Added disassembler/assembler support

Author: echo-devim

README.md

@@ -3,9 +3,10 @@
 This project is born with the aim to develop a lightweight, but useful tool. The reason is that the existing hex editors have some different limitations (e.g. too many dependencies, missing hex coloring features, etc.).
 
 ![screenshot](screenshot.png) 
-![screenshot2](screenshot2.png) 
+![screenshot2](screenshot2.png)
+![screenshot3](screenshot3.png)
 
-This project is based on **qhexedit2**. New features should be added in the future, PRs are welcomed.
+This project is based on **qhexedit2**, **capstone** and **keystone** engines. New features could be added in the future, PRs are welcomed.
 
 ## Features
 
@@ -30,6 +31,8 @@ This project is based on **qhexedit2**. New features should be added in the futu
 * Hex - Dec number converter [`F2`]
 * Hex String escaper (e.g from 010203 to \x01\x02\x03) [`F3`]
 * Pattern Matching Engine (see later for details)
+* Disassebler based on Capstone Engine [`F4`]
+* Assembler based on Keystone Engine [`F4`]
 * Shortcuts for all these features
 
 ## Pattern Matching Engine

fhex.pro

@@ -27,6 +27,7 @@ DEFINES += QT_DEPRECATED_WARNINGS
 RC_ICONS = icon.ico
 
 SOURCES += \
+    src/fasm.cpp \
     src/chunks.cpp \
     src/commands.cpp \
     src/core/patternmatching.cpp \
@@ -36,10 +37,13 @@ SOURCES += \
     src/qhexedit.cpp
 
 HEADERS += \
+    src/fasm.h \
     src/chunks.h \
     src/commands.h \
     src/core/json.h \
     src/core/patternmatching.h \
         src/fhex.h \
     src/core/hexeditor.h \
     src/qhexedit.h
+
+QMAKE_LFLAGS += -lkeystone -lcapstone

