Capstone disassembly/disassembler framework: Core + bindings.

Overview

Capstone Engine

Build Status Build status pypi package pypi downloads


We moved the original historical repo of Capstone from https://github.com/aquynh/capstone to an organization, where we can add more maintainers to the project, and push Capstone development forward.

Our new home is https://github.com/capstone-engine/capstone

Nov 8th, 2021.


Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.

Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features:

  • Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).

  • Having clean/simple/lightweight/intuitive architecture-neutral API.

  • Provide details on disassembled instruction (called “decomposer” by others).

  • Provide semantics of the disassembled instruction, such as list of implicit registers read & written.

  • Implemented in pure C language, with lightweight bindings for D, Clojure, F#, Common Lisp, Visual Basic, PHP, PowerShell, Emacs, Haskell, Perl, Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml, Lua, Rust, Delphi, Free Pascal & Vala (ready either in main code, or provided externally by the community).

  • Native support for all popular platforms: Windows, Mac OSX, iOS, Android, Linux, *BSD, Solaris, etc.

  • Thread-safe by design.

  • Special support for embedding into firmware or OS kernel.

  • High performance & suitable for malware analysis (capable of handling various X86 malware tricks).

  • Distributed under the open source BSD license.

Further information is available at http://www.capstone-engine.org

Compile

See COMPILE.TXT file for how to compile and install Capstone.

Documentation

See docs/README for how to customize & program your own tools with Capstone.

Hack

See HACK.TXT file for the structure of the source code.

License

This project is released under the BSD license. If you redistribute the binary or source code of Capstone, please attach file LICENSE.TXT with your products.

Comments
  • Single Instruction Disassembly

    Single Instruction Disassembly

    Capstone is the best disassembler I've found till now. I'm going to develop a program to disassemble an ELF file (maybe even PE, but not soon) in a control flow form using it. So I only need capstone to disassemble a single instruction at a time and judge the next instruction to disassemble. Current function you provide requires too much memory (enough for 32 instructions) each time I call it. So it would be helpful if you provide a feature that the memory for one single instruction is allocated each time the function is called.

    opened by thomasding 151
  • New APIs for better performance - by pre-allocting memory

    New APIs for better performance - by pre-allocting memory

    Here is a proposal to speed up the disassembling process by pre-allocating memory used for the output instructions.

    https://github.com/aquynh/capstone/wiki/New-APIs:-cs_disasm_alloc()-&-cs_disasm_buf()

    Please comment, thanks.

    opened by aquynh 114
  • issues of M68k

    issues of M68k

    attention: @emoon & @nplanel

    i fixed some problems with M68K code here https://github.com/aquynh/capstone/commit/ac63d5b9951e0f94c117232a74874a3ff36a7eec. one notable issue: we should declare variables in the beginning of the functions or blocks to make C99 compilers happy (example is older MSVC compilers)

    another major issue is: we cannot declare static variables like https://github.com/aquynh/capstone/blob/m68k/arch/M68K/M68KDisassembler.c#L63 or https://github.com/aquynh/capstone/blob/m68k/arch/M68K/M68Kdasm.c#L194. The problem will show when 2 instances of M68K engines run at the same time, and in this case these instances will share the same static data leading to a mess.

    To solve this problem, please see how other archs passing around variables via function arguments (such as MCInst). In some special cases, if there is no better choice, it is possible to store these variables into struct MCInst (https://github.com/aquynh/capstone/blob/m68k/MCInst.h#L92) or cs_struct (https://github.com/aquynh/capstone/blob/m68k/cs_priv.h#L51)

    opened by aquynh 110
  • RISCV support ISRV32/ISRV64

    RISCV support ISRV32/ISRV64

    This is based on PR#1198 and LLVM upstream commit b81d715c(Sat Feb 16 18:39:14 2019). Also referenced the SyestemZ TableGen patchs. I also add the TableGen patch at capstone/contrib/update_riscv.

    opened by fanfuqiang 101
  • cs-next llvm update

    cs-next llvm update

    After upgrading r2 to capstone-next I discovered a bunch of regressions:

    • [x] ARM64_VESS is no longer there
    • [x] On X86: X86_INS_FADDP X86_INS_UD2B X86_INS_FADD
    • [x] 83 broken tests in the r2 testsuite https://api.travis-ci.org/v3/job/518226592/log.txt

    I will update this issue with more regressions if found, could you confirm if thoes missing enums are on purpose?

