I have a script in C# that uses the Gee.Capstone package to automate disassembling files. I am not familiar with the whole concept so I just try to do what I need based on online tutorials.
I have a few virtual addresses in the format of range. For example: 0x0122FFB0-0x01230028
When I disassembly the file with another GUI, such as Cutter, I get something like this
0x0122ffb0 stp x20, x19, [sp, -0x20]!
0x0122ffb4 stp x29, x30, [sp, 0x10]
0x0122ffb8 add x29, sp, 0x10
0x0122ffbc ldr x8, [x0, 8] ; fcn.00000008
0x0122ffc0 mov x19, x0
0x0122ffc4 orr w1, wzr, 2
0x0122ffc8 mov x2, xzr
0x0122ffcc ldr x20, [x8]
0x0122ffd0 mov x0, x20
0x0122ffd4 bl fcn.0304bf80
0x0122ffd8 mov x0, x20
.....
0x0122fffc ldr x8, [x19, 8] ; fcn.00000008
I want to get the value 2 from orr w1, wzr, 2. In general, the values I want are always in the format of orr w1, wzr X, but it's not always in the same order in the range of the two addresses.
Assuming that I have a list with all the ranges, is there any way to identify the row I need and grab the X value?
The closer I have been is this
private static CapstoneX86Disassembler asm = CapstoneX86Disassembler.CreateX86Disassembler(X86DisassembleMode.Bit64);
var obj = asm.Disassemble(att.GetMethodBody(), (long)att.VirtualAddress.Start);
where the att is the object I have stored the ranges of the Virtual Addresses with the Start and the End of it. However, I cannot find any way to get the info I need from the obj object then.
Edit: It is not necessary to keep using Capstone. If there is a solution to get that with another package, I am ok with it.
