How do you get the opcodes for an instruction using the API?

[psifertex]

Got this question via web-chat and I figured I'd post it here for others to benefit from.

[psifertex]

There's two main ways you could do this. First if you just want opcodes for a generic instruction you can use the built-in assembler, like:

>>> bv.arch.assemble("mov eax, eax")
b'\x89\xc0'

Or if you don't have an open binary view, something like:

>>> list(Architecture)
[<arch: aarch64>, <arch: armv7>, <arch: thumb2>, <arch: armv7eb>, <arch: thumb2eb>, <arch: mipsel32>, <arch: mips32>, <arch: ppc>, <arch: ppc64>, <arch: ppc_le>, <arch: ppc64_le>, <arch: x86_16>, <arch: x86>, <arch: x86_64>, <arch: msp430>, <arch: m16c>, <arch: M68000>, <arch: M68008>, <arch: M68010>, <arch: M68020>, <arch: M68030>, <arch: M68040>, <arch: M68LC040>, <arch: M68EC040>, <arch: M68330>, <arch: M68340>]
>>> Architecture['armv7'].assemble('nop').hex()
'00f020e3'

Note that there's an optional second parameter for the assemble api.

Second, if you're looking to find the opcode of an existing instruction with a binary, you'd use something like:

>>> bv.read(here, bv.get_instruction_length(here))
b'\xc7\x05\xec\xd3F\x00\x01\x00\x00\x00'

In that example, I'm combining the BinaryView read with the get_instruction_length API to determine how much to read. Also, I'm taking advantage of the here alias available to the scripting console when you have an address selected, but you could easily replace the address with one you got via some other mechanism.

Note that I do NOT recommend using the get_disassembly API along with the assemble API as that can have trouble with relative code-references on some architectures.

[ghost]

Thank you for the answers.
I found another way to get the opcode for instructions in blocks which is get_disassembly_text.
Can I use this API if I want the opcode for the whole block?

config = DisassemblySettings() 
config.set_option(DisassemblyOption.ShowOpcode)
current_basic_block.get_disassembly_text(config)

The output will be something like this:

[<0x27b4: tls1_process_heartbeat:>,
<0x27b4: fa67bba9   stp     x26, x25, [sp, #-0x50 {__saved_x26} {__saved_x25}]!>,
<0x27b8: f85f01a9   stp     x24, x23, [sp, #0x10 {__saved_x24} {__saved_x23}]>,
<0x27bc: f65702a9   stp     x22, x21, [sp, #0x20 {__saved_x22} {__saved_x21}]>,
<0x27c0: f44f03a9   stp     x20, x19, [sp, #0x30 {__saved_x20} {__saved_x19}]>,
<0x27c4: fd7b04a9   stp     x29, x30, [sp, #0x40 {__saved_x29} {__saved_x30}]>,
<0x27c8: f30300aa   mov     x19, x0>, <0x27cc: 694240f9   ldr     x9, [x19, #0x80]>,
<0x27d0: 684e40f9   ldr     x8, [x19, #0x98]>,
<0x27d4: fd030191   add     x29, sp, #0x40 {__saved_x29}>,
<0x27d8: 349940f9   ldr     x20, [x9, #0x130]>,
<0x27dc: 95024039   ldrb    w21, [x20]>,
<0x27e0: 98064039   ldrb    w24, [x20, #0x1]>,
<0x27e4: 990a4039   ldrb    w25, [x20, #0x2]>,
<0x27e8: 280100b4   cbz     x8, 0x280c>]

The second column is opcodes.