    Related PR https://github.com/radare/radare2/pull/13688

    opened by radare 82
  • MIPS disassembler problems

    MIPS disassembler problems

    Compare the outputs of gnu disassembler and capstone:

    • No relative offsets supported? 0x00080430
    • Invalid instructions disassembled as correct? 0x00080474
    • Show offsets instead of ‘invalid’? 0x0008046c
    • Negative hexadecimal values? 0x0008044c
    [0x00080430]> e asm.arch=mips.gnu
    [0x00080430]> pd 20
       ;      [6] va=0x00080430 pa=0x00000430 sz=176 vsz=176 rwx=-r-x .text
           ,  ;-- section..text:
           ,=< 0x00080430    01001104     bal 0x00080438
           |   0x00080434    00000000     nop
           `-> 0x00080438    01001c3c     lui gp, 0x1
               0x0008043c    e88b9c27     addiu gp, gp, -29720
               0x00080440    21e09f03     addu gp, gp, ra
               0x00080444    2120a003     move a0, sp
               0x00080448    21280000     move a1, zero
               0x0008044c    1880868f     lw a2, -32744(gp)
               0x00080450    1c80878f     lw a3, -32740(gp)
               0x00080454    6804e724     addiu a3, a3, 1128
               0x00080458    e0ffbd27     addiu sp, sp, -32
               0x0008045c    2080998f     lw t9, -32736(gp)
               0x00080460    08002003     jr t9
               0x00080464    00000000     nop
               0x00080468    00100800     sll v0, t0, 0x0
               0x0008046c    08100800     sym.__INIT_ARRAY__
               0x00080470    10100800     sym.__FINI_ARRAY__
               0x00080474    18100800     sym.__CTOR_LIST__
               0x00080478    00000000     nop
               0x0008047c    00000000     nop
    [0x00080430]> e asm.arch=mips
    [0x00080430]> pd 20
       ;      [6] va=0x00080430 pa=0x00000430 sz=176 vsz=176 rwx=-r-x .text
               ;-- section..text:
               0x00080430    01001104     bal 8
               0x00080434    00000000     nop
               0x00080438    01001c3c     lui gp, 1
               0x0008043c    e88b9c27     addiu gp, gp, -0x7418
               0x00080440    21e09f03     addu gp, gp, ra
               0x00080444    2120a003     move a0, sp
               0x00080448    21280000     move a1, zero
               0x0008044c    1880868f     lw a2, -0x7fe8(gp)
               0x00080450    1c80878f     lw a3, -0x7fe4(gp)
               0x00080454    6804e724     addiu a3, a3, 0x468
               0x00080458    e0ffbd27     addiu sp, sp, -section_end..debug_aranges
               0x0008045c    2080998f     lw t9, -0x7fe0(gp)
               0x00080460    08002003     jr t9
               0x00080464    00000000     nop
               0x00080468    00100800     sll v0, t0, 0
               0x0008046c    08100800     invalid
               0x00080470    10100800     invalid
               0x00080474    18100800     mult ac2, zero, t0
               0x00080478    00000000     nop
               0x0008047c    00000000     nop
    [0x00080430]>
    
    opened by radare 70
  • 16bit segment bounds error

    16bit segment bounds error

    Using this test from radare2 capstone returns wrong result:

    NAME="16bit segment bounds - capstone" FILE=malloc://1024k CMDS=' e asm.arch=x86.cs e asm.bits=16 e anal.hasnext=0 wx e9c300 @ f000:ffaa s f000:ffaa pi 1 ' EXPECT='jmp 0xf0070 ' run_test

    bug 
    opened by XVilka 42
  • mips32r2 bugs

    mips32r2 bugs

    1. mtc0 instruction is wrongly decoded (some examples below) capstone objdump 4080e000 mtc0 $zero, $gp, 0 mtc0 zero,c0_taglo 4080e800 mtc0 $zero, $sp, 0 mtc0 zero,c0_taghi 40886000 mtc0 $t0, $t4, 0 mtc0 t0,c0_status

