前两篇说了capstone/beaengine,这节一起用一用经典的udis86;

github:https://github.com/vmt/udis86

0x01:udis86相比于前面两个，用起来还是比较简单的，使用文档如下所示：

Getting Started

===============

Building and Installing udis86

------------------------------

udis86 is developed for unix-like environments, and like most software,

the basic steps towards building and installing it are as follows.

.. code::

$ ./configure

$ make

$ make install

Depending on your choice of install location, you may need to have root

privileges to do an install. The install scripts copy the necessary header

and library files to appropriate locations in your system.

Interfacing with libudis86: A Quick Example

-------------------------------------------

The following is an example of a program that interfaces with libudis86

and uses the API to generate assembly language output for 64-bit code,

input from STDIN.

.. code-block:: c

#include

#include

int main()

{

ud_t ud_obj;

ud_init(&ud_obj);

ud_set_input_file(&ud_obj, stdin);

ud_set_mode(&ud_obj, 64);

ud_set_syntax(&ud_obj, UD_SYN_INTEL);

while (ud_disassemble(&ud_obj)) {

printf("\t%s\n", ud_insn_asm(&ud_obj));

}

return 0;

}

To compile the program (using gcc):

.. code::

$ gcc -ludis86 example.c -o example

This example should give you an idea of how this library can be used. The

following sections describe, in detail, the complete API of libudis86.

0x02:那就按照这个步骤来,关键你会发现，master文件夹中并没有configure文件，再看看README，先要配置好build环境；

Autotools Build

---------------

You need autotools if building from sources cloned form version control

system, or if you need to regenerate the build system. The wrapper

script 'autogen.sh' is provided that'll generate the build system.

//执行 ./autogen.sh报错 --> 原因是没有安装autoreconf

curits@curits-virtual-machine:~ /Desktop/udis86-master$ sudo ./autogen.sh

./autogen.sh: line 4: autoreconf: command not found

autogen: autoreconf -i failed.

//安装

curits@curits-virtual-machine:~/Desktop/udis86-master$ sudo apt-get install autoconf automake libtool

//然后再执行./autogen.sh --> 生成build环境

curits@curits-virtual-machine:~/Desktop/udis86-master$ ./autogen.sh

autoreconf: Entering directory `.'

autoreconf: configure.ac: not using Gettext

autoreconf: running: aclocal --force -I build/m4

autoreconf: configure.ac: tracing

autoreconf: running: libtoolize --copy --force

libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'build'.

libtoolize: copying file 'build/ltmain.sh'

libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'build/m4'.

libtoolize: copying file 'build/m4/libtool.m4'

libtoolize: copying file 'build/m4/ltoptions.m4'

libtoolize: copying file 'build/m4/ltsugar.m4'

libtoolize: copying file 'build/m4/ltversion.m4'

libtoolize: copying file 'build/m4/lt~obsolete.m4'

autoreconf: running: /usr/bin/autoconf --force

autoreconf: running: /usr/bin/autoheader --force

autoreconf: running: automake --add-missing --copy --force-missing

configure.ac:43: installing 'build/compile'

configure.ac:24: installing 'build/config.guess'

configure.ac:24: installing 'build/config.sub'

configure.ac:34: installing 'build/install-sh'

configure.ac:34: installing 'build/missing'

libudis86/Makefile.am: installing 'build/depcomp'

autoreconf: Leaving directory `.'

//接下来就是三板斧 ./configure --> make --> sudo make install (安装时使用root权限)

然后将example的代码拷贝下来，按照给定的方法进行方式进行编译，报错，究竟为啥没编译成功不太清楚；

curits@curits-virtual-machine:~/Desktop/udis86-master$ g++ -ludis86 example.c -o example

