1

I'm using the winappdbg library to try and perform a disassemble using the following code:

thread = evt.get_thread()
pc = thread.get_pc()
code = thread.disassemble_around(pc)

where evt is the event context getting passed into an access_violoation method. This is being executed on Windows 10 64bit via 64bit python debugging a 64bit process and using the 64bit capstone install.

There error I'm receiving is:

...
File "C:\Python27\lib\site-packages\winappdbg\disasm.py", line 570, in decode
    mnemonic = instr.mnemonic
File "C:\Python27\lib\site-packages\capstone\__init__.py", line 569, in __getattr__
    raise CsError(CS_ERR_DETAIL)
CsError: Details are unavailable (CS_ERR_DETAIL)

I have tried running some of the capstone examples from here http://www.capstone-engine.org/lang_python.html separately and it works ok.

Any help appreciated on this one :)

Mike
  • 435
  • 3
  • 6
  • Hi! Can you show if the memory pointed to by EIP/RIP is readable? I'm thinking maybe the access violation is caused by the instruction pointer not pointing to valid memory... – MarioVilas Jun 13 '18 at 10:11
  • Hey, so I installed diStorm engine and uninstalled capstone and it worked fine I could get it to disassemble with the same code no prob, awesome library btw :) – Mike Jun 14 '18 at 10:35

1 Answers1

2

I know I'm kind of late to the party, but you could try adding md.details = True to the "C:\Python27\lib\site-packages\winappdbg\disasm.py" file it will work. I stumbled upon this question while having a similiar problem, hope this helps.