    2. synci instruction is not recognized by capstone capstone objdump 051f0000 .byte 0x00, 0x00, 0x1f, 0x05 synci 0(t0)

    3. jump instructions wrongly decode target address(j, jal). This instructions are not absolute (the new address is computed by taking the upper 4 bits of the PC, concatenated to the 26 bit immediate value shifted left by two, and the lower two bits are 00, so the address created remains word-aligned.) capstone objdump 0x9404040c: 09010216 j 0x4040858 j 94040858

    As as side note - I couldn't find any documentation about capstone internals so I could fix thouse bugs myself without huge effort.

    opened by wodz 31
  • m68k: data race initializing global g_instruction_table in build_opcode_table()

    m68k: data race initializing global g_instruction_table in build_opcode_table()

    The global array g_instruction_table init in M680XDisassembler.c:build_opcode_table() is a race condition.

    Declaration: https://github.com/aquynh/capstone/blob/de952a3e5a519b4a0d0dd2ef921a755891860ca6/arch/M68K/M68KDisassembler.c#L250-L251

    Initialization: https://github.com/aquynh/capstone/blob/de952a3e5a519b4a0d0dd2ef921a755891860ca6/arch/M68K/M68KDisassembler.c#L3787-L3827

    This caused problems while working on the Rust language bindings. The tests are run in parallel: - PR: https://github.com/capstone-rust/capstone-rs/pull/60 - Travis CI failure: https://travis-ci.org/capstone-rust/capstone-rs/jobs/498529801#L623

    Possible solutions:

    • Introduce synchronization in build_opcode_table()
      • Would require adding a threading library dependency (like pthread)
    • Declare array with appropriate values statically
      • Most efficient (run time) method
      • Does not add extra dependencies or change API
      • Requires deeper knowledge of m68k code
      • May require writing a script to generate C declaration
    • Introduce capstone_init() function that must be called before any other Capstone functions
      • API breaking change
      • Less ergonomic for users
    • Move the global variable into the private cs_struct
      • Less efficient: wastes time initializing and memory

    Similar past issue: #1171

    opened by tmfink 30
  • Eliminates run-time initialization of global variables (fixes race condition)

    Eliminates run-time initialization of global variables (fixes race condition)

    Declare global arch arrays with contents.

    This eliminates the need for archs_enable() and eliminates the racey initialization.

    Fixes #1168.

    Progress:

    • [X] declare global arrays with values
    opened by tmfink 30
  • Segmentation fault (2.1.2)

    Segmentation fault (2.1.2)

    I've compiled test binaries with specific options: http://pastebin.com/BxddKQSd

    All test* binaries crashes with "segmentation fault" error message. Still need to investigate what's going on here

    opened by blshkv 30
  • ARM: cs_regs_access Missing Some Read Registers

    ARM: cs_regs_access Missing Some Read Registers

    Hello. Given the following ARM v7R instruction, e9 2d 10 00. It is correctly dissembled to stmdb sp!, {ip}. On Capstone 4.0.1, cs_regs_access correctly returns sp, and ip as read registers. On Capstone 4.0.2 however, only sp is returned.

    This was reported as a Capstone.NET issue if you would like more information. I am pretty sure I have ruled it out as a binding issue though.

    Thanks in advance.

    opened by 9ee1 0
  • expose tablegen API

    expose tablegen API

    I am writting a cryptanalysis library. I need to get statistics on opcodes repartition on the code. So I need to generate any valid assembled <-> disassembled instructions on a BiBTreeMap in rust.

    I need to implement bindings for tablegen to this library : https://github.com/capstone-rust/capstone-rs/ and I imagine the library author needs an exposed library first.

    Could you assign me to this issue please?

    The files I want to edit are here: https://github.com/capstone-engine/capstone/tree/next/suite/synctools/tablegen

    opened by gogo2464 1
  • Add support for VE architecture

    Add support for VE architecture

    VE is the ISA of NEC Vector Engine cards. This architecture has a really nice orthogonal ISA. The assembler syntax is documented here. An LLVM compiler exists and parts have been merged upstream.