/tmp/ccXcpvEg.o: In function `main':

example.c:(.text+0x25): undefined reference to `ud_init'

example.c:(.text+0x3e): undefined reference to `ud_set_input_file'

example.c:(.text+0x52): undefined reference to `ud_set_mode'

example.c:(.text+0x60): undefined reference to `ud_translate_intel'

example.c:(.text+0x6b): undefined reference to `ud_set_syntax'

example.c:(.text+0x7a): undefined reference to `ud_disassemble'

example.c:(.text+0x92): undefined reference to `ud_insn_asm'

collect2: error: ld returned 1 exit status

解决办法：从make install 的打印信息可以看出，把编译出来的动态库拷贝到了/user/local/lib下；

curits@curits-virtual-machine:/usr/local/lib$ ls

libudis86.la libudis86.so libudis86.so.0 libudis86.so.0.0.0 python2.7 python3.6

索性直接把example.c文件夹拷贝到当前目录，直接用编译出来的libudis86.so动态库；

//成功编译出二进制文件、

curits@curits-virtual-machine:/usr/local/lib$ export LD_LIBRARY_PATH=./

curits@curits-virtual-machine:/usr/local/lib$ sudo g++ -o example example.c libudis86.so

curits@curits-virtual-machine:/usr/local/lib$ ls

example example.c libudis86.la libudis86.so libudis86.so.0 libudis86.so.0.0.0 python2.7 python3.6

//执行example，从stdin中输入opencode

curits@curits-virtual-machine:/usr/local/lib$ ./example

65 67 89 87 76 65 54 56 78 89 09 00 90

sub eax, 0x35360a78

and [rsi], dh

invalid

and [rax], bh

cmp [rax], esp

cmp [rdi], dh

and [rdi], dh

and [ss:rsi], dh

xor eax, 0x20343520

xor eax, 0x38372036

and [rax], bh

cmp [rax], esp

xor [rcx], bh

and [rax], dh

xor [rax], ah

cmp [rax], esi

虽然生成了反汇编代码，但是结果却是有问题的，具体什么问题，还得研究研究源码；

从官网查看相应API:http://udis86.sourceforge.net/manual/libudis86.html#setup-input

//对input函数 ud_set_input_file的相关说明

void ud_set_input_file(ud_t*, FILE* filep)

Sets the input source to a file pointed to by a given standard library FILE pointer. Note that libudis86 does not perform any checks, and assumes that the file pointer is properly initialized and open for reading.

//example代码初始化

ud_set_input_file(&ud_obj, stdin);

修改example.c代码，给ud_set_input_file()传一个文件指针：

#include

#include

#define FILENAME "/home/curits/Desktop/ins.txt"

int main()

{

ud_t ud_obj;

FILE * filep;

filep = fopen( FILENAME, "rb+");

if(!filep)

{

printf("Can not open file\n");

return 0;

}

ud_init(&ud_obj);

// ud_set_input_file(&ud_obj, stdin);

ud_set_input_file(&ud_obj, filep);

ud_set_mode(&ud_obj, 64);

ud_set_syntax(&ud_obj, UD_SYN_INTEL);

while (ud_disassemble(&ud_obj)) {

printf("\t%s\n", ud_insn_asm(&ud_obj));

}

fclose(filep);

return 0;

}

编译执行：

//成功将ins.txt文件反汇编

curits@curits-virtual-machine:/usr/local/lib$ ./example

nop [rax+rax]

push rbp

mov rbp, rsp

pop rbp

ret

nop [rax+rax]

//与intel-xed反汇编比较

curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ ./xed -ir /home/curits/Desktop/ins.txt -64

XDIS 0: WIDENOP BASE 0F1F440000 nop dword ptr [rax+rax*1], eax

XDIS 5: PUSH BASE 55 push rbp

XDIS 6: DATAXFER BASE 4889E5 mov rbp, rsp

XDIS 9: POP BASE 5D pop rbp

XDIS a: RET BASE C3 ret

XDIS b: WIDENOP BASE 0F1F440000 nop dword ptr [rax+rax*1], eax

# end of text section.

# Errors: 0

#XED3 DECODE STATS

#Total DECODE cycles: 1071003

#Total instructions DECODE: 6

#Total tail DECODE cycles: 1071003

#Total tail instructions DECODE: 6

#Total cycles/instruction DECODE: 178500.50

#Total tail cycles/instruction DECODE: 178500.50

更多功能可以基于这个开发；