Questions tagged [capstone]

Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Overview

Capstone is a lightweight multi-platform, multi-architecture disassembly framework. It is written in C, and provided as an open-source project.
Current version is 2.1.2.

Features

Support multi-architectures: Arm, Arm64 (Armv8), Mips, PowerPC, Sparc, SystemZ, XCore & Intel (details).
Clean/simple/lightweight/intuitive architecture-neutral API.
Provide details on disassembled instruction
Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
Implemented in pure C language, with bindings for Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml & Vala available.
Native support for Windows & *nix (with Mac OSX, iOS, Android, Linux, *BSD & Solaris confirmed).
Thread-safe by design.
Special support for embedding into firmware or OS kernel.
Distributed under the open source BSD license.

Related tags

c disassembling

Links

Capstone homepage
GitHub project

38 questions

votes

0 answers

SSE instruction addressing methods and operand types in virtual real mode / real mode / 16-bit protected mode

I'm trying to figure out some of the SSE instruction set's operand types in virtual real mode / real mode / 16-bit protected mode. For example let's take the following instruction: 66 0F 38 01 /r PHADDW xmm1, xmm2/m128 The destination operand is…

assembly x86 sse disassembly capstone

asked Dec 24 '22 at 23:21

Jorayen

1,737
2
21
52

votes

1 answer

Capstone cs_disasm disassembly only small portion of code

I'm experimenting with http://www.capstone-engine.org on MacOS and MacOS x86_64 binary. It more or less does work, however i do have 2 concerns. I'm loading test dylib [self custom_logging:[NSString stringWithFormat:@"Module…

c++ c reverse-engineering disassembly capstone

asked Aug 27 '17 at 21:56

user4151125

votes

0 answers

get opcode of instruction in capstone python

I understand that the opcodes are provided by myself to capstone for disassembly, but I would like to know what opcode was disassembled to get the provided instruction. Unfortunately, I couldn't find what key of capstone.CsInsn is called to get the…

python capstone

asked Nov 04 '21 at 03:27

hashy

votes

3 answers

How can I obtain a PE file's instructions using Python?

So I'm trying to write a basic disassembler for a school project using Python. I'm using the pydasm and capstone libraries. What I don't understand is how I can actually access the assembly instructions of a program using Python. These libraries…

python portable-executable capstone

asked Apr 20 '15 at 00:39

Asa Hunt

vote

2 answers

What does MSL do in the ARM instruction MOVI . #, MSL #amount

I am confused about the operation MSL, which is used in a variant of the MOVI and MVNI instructions. There's not a lot of information out there, but I have seen it referred to as "Masking Shift Left". Could anyone give an example of what a masking…

assembly arm arm64 armv8 capstone

asked Jul 19 '22 at 09:00

confusedandsad

vote

2 answers

Converting date-time format for large dataset

I am trying to create a table into BigQuery by importing a file. In that file the date-time format is like this 4/12/2016 12:00:00 AM. BigQuery is not creating a table because of AM. To change that format I tried spreadsheet but it couldn't handle…

sql google-bigquery data-analysis spreadsheet capstone

asked Jun 02 '22 at 02:59

siddhesh daphane

vote

0 answers

how to detect when capstone skipped data?

Say, I have the following opcodes \x12\x02\x88\x3C\xDF\xA1\x29\xC7\x74\x08\xDF\xE3. In these opcodes \xDF\xE3 is invalid instructions. So, I call capstone's disassembly to disassemble these instructions for me. My question is, is there a way to know…

python capstone

asked Jan 14 '22 at 23:25

neehack

vote

0 answers

Get specific value from disassembled file in C# .Net

I have a script in C# that uses the Gee.Capstone package to automate disassembling files. I am not familiar with the whole concept so I just try to do what I need based on online tutorials. I have a few virtual addresses in the format of range. For…

c# disassembly capstone

asked Jun 15 '21 at 20:20

Tasos

7,325
18
83
176

vote

1 answer

I am having problem with sklearn.cluster and KMeans

enter image description here This is the issue I am having for now

cluster-computing k-means sklearn-pandas drop capstone

asked Jul 17 '20 at 18:13

Sevki

vote

1 answer

Capstone switching from ARM to THUMB dynamically

I'm trying to write a simple script to disassemble ARM/THUMB bytecode. It's very common in ARM to switch from one mode to another, and therefore it's quite crucial that the disassembler be able to follow that. I'm having trouble with it, even though…

python arm capstone

asked Feb 24 '20 at 11:22

Dominus

vote

0 answers

Grabbing data field by field and putting it into a Hashtable, trying to grab cols 3,4,5 and pair them with percentile via CSV file

import java.io.BufferedReader; import java.io.File; import java.io.FileReader; import java.io.IOException; import java.io.Reader; import java.io.StringReader; import java.util.ArrayList; import java.util.Hashtable; import…

java graph capstone

asked Dec 07 '19 at 17:37

pip

vote

1 answer

How to link against Capstone using CMake?

I'm trying to use the Capstone disassembly framework in a C++ project on Ubuntu. I ran the following command to install the development package: sudo apt-get install libcapstone-dev This installed the includes in /usr/include/capstone but when I…

c++ ubuntu cmake capstone

asked Oct 21 '19 at 23:29

BullyWiiPlaza

17,329
10
113
185

vote

1 answer

Error when trying to disassemble with winappdbg using captsone

I'm using the winappdbg library to try and perform a disassemble using the following code: thread = evt.get_thread() pc = thread.get_pc() code = thread.disassemble_around(pc) where evt is the event context getting passed into an access_violoation…

python python-2.7 disassembly capstone

asked Jun 11 '18 at 19:57

Mike

vote

1 answer

subprocess.Popen eats memory while on loop

I wrote a python script to help me automate a project I'm working on. It executes a Capstone subprocess in a loop, since I couldn't get the binding to install at the time, reading 4 bytes from a binary file and passing it as the Capstone input. The…

python subprocess capstone

asked Apr 09 '18 at 22:29

Irrationality

vote

0 answers

calculate target address for mips jalr

I have the following assembly code disassembled using capstone. I started with entry point obtained from header. .text : 4195648 ... ... 0x400584L lui $t9, 0x40 0x400588L addiu $t9, $t9, 0xba0 0x40058cL jalr $t9 How do I find which address jalr is…

mips elf disassembly capstone

asked Oct 21 '16 at 05:20

hilly

2 3 Next