    I attempt to add the arch in this branch: https://github.com/freemin7/capstone/tree/vector-engine I had chats with people and was advised against the tablegen approach. Overall i am lost where to start though. There are some ISAs which do not take the table gen approach, however their approaches are varied and i am not sure whether there is a good reason to prefer one over another.

    opened by freemin7 0
  • Including new instructions from LLVM

    Including new instructions from LLVM

    Newer architecture with new instructions gets included to LLVM and LLVM-MC by the manufacturer. I'm finding that Capstone does not support the new instructions, some are few years old.

    Wondering what's the process of updating LLVM-MC and including the new instructions to capstone?

    opened by rmnattas 9
  • ARM Thumb: disassembly for BL instruction resolves incorrect immediate value.

    ARM Thumb: disassembly for BL instruction resolves incorrect immediate value.

    capstone v4.0.2 installed from pip (Mac OSX 12.6 and Ubuntu 20.04)

    It seems like the ARM Thumb BL immediate values are being incorrectly decoded.

    Manually decoding the instruction b"\xff\xf7\xad\xff" ought to yield bl 0xffffff5a, however, capstone gives the following:

    >>> from capstone import *
    >>> from capstone.arm_const import *
    >>> cs = Cs(CS_ARCH_ARM, CS_MODE_THUMB)
    >>> insn = next(cs.disasm(b"\xff\xf7\xad\xff", 4))
    >>> insn
    <CsInsn 0x4 [fff7adff]: bl #0xffffff62>
    

    I have tried with some other bl instructions and the immediate values are also off by 8.

    opened by rchtsang 2
Releases(5.0-rc2)
  • 5.0-rc2(Feb 28, 2022)

  • 5.0-rc1(Feb 27, 2022)

    New features:

    • Add arch BPF (#1388)
    • Add arch RISCV (#1401)
    • Add arch WASM (#1359)
    • PyPI workflow (#1645)
    • Option to generate install target (#1698 #1700)
    • Swift binding (#1707)
    • Add CI Test support (#1797)
    • Add benchmark (#1811)

    Improvements:

    • Add fixups for aarch64 instructions (#1632 #1655)
    • Add fixups for x86 instructions (#1644 #1657 #1689 1751)
    • Add fixups for m68k instructions (#1663 #1709)
    • Add fixups for m680x instructions (#1695)
    • Add fixups for mips instructions (#1674)
    • Add fixups for mos65xx instructions (#1702)
    • Add fixups for systemz instructions (#1679)
    • Add fixups for risc-v instructions (#1682 #1690 #1691)
    • Add fixups for ppc instructions (#1687 #1688)
    • Add cmake config and export targets (#1637)
    • Fix issues in Makefiles (#1639)
    • Fix issues about cmake builds (#1649 #1659)
    • MSVC tooling updates (#1651)
    • Fix crash when using skipdata with NULL mnemonic(#1703)
    • Fix python only use ascii character (#1704)
    • Add support for aarch64 distributions (#1720)
    • Fix registry access for several versions of pop such as POPDS, POPSS, etc. (#1725)
    • Fix registry access on cmov instructions (#1727)
    • Fix -Wstringop-truncation warnings (#1730)
    • Fix always return the same type from regs_read (#1736)
    • Fix inconsistent behavior of Mips_option() (#1744)
    • Fix pythonic bug (#1745)
    • Fixes the (pip) Python Module build on FreeBSD (#1750)
    • Enable detection and build on all BSD systems (#1753)
    • Fix the displacement offset for moffset-encoded operands (#1754)
    • Update cmake_minimum_required to version 2.8.12 (#1756)
    • Fixed typos in compilation steps (#1762)
    • Fix build android (#1765)
    • Support disassembling bytes from memoryview (#1773)
    • Fixed library extension to build properly under CYGWIN (#1791)
    • Add Capstone Engine Documentation (#1794)
    • Fix eflags effects for adc/sbb (#1798)
    • Update x86 operand access information (#1801)
    • CI automatically build release tarball (#1802)
    • Dont format sstreams when there's nothing to format (#1805)
    • Fix warning about Unused variables (#1815)
    • Fix insn initialization when instruction have no operands or have a prefix (#1816)
    • Avoid abort() if x86 not supported (#1818)
    • Fix unterminated string regression (#1819)
    • Fixed incorrect operand access on x86 instruction vmovdqu (#1823)

    Contributors:

