Library for implementing decompiled code.
Project description
Gravitum
Gravitum is a library for implementing decompiled code with Python.
Requirements
- Python 3.6+
Installation
$ pip install gravitum
Usage
Gravitum defines some interger types with fixed size. You can use shorthand functions (int8, int16, int32, int64, uint8, uint16, uint32, uint64) to create them.
from gravitum import uint8
v = uint8(0x53)
Pointer operations are common in the decompiled code.
unsigned __int8 data[8] = {71, 114, 97, 118, 105, 116, 117, 109};
unsigned __int8 *p = data;
unsigned __int8 v = p[4];
*((unsigned __int32 *)p + 1) = v;
So Gravitum provides vptr.
from gravitum import vptr
data = bytearray([71, 114, 97, 118, 105, 116, 117, 109])
p = vptr(data, 'uint8')
v = p.add(4).read()
p.cast('uint32').add(1).write(v)
In some cases, decompilers may use their built-in functions in the output. Gravitum implements some of them. You can look up from gravitum.decompiler_builtins.
from gravitum import uint32
from gravitum.decompiler_builtins.ida import ror4
v = uint32(0x53683477)
v = ror4(v, 2)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
gravitum-0.2.1.tar.gz
(9.9 kB
view hashes)
Built Distribution
gravitum-0.2.1-py3-none-any.whl
(10.6 kB
view hashes)
