Published on February 22nd, 2015 📆 | 1581 Views ⚑0
Capstone Disassembly Engine v3.0.1 Released
Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
- Multi-architectures: Arm, Arm64 (Armv8), Mips, PowerPC, Sparc, SystemZ, XCore & X86 (include X86_64) (details).
- Clean/simple/lightweight/intuitive architecture-neutral API.
- Provide details on disassembled instruction (called “decomposer” by some others).
- Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
- Implemented in pure C language, with bindings for Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml & Vala available.
- Native support for Windows & *nix (with Mac OSX, iOS, Android, Linux, *BSD & Solaris confirmed).
- Thread-safe by design.
- Special support for embedding into firmware or OS kernel.
- High performance & suitable for malware analysis (capable of handling various X86 malware tricks).
- Distributed under the open source BSD license.
- This version fixes some important issues in the Python binding, so Python users should upgrade their binding. Seebindings/python/README.TXT in source code on to do fresh-reinstall.
- Since this version, our Python package capstone on PyPi can build & install the core at the time of installing Python module, so the external dependency on the core is eliminated.Another new package capstone-windows is available for Windows users who do not want to compile from source, as this package includes prebuilt libraries (for both Win32 & Win64 editions) inside.
See bindings/python/README.TXT for more information on these PyPi modules.
Summary of the important changes of this version.
- Properly handle LOCK, REP, REPE & REPNE prefixes.
- Handle undocumented immediates for SSE’s (V)CMPPS/PD/SS/SD instructions.
- Print LJUMP/LCALL without * as prefix for Intel syntax.
- Handle REX prefix properly for segment/MMX related instructions (x86_64).
- Instruction with length > 15 is consider invalid.
- Handle some tricky encodings for instructions MOVSXD, FXCH, FCOM, FCOMP, FSTP, FSTPNCE, NOP.
- Handle some tricky code for some x86_64 instructions with REX prefix.
- Add missing operands in detail mode for PUSH, POP, IN/OUT reg, reg
- MOV32ms & MOV32sm reference word rather than dword.
- BL & BLR instructions do not read SP register.
- Print absolute (rather than relative) address for instructions B, BL, CBNZ, ADR.
- Instructions ADC & SBC do not update flags.
- BL & BLX do not read SP, but PC register.
- Alias LDR instruction with operands [sp], 4 to POP.
- Print immediate operand of MVN instruction in positive hexadecimal form.
- Fix some compilation bugs when DIET mode is enable.
- Populate SLWI/SRWI instruction details with SH operand.
- Python binding
- Fix a Cython bug when CsInsn.bytes returns a shorten array of bytes.
- Fixed a memory leak for Cython disasm functions when we immaturely quit the enumeration of disassembled instructions.
- Fix a NULL memory access issue when SKIPDATA & Detail modes are enable at the same time.
- Fix a memory leaking bug when when we stop enumeration over the disassembled instructions prematurely.
- Export generic operand types & groups (CS_OP_xxx & CS_GRP_xxx).
More Information: here