    • @ekilmer
    • @mcmtroffaes
    • @sh1r4s3
    • @emoon
    • @chfl4gs
    • @heshpdx
    • @hmoenck
    • @cyanpencil
    • @NicolasDerumigny
    • @trofi
    • @maximumspatium
    • @junchao-loongson
    • @carenas
    • @notyourusualaccountname
    • @rth7680
    • @StalkR
    • @aeflores
    • @TobiasFaller
    • @XVilka
    • @meme
    • @zydeco
    • @catenacyber
    • @michalsc
    • @urbas
    • @keenk
    • @kazarmy
    • @learn-more
    • @veritas501
    • @trufae
    • @cederom
    • @Quentin01
    • @jranieri-grammatech
    • @scribam
    • @huettenhain
    • @LBJ-the-GOAT
    • @wheremyfoodat
    • @Jaysonicc
    • @huettenhain
    • @syscl
    • @bezita
    • @Smartsmurf
    • @tmfink
    • @kazarmy
    • @rofl0r
    • @bSr43
    • @wtdcode
    • @dropTableUsers42
    • @carenas
    • @owlxiao
    • @Mxz297
    • @SpikeI
    • @catenacyber
    • @david942j
    • @fanfuqiang
    • @aquynh
    • @kabeor
    Source code(tar.gz)
    Source code(zip)
    capstone-5.0-rc1.tar.xz(3.41 MB)
    capstone-5.0-rc1.tar.xz.sha256(90 bytes)
  • 4.0.2(May 8, 2020)

    Release 4.0.2 is a stable release version, with bugfixes in the core & some bindings.

    Core

    • Windows kernel-mode driver support
    • Fix installation path on FreeBSD and DragonFly

    cstool

    • Add armv8, ppc32 & thumbv8 modes
    • Print instruction ID

    X86

    • Support CS_OPT_UNSIGNED for ATT syntax
    • Fix operand size for some instructions
    • Fix LOCK prefixes
    • Recognize xacquire/xrelease prefix
    • Fix call/jmp access mode of mem operand
    • Add ENDBR32, ENDBR64 to reduce mode
    • Other minor fixes

    ARM64

    • Support CS_OPT_UNSIGNED
    • Fix register access flags for memory instructions
    • Fix UMOV vess

    ARM

    • Update writeback for STR_POST_REG

    M68K

    • Store correct register value in op.reg_pair

    PowerPC

    • BDZLA is absolute branch

    SystemZ

    • Fix truncated 64bit imm operand
    • Fix base/index printing

    Python

    • Fix skipdata struct being destroyed
    • Add repr for capstone.CsInsn

    Java

    • Fix Java bindings to use pointers instead of longs

    Ocaml

    • Fix x86_op record
    Source code(tar.gz)
    Source code(zip)
    capstone-4.0.2-win32.zip(2.72 MB)
    capstone-4.0.2-win64.zip(2.73 MB)
  • 4.0.1(Jan 10, 2019)

    This release fixes some minor bugs of v4.0, as well as introduces some improvements for Python binding.

    [ Core ]

    • Fix some issues for packaging (Debian, Gentoo).
    • Better support for building with Mingw.
    • cstool has new option -s to turn on skipdata mode.
    • cstool -v now report build settings of the core.
    • Add suite/capstone_get_setup.c so users can integrate with their own code to retrieve Capstone settings at build time.

    [ Arm ]

    • Fix 4.0 regression: the tbh [r0, r1, lsl #1] instruction sets the operand.shift.value back again.
    • Remove ARM_REG_PC group for BX instruction.

    [ X86 ]

    • Fix: endbr32 and endbr64 instructions are now properly decoded in both CS_MODE_32 and CS_MODE_64.

    [ M680X ]

    • Fix some issues reported by clang-analyzer.

    [ Python ]

    • Fix skipdata setup.
    • Add getter/setter for skipdata_mnem, skipdata_callback.
    Source code(tar.gz)
    Source code(zip)
    capstone-4.0.1-win32.zip(2.82 MB)
    capstone-4.0.1-win64.zip(2.90 MB)
  • 4.0(Dec 18, 2018)

    [ Core ]

    • New APIs: cs_regs_access()
    • Add new options for cs_option(): CS_OPT_MNEMONIC & CS_OPT_UNSIGNED & CS_OPT_SYNTAX_MASM.
    • Various updates & bugfixes for all architectures.
    • Add 4 new architectures: EVM, M68K, M680X & TMS320C64x.
    • Add new group types: CS_GRP_PRIVILEGE & CS_GRP_BRANCH_RELATIVE.
    • Add new error types: CS_ERR_X86_MASM.