screenshot3.png

@@ -0,0 +1,177 @@
+#include "fasm.h"
+
+Fasm::Fasm(QString bytes) : QMainWindow(nullptr)
+{
+    this->setWindowTitle("Fasm");
+    this->setWindowIcon(QIcon("/usr/share/icons/fhex.png"));
+    this->setMinimumSize(800, 500);
+    textAsm = new QTextEdit(this);
+    textOpcodes = new QTextEdit(this);
+    textAsm->setStyleSheet(TEXTEDIT_STYLE);
+    textOpcodes->setStyleSheet(TEXTEDIT_STYLE);
+    this->textOpcodes->setPlainText(bytes);
+    statusbar = new QLabel;
+    QLabel *lblArch = new QLabel("Arch:");
+    QLabel *lblMode = new QLabel("Mode:");
+    QLabel *lblAsm = new QLabel("Assembly:");
+    QLabel *lblOpcodes = new QLabel("Op codes:");
+    cmbArch = new QComboBox;
+    cmbArch->addItem("X86");
+    cmbArch->addItem("ARM");
+    cmbArch->addItem("ARM64");
+    cmbArch->addItem("MIPS");
+    cmbMode = new QComboBox;
+    cmbMode->addItem("32 bit");
+    cmbMode->addItem("64 bit");
+    cmbMode->addItem("ARM");
+    cmbMode->addItem("THUMB");
+    cmbMode->addItem("MIPS32");
+    cmbMode->addItem("MIPS64");
+    QPushButton *setDisasm = new QPushButton("Disassemble");
+    connect(setDisasm, &QPushButton::clicked, this, &Fasm::on_btnSetDisasm_click);
+    QPushButton *setAsm = new QPushButton("Assemble");
+    connect(setAsm, &QPushButton::clicked, this, &Fasm::on_btnSetAsm_click);
+    QHBoxLayout *hbox = new QHBoxLayout;
+    QHBoxLayout *buttons = new QHBoxLayout;
+    QGridLayout *gridLayout = new QGridLayout;
+    hbox->addWidget(lblArch, 0, Qt::AlignRight);
+    hbox->addWidget(cmbArch, 0, Qt::AlignLeft);
+    hbox->addWidget(lblMode, 0, Qt::AlignRight);
+    hbox->addWidget(cmbMode, 0, Qt::AlignLeft);
+    buttons->addWidget(setDisasm, 0, Qt::AlignRight);
+    buttons->addWidget(setAsm, 0, Qt::AlignLeft);
+    gridLayout->addLayout(hbox, 0, 0);
+    gridLayout->addLayout(buttons, 0, 1);
+    gridLayout->addWidget(lblAsm, 1, 0);
+    gridLayout->addWidget(lblOpcodes, 1, 1);
+    gridLayout->addWidget(textAsm, 2, 0);
+    gridLayout->addWidget(textOpcodes, 2, 1);
+    gridLayout->addWidget(statusbar, 3, 0, 1, 2);
+    QWidget *mainWidget = new QWidget();
+    mainWidget->setLayout(gridLayout);
+    this->setCentralWidget(mainWidget);
+    ks = nullptr;
+    loadKeystone();
+    loadCapstone();
+}
+
+void Fasm::loadCapstone() {
+    updateArchMode();
+    cs_opt_skipdata skipdata = {
+       .mnemonic = "db",
+    };
+    cs_err err = cs_open(carch, cmode, &cs);
+    if (err != CS_ERR_OK){
+        this->statusbar->setText("Error: Failed capstone initialization");
+    } else if (this->textOpcodes->toPlainText() != ""){
+        size_t count;
+        cs_insn *insn;
+        cs_option(cs, CS_OPT_DETAIL, CS_OPT_ON);
+        cs_option(cs, CS_OPT_SKIPDATA, CS_OPT_ON);
+        cs_option(cs, CS_OPT_SKIPDATA_SETUP, (size_t)&skipdata);
+        QByteArray bytes = QByteArray::fromHex(this->textOpcodes->toPlainText().toUtf8());
+        char *t = bytes.data();
+        count = cs_disasm(cs, reinterpret_cast<uint8_t*>(QByteArray::fromHex(this->textOpcodes->toPlainText().toUtf8()).data()), bytes.size(), 0, 0, &insn);
+        if (count > 0) {
+            this->statusbar->setText("Disassembled " + QString::number(count) + " instructions");
+            this->textAsm->clear();
+            size_t j;
+            for (j = 0; j < count; j++) {
+                this->textAsm->setPlainText(this->textAsm->toPlainText() + insn[j].mnemonic + " " + insn[j].op_str + ";\r\n");
+            }
+            cs_free(insn, count);
+        } else {
+            this->statusbar->setText("Error: Failed to disassemble given op codes\n");
+        }
+        cs_close(&cs);
+    }
+}
+
+void Fasm::updateArchMode() {
+    QString txtArch = cmbArch->currentText();
+    QString txtMode = cmbMode->currentText();
+
+    if (txtArch == "X86") {
+        karch = KS_ARCH_X86;
+        carch = CS_ARCH_X86;
+    } else if (txtArch == "ARM") {
+        karch = KS_ARCH_ARM;
+        carch = CS_ARCH_ARM;
+    } else if (txtArch == "ARM64") {
+        karch = KS_ARCH_ARM64;
+        carch = CS_ARCH_ARM64;
+    } else if (txtArch == "MIPS") {
+        karch = KS_ARCH_MIPS;
+        carch = CS_ARCH_MIPS;
+    }
+
+    if (txtMode == "32 bit") {
+        kmode = KS_MODE_32;
+        cmode = CS_MODE_32;
+    } else if (txtMode == "64 bit") {
+        kmode = KS_MODE_64;
+        cmode = CS_MODE_64;
+    } else if (txtMode == "ARM") {
+        kmode = KS_MODE_ARM;
+        cmode = CS_MODE_ARM;
+    } else if (txtMode == "THUMB") {
+        kmode = KS_MODE_THUMB;
+        cmode = CS_MODE_THUMB;
+    } else if (txtMode == "MIPS32") {
+        kmode = KS_MODE_MIPS32;
+        cmode = CS_MODE_MIPS32;
+    } else if (txtMode == "MIPS64") {
+        kmode = KS_MODE_MIPS64;
+        cmode = CS_MODE_MIPS64;
+    }
+}
+
+void Fasm::loadKeystone() {
+    if (ks != nullptr) {
+        ks_close(ks);
+        ks = nullptr;
+    }
+    updateArchMode();
+    ks_err err;
+    err = ks_open(karch, kmode, &ks);
+    if (err != KS_ERR_OK) {
+        statusbar->setText("Error: Failed keystone initialization");
+    } else if (this->textAsm->toPlainText() != "") {
+        this->textOpcodes->clear();
+        QString assembly = this->textAsm->toPlainText();
+        for (uint8_t b : asmToOpcodes(assembly)) {
+            this->textOpcodes->setPlainText(this->textOpcodes->toPlainText() + QString::number(b, 16).rightJustified(2,'0'));
+        }
+    }
+}
+
+vector<uint8_t> Fasm::asmToOpcodes(QString &assembly) {
+    vector<uint8_t> bytes;
+    unsigned char *encode;
+    size_t count;
+    size_t size;
+    if (ks_asm(ks, assembly.toStdString().c_str(), 0, &encode, &size, &count) != KS_ERR_OK) {
+        this->statusbar->setText("Keystone error " + QString::number(ks_errno(ks)));
+    } else {
+        size_t i;
+        for (i = 0; i < size; i++) {
+            bytes.push_back(encode[i]);
+        }
+        this->statusbar->setText("Compiled: " + QString::number(size) + " bytes | Statements: " + QString::number(count) + " | Bytes: " + QString::number(bytes.size()));
+      }
+
+      ks_free(encode);
+      return bytes;
+}
+
+Fasm::~Fasm() {
+    ks_close(ks);
+}
+
+void Fasm::on_btnSetAsm_click() {
+    this->loadKeystone();
+}
+
+void Fasm::on_btnSetDisasm_click() {
+    this->loadCapstone();
+}

