.2.2).

This library was created primarily for use with angr, which provides analyses and symbolic execution of p-code.

Quick Start

This package can be installed on Linux, macOS, and Windows platforms for recent (3.8+) versions of both CPython and PyPy. Wheels are provided for several configurations. You can install the latest release from PyPI using pip:

pip install pypcode

You can also install the very latest development version from this repository using pip:

pip install --user https://github.com/angr/pypcode/archive/refs/heads/master.zip

You can now invoke the pypcode module from command line to translate supported machine code to P-code from command line. Run python -m pypcode --help for usage information. See module source (__main__.py) for examples of using pypcode as a library.

Example

$ python -m pypcode -b x86:LE:64:default test-x64.bin
--------------------------------------------------------------------------------
00000000/2: XOR EAX,EAX
--------------------------------------------------------------------------------
  0: CF = 0x0
  1: OF = 0x0
  2: EAX = EAX ^ EAX
  3: RAX = zext(EAX)
  4: SF = EAX s< 0x0
  5: ZF = EAX == 0x0
  6: unique[0x2580:4] = EAX & 0xff
  7: unique[0x2590:1] = popcount(unique[0x2580:4])
  8: unique[0x25a0:1] = unique[0x2590:1] & 0x1
  9: PF = unique[0x25a0:1] == 0x0

--------------------------------------------------------------------------------
00000002/2: CMP ESI,EAX
--------------------------------------------------------------------------------
  0: CF = ESI < EAX
  1: OF = sborrow(ESI, EAX)
  2: unique[0x5180:4] = ESI - EAX
  3: SF = unique[0x5180:4] s< 0x0
  4: ZF = unique[0x5180:4] == 0x0
  5: unique[0x2580:4] = unique[0x5180:4] & 0xff
  6: unique[0x2590:1] = popcount(unique[0x2580:4])
  7: unique[0x25a0:1] = unique[0x2590:1] & 0x1
  8: PF = unique[0x25a0:1] == 0x0

--------------------------------------------------------------------------------
00000004/2: JBE 0x17
--------------------------------------------------------------------------------
  0: unique[0x18f0:1] = CF || ZF
  1: if (unique[0x18f0:1]) goto ram[0x17:8]

Name		Name	Last commit message	Last commit date
Latest commit History 145 Commits
.github		.github
docs		docs
pypcode		pypcode
tests		tests
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.readthedocs.yml		.readthedocs.yml
LICENSE.txt		LICENSE.txt
MANIFEST.in		MANIFEST.in
README.md		README.md
build_cffi.py		build_cffi.py
pyproject.toml		pyproject.toml
setup.py		setup.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

pypcode

Quick Start

Example

About

Uh oh!

Uh oh!

Contributors 11

Uh oh!

Languages

License

angr/pypcode

Folders and files

Latest commit

History

Repository files navigation

pypcode

Quick Start

Example

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Uh oh!

Contributors 11

Uh oh!

Languages