    [ X86 ]

    • Add XOP code condition type in x86_xop_cc.
    • Add some info on encoding to cs_x86 in cs_x86_encoding.
    • Add register flags update in cs_x86.{eflags, fpu_flags}
    • Change cs_x86.disp type from int32_t to int64_t.
    • Add new groups: X86_GRP_VM & X86_GRP_FPU.
    • Lots of new instructions (AVX)

    [ ARM64 ]

    • Add instruction ARM64_INS_NEGS & ARM64_INS_NGCS.

    [ Mips ]

    • Add mode CS_MODE_MIPS2.

    [ PPC ]

    • Change cs_ppc_op.imm type from int32_t to int64_t.
    • Add new groups: PPC_GRP_ICBT, PPC_GRP_P8ALTIVEC, PPC_GRP_P8VECTOR & PPC_GRP_QPX.
    • Lots of new instructions (QPX among them)

    [ Sparc ]

    • Change cs_sparc_op.imm type from int32_t to int64_t.

    [ Binding ]

    • New bindings: PowerShell & VB6
    Source code(tar.gz)
    Source code(zip)
    capstone-4.0-win32.zip(2.81 MB)
    capstone-4.0-win64.zip(2.90 MB)
  • 3.0.5(Jul 18, 2018)

    [ Core ]

    • Fix the include path for Android builds when building cstool.
    • Add posibility to disable universal build for Mac OS.
    • cstool: Separate instruction bytes by spaces.
    • Fix code path of pkg-config in Cmake.
    • Update XCode project for XCode 9.1.
    • Add Cortex-M support to cstool.
    • Cmake forces to be build using MT with MSVC.
    • Better support for Mac OS kernel.

    [ X86 ]

    • Fix some issues in handling EVEX & VEX3 instructions.
    • Fix immediate operand for AND instruction in ATT mode.
    • Fix ATT syntax when imm operand is 0.
    • Better handle XACQUIRE/XRELEASE.
    • Fix imm operand of RETF.

    [ ARM ]

    • Fix an integer overlow bug.

    [ ARM64 ]

    • Bug fix for incorrect operand type in certain load/store instructions.

    [ Mips ]

    • Mode CS_MODE_MIPS32R6 automatically sets CS_MODE_32

    [ PPC ]

    • Fix endian check.

    [ Sparc ]

    • Fix an integer overlow bug.

    [ SystemZ ]

    • Fix an integer overlow bug.

    [ Python binding ]

    • Raise error on accessing irrelevant data fields if skipdata & detail modes are enable.
    Source code(tar.gz)
    Source code(zip)
    capstone-3.0.5-python-win32.msi(816.00 KB)
    capstone-3.0.5-python-win64.msi(1.37 MB)
    capstone-3.0.5-win32.zip(2.33 MB)
    capstone-3.0.5-win64.zip(2.37 MB)
  • 3.0.5-rc3(Jul 31, 2017)

    Changelog:

    Core

    • Fix compilation for MacOS kernel extension
    • cstool to support armbe and arm64be modes
    • Add nmake.bat for Windows build
    • Fix an integer overflow for Windows kernel driver
    • Support to embedded Capstone into MacOS kernel
    • cstool: fix mips64 mode
    • Fix a compiling error in MS Visual Studio 2015
    • Install pkgconfig file with CMake build
    • Fix SOVERSION property of CMake build
    • Properly handle switching to Endian mode at run-time for Arm, Arm64, Mips & Sparc
    • Fix MingW build
    • Better handle CMake installation for Linux 64bit

    X86

    • Support BND prefix of Intel MPX extension
    • Correct operand size for CALL/JMP in 64bit mode with prefix 0x66
    • LOCK NOP is a valid instruction
    • Fix ATT syntax for instruction with zero offset segment register
    • LES/LDS are invalid in 64bit mode
    • Fix number of operands for some MOV instructions