src/fasm.cpp

@@ -0,0 +1,49 @@
+#ifndef FASM_H
+#define FASM_H
+
+#include <QMainWindow>
+#include <QWidget>
+#include <QGridLayout>
+#include <QTextEdit>
+#include <QDebug>
+#include <keystone/keystone.h>
+#include <capstone/capstone.h>
+#include <QLabel>
+#include <vector>
+#include <QComboBox>
+#include <QPushButton>
+#include <QByteArray>
+
+#define TEXTEDIT_STYLE "QTextEdit { background-color: #17120f; color: #ebe5e1; font-size: 16px; font-family: monospace; }"
+
+using namespace std;
+
+class Fasm : public QMainWindow
+{
+    Q_OBJECT
+private:
+    QComboBox *cmbArch;
+    QComboBox *cmbMode;
+    QLabel *statusbar;
+    ks_engine *ks;
+    csh cs;
+    QTextEdit *textAsm;
+    QTextEdit *textOpcodes;
+    ks_arch karch;
+    ks_mode kmode;
+    cs_arch carch;
+    cs_mode cmode;
+    vector<uint8_t> asmToOpcodes(QString &assembly);
+    void loadKeystone();
+    void loadCapstone();
+    void updateArchMode();
+public:
+    Fasm(QString bytes);
+    ~Fasm();
+
+public slots:
+    void on_btnSetDisasm_click();
+    void on_btnSetAsm_click();
+};
+
+#endif // FASM_H

src/fasm.h

@@ -77,9 +77,13 @@ Fhex::Fhex(QWidget *parent, QApplication *app, QString filepath)
     QAction *escapeHex = new QAction("&Escape Hex Bytes", this);
     escapeHex->setShortcut(QKeySequence(Qt::Key_F3));
     tools->addAction(escapeHex);
+    QAction *fasm = new QAction(QIcon::fromTheme("map-flat"), "&Assembler/Disassembler", this);
+    fasm->setShortcut(QKeySequence(Qt::Key_F4));
+    tools->addAction(fasm);
 
     connect(hexDec, &QAction::triggered, this, &Fhex::on_menu_hex_dec_converter_click);
     connect(escapeHex, &QAction::triggered, this, &Fhex::on_menu_escape_hex_click);
+    connect(fasm, &QAction::triggered, this, &Fhex::on_menu_fasm_click);
 
     /** End Menu Initialization **/
 
@@ -211,6 +215,7 @@ Fhex::Fhex(QWidget *parent, QApplication *app, QString filepath)
 
     this->statusBar.setText("Fhex loaded");
     this->setCentralWidget(mainWidget);
+    this->fasm = nullptr;
 
     //If a filepath was passed as argument, open it
     if (filepath != "") {
@@ -223,6 +228,18 @@ Fhex::Fhex(QWidget *parent, QApplication *app, QString filepath)
 Fhex::~Fhex()
 {
     delete this->hexEditor;
+    if (this->fasm != nullptr) {
+        delete this->fasm;
+    }
+}
+
+void Fhex::on_menu_fasm_click() {
+    if (fasm != nullptr) {
+        delete fasm;
+        this->fasm = nullptr;
+    }
+    fasm = new Fasm(this->qhex->selectedData());
+    fasm->show();
 }
 
 void Fhex::on_menu_offset_list_click() {

src/fhex.cpp

@@ -49,6 +49,7 @@
 
 #include "qhexedit.h"
 #include "core/hexeditor.h"
+#include "fasm.h"
 
 #define MAX_DIFF_BYTES 3000
 #define DEFAULT_UNPRINTABLE_CHAR "."
@@ -70,6 +71,7 @@ class Fhex : public QMainWindow
     ~Fhex();
 
 private:
+    Fasm *fasm;
     qint64 lastCursorPos = 0;
     qint64 currentCursorPos = 0;
     QChartView *binChartView;
@@ -140,6 +142,7 @@ public slots:
     void on_menu_escape_hex_click();
     void on_binchart_click(const QPointF &p);
     void on_menu_binchart_click();
+    void on_menu_fasm_click();
 
 };