Struct Capstone

Source

pub struct Capstone { /* private fields */ }

Expand description

An instance of the capstone disassembler

Create with an instance with .new() and disassemble bytes with .disasm_all().

Implementations§

Source §

impl Capstone

Source

pub fn new() -> CapstoneBuilder

Create a new instance of the decompiler using the builder pattern interface. This is the recommended interface to Capstone.

use capstone::prelude::*;
let cs = Capstone::new().x86().mode(arch::x86::ArchMode::Mode32).build();

Source

pub fn new_raw<T: Iterator<Item = ExtraMode>>( arch: Arch, mode: Mode, extra_mode: T, endian: Option<Endian>, ) -> CsResult<Capstone>

Create a new instance of the decompiler using the “raw” interface. The user must ensure that only sensible Arch/Mode combinations are used.

use capstone::{Arch, Capstone, NO_EXTRA_MODE, Mode};
let cs = Capstone::new_raw(Arch::X86, Mode::Mode64, NO_EXTRA_MODE, None);
assert!(cs.is_ok());

Source

pub fn disasm_iter<'a, 'b>( &'a self, code: &'b [u8], addr: u64, ) -> CsResult<DisasmIter<'a, 'b>>

Disassemble and iterate instructions from user-provided buffer code using cs_disasm_iter. The disassembled address of the buffer is assumed to be addr. It uses less memory and reduces memory allocations.

§Examples

let mut iter = cs.disasm_iter(b"\x90", 0x1000).unwrap();
assert_eq!(iter.next().unwrap().mnemonic(), Some("nop"));
assert!(iter.next().is_none());

§Errors

If cs_malloc failed due to OOM, Err(Error::OutOfMemory) is returned.

Source

pub fn disasm_all<'a>( &'a self, code: &[u8], addr: u64, ) -> CsResult<Instructions<'a>>

Disassemble all instructions in buffer

cs.disasm_all(b"\x90", 0x1000).unwrap();

Source

pub fn disasm_count<'a>( &'a self, code: &[u8], addr: u64, count: usize, ) -> CsResult<Instructions<'a>>

Disassemble count instructions in code

Source

pub fn set_extra_mode<T: Iterator<Item = ExtraMode>>( &mut self, extra_mode: T, ) -> CsResult<()>

Set extra modes in addition to normal mode

Source

pub fn set_syntax(&mut self, syntax: Syntax) -> CsResult<()>

Set the assembly syntax (has no effect on some platforms)

Source

pub fn set_endian(&mut self, endian: Endian) -> CsResult<()>

Set the endianness (has no effect on some platforms).

Source

pub fn set_mode(&mut self, mode: Mode) -> CsResult<()>

Sets the engine’s disassembly mode. Be careful, various combinations of modes aren’t supported See the capstone-sys documentation for more information.

Source

pub fn set_detail(&mut self, enable_detail: bool) -> CsResult<()>

Controls whether to capstone will generate extra details about disassembled instructions.

Pass true to enable detail or false to disable detail.

Source

pub fn set_skipdata(&mut self, enable_skipdata: bool) -> CsResult<()>

Controls whether capstone will skip over invalid or data instructions.

Pass true to enable skipdata or false to disable skipdata.

Source

pub fn set_unsigned(&mut self, enable_unsigned: bool) -> CsResult<()>

Controls whether capstone will print immediate operands in unsigned form.

Pass true to enable unsigned or false to disable unsigned.

Source

pub fn set_mnemonic( &mut self, insn_id: InsnId, mnemonic: Option<&str>, ) -> CsResult<()>

Customize mnemonic for instructions with alternative name.

Pass Some(mnemonic) to enable custom mnemonic or None to revert to default.

Source

pub fn set_mnemonic_cstr( &mut self, insn_id: InsnId, mnemonic_cstr: Option<&CStr>, ) -> CsResult<()>

Customize mnemonic for instructions with alternative name, passing a core::ffi::CStr.

Pass Some(mnemonic) to enable custom mnemonic or None to revert to default.

Source

pub fn reg_name(&self, reg_id: RegId) -> Option<String>

Converts a register id reg_id to a String containing the register name. Unavailable in Diet mode

Source

pub fn insn_name(&self, insn_id: InsnId) -> Option<String>

Converts an instruction id insn_id to a String containing the instruction name. Unavailable in Diet mode. Note: This function ignores the current syntax and uses the default syntax.

Source