    ARM

    • Fix POP reg to update SP register
    • Update flags for UADD8 instruction

    ARM64

    • Better performance with new lookup table
    • Handle system registers added in ARMv8.1/2

    Visual Basic binding

    • New binding
    Source code(tar.gz)
    Source code(zip)
  • 4.0-alpha5(Apr 17, 2017)

  • 4.0-alpha4(Jan 8, 2017)

  • 4.0-alpha3(Jul 20, 2016)

  • 3.0.5-rc1(Jul 26, 2016)

    Changelog:

    Core

    • better support for embedding Capstone into Windows kernel drivers
    • support to embedded Capstone into MacOS kernel
    • support MacOS 10.11 and up
    • better support for Cygwin
    • support build packages for FreeBSD & DragonflyBSD

    X86

    • some random 16-bit code can be handled wrongly.
    • remove abundant operand type X86_OP_FP
    • fix instructions MOVQ, LOOP, LOOPE, LOOPNE, CALL/JMP rel16, REPNE LODSD, MOV *AX, MOFFS, FAR JMP/CALL

    ARM

    • properly handle IT instruction
    • fix LDRSB

    Sparc

    • fix POPC instruction

    Python binding

    • Better PyPy support
    • add version
    • better support for Python 3

    Java binding

    • better handle input with invalid code
    Source code(tar.gz)
    Source code(zip)
  • 4.0-alpha2(Jul 15, 2015)

  • 3.0.4(Jul 15, 2015)

    ChangeLog

    Library:

    • Improve cross-compile for Android using Android NDK.
    • Support cross-compile for AArch64 Android (with Linux GCC).
    • Removed osxkernel_inttypes.h due to license issue (incompatible with BSD license).
    • Now it is possible to compile with CC having a space inside (such as "ccache gcc")

    X86:

    • Fix a null pointer dereference bug on handling code with special prefixes.
    • Properly handle AL/AX/EAX operand for OUT instruction in AT&T syntax.
    • Print immediate operand in positive form in some algorithm instructions.
    • Properly decode some SSE instructions.

    PowerPC:

    • Fixed some memory corruption bugs.

    Mips:

    • Fixed instruction ID of SUBU instruction.
    • Fixed a memory corruption bug.

    Arm:

    • Fixed a memory corruption bug on IT instruction.

    XCore:

    • Fixed a memory corruption bug when instruction has a memory operand.

    Python:

    • Support Virtualenv.
    • setup.py supports option --user if not in a virtualenv to allow for local usage.
    • Properly handle the destruction of Cs object in the case the shared library was already unloaded.
    Source code(tar.gz)
    Source code(zip)
  • 4.0-alpha1(May 25, 2015)

  • 3.0.3(May 8, 2015)

  • 3.0.3-rc1(Apr 28, 2015)

  • 3.0.2(Mar 11, 2015)

  • 3.0.1(Feb 3, 2015)

  • 3.0.1-rc2(Jan 20, 2015)

  • 3.0.1-rc1(Jan 5, 2015)

  • 3.0(Nov 19, 2014)

  • 3.0-rc3(Nov 2, 2014)

  • 3.0-rc2(Oct 16, 2014)

  • 3.0-rc1(Oct 1, 2014)

Owner
Capstone Engine
Capstone disassembly/disassembler framework
Capstone Engine
Capstone disassembly/disassembler framework

Capstone Engine Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the se

Capstone Engine 37 Sep 11, 2022
Automatic Disassembly Desynchronization Obfuscator

desync-cc --- Automatic Disassembly Desynchronization Obfuscator desync-cc is designed as a drop-in replacement for gcc, which applies disassembly des

Ulf Kargén 8 Dec 30, 2022
Visual Studio extension for assembly syntax highlighting and code completion in assembly files and the disassembly window

Asm-Dude Assembly syntax highlighting and code assistance for assembly source files and the disassembly window for Visual Studio 2015, 2017 and 2019.

Henk-Jan Lebbink 4k Jan 6, 2023
2021-Spring-Capstone-Design '전기차 무선 충전 로봇'

2021-Capstone-Design 광운대학교 로봇학부 2021년도 1학기 캡스톤 디자인 '로부스'팀 Repository입니다. 개발 기간 : 2021.3 ~ 2021.6 팀원 구성 팀원 맡은 역할 김범수(팀장) 전체 지휘 총괄 및 일정 조율, Fuzzy 제어기 In

Tae Young Kim 11 Oct 21, 2022
Champlain College Capstone Game 2021-22

fa21-capstone-2021-22-t03 Repository for Fall 2021 Capstone Prototype 1 Project --Git Standards-- Basic Etiquette Since the entire team is working in

null 3 Apr 2, 2022
Arduino core for GD32 devices, community developed, based on original GigaDevice's core

GD32 Arduino Core (New) This is a Arduino core is based off of the original GigaDevice core that was provided by the company in early June 2021 (see h

null 46 Dec 24, 2022
Chromium Embedded Framework with OpenGL Core or SDL2

Chromium Embedded Framework's cefsimple Off-Screen Rendering I needed to use a modifed version of cefsimple using either SDL or OpenGL Core. I tried t

Quentin Quadrat 12 Nov 8, 2022
A distribution of the cFS that includes the cfe-eds-framework which includes NASA's core Flight Executive(cFE) and CCSDS Electronic Data Sheets(EDS) support.

core Flight System(cFS) Application Toolkit(cFSAT) - Beta Release A distribution of the cFS that includes the cfe-eds-framework which includes NASA's

OpenSatKit 13 Jul 3, 2022
LLVM bindings for Node.js/JavaScript/TypeScript

llvm-bindings LLVM bindings for Node.js/JavaScript/TypeScript Supported OS macOS Ubuntu Windows Supported LLVM methods listed in the TypeScript defini

ApsarasX 250 Dec 18, 2022
C# bindings for Sokol using Sokol's binding generator

C# bindings for Sokol using Sokol's binding generator

Michal Strehovský 29 Jan 4, 2023
Android Bindings for QuickJS, A fine little javascript engine.

quickjs-android quickjs-android 是 QuickJS JavaScript 引擎的 Android 接口框架,整体基于面向对象设计,提供了自动GC功能,使用简单。armeabi-v7a 的大小仅 350KB,是 Google V8 不错的替代品,启动速度比 V8 快,内

Wiki 121 Dec 28, 2022
Zig bindings for the excellent CRoaring library

Zig-Roaring This library implements Zig bindings for the CRoaring library. Naming Any C function that begins with roaring_bitmap_ is a method of the B

Justin Whear 15 Dec 13, 2022
Python bindings of silk codec.

Python silk module. --- pysilk --- APIs See test\test.py. import pysilk as m m.silkEncode(buf , 24000) m.silkDecode(buf , 24000) #the first param is b

DCZ_Yewen 16 Oct 11, 2022
rlua -- High level bindings between Rust and Lua

rlua -- High level bindings between Rust and Lua

Amethyst Foundation 1.4k Jan 2, 2023
Ziggified GLFW bindings with 100% API coverage, zero-fuss installation, cross compilation, and more.

mach/glfw - Ziggified GLFW bindings Ziggified GLFW bindings that Mach engine uses, with 100% API coverage, zero-fuss installation, cross compilation,

Hexops 201 Dec 27, 2022
Bindings, from the comfort and speed of C++ and without Qt.

KDBindings Bindings, from the comfort and speed of C++ and without Qt. From plain C++ you get: Signals + Slots. Properties templated on the contained

KDAB 197 Dec 27, 2022
hb-xlib bindings for Harbour language.

hb-xlib hb-xlib is a Harbour module providing bindings for the Xlib graphics library. This project is intended for people who want to start to program

Rafał Jopek 1 Feb 6, 2022
CppADCodeGen with an easy Eigen interface and Python bindings.

CppADCodeGenEigenPy CppADCodeGen with an easy Eigen interface and Python bindings. This project has been tested on Ubuntu 16.04, 18.04, and 20.04. It

Adam Heins 11 May 18, 2022
Node.js bindings for the Mathematical Expression Toolkit

ExprTk.js This is the Node.js bindings for ExprTk (Github) by @ArashPartow ExprTk.js supports both synchronous and asynchronous background execution o

Momtchil Momtchev 8 Dec 12, 2022