capstone-sys 0.2.0

System bindings to the capstone disassembly library

Crate capstone_sys [] [src]

libcapstone.so.3 bindings

If you want to compile this for another target, wasm32-unknown-emscripten, for example, it is currently recommended to pass the feature flag build_src_cmake to build capstone using the cmake build system (which requires cmake to be installed).

This has seen some (limited) testing and has been seen to work on the wasm32-unknown-emscripten target at least.

Compiling on windows has not been tested, although this should be easy to setup.

Structs

cs_detail

NOTE: All information in cs_detail is only available when CS_OPT_DETAIL = CS_OPT_ON

cs_insn

Detail information of disassembled instruction

Constants

CS_ARCH_ALL

All architectures - for cs_support()

CS_ARCH_ARM

ARM architecture (including Thumb, Thumb-2)

CS_ARCH_ARM64

ARM-64, also called AArch64

CS_ARCH_MAX
CS_ARCH_MIPS

Mips architecture

CS_ARCH_PPC

PowerPC architecture

CS_ARCH_SPARC

Sparc architecture

CS_ARCH_SYSZ

SystemZ architecture

CS_ARCH_X86

X86 architecture (including x86 & x86-64)

CS_ARCH_XCORE

XCore architecture

CS_ERR_ARCH

Unsupported architecture: cs_open()

CS_ERR_CSH

Invalid csh argument: cs_close(), cs_errno(), cs_option()

CS_ERR_DETAIL

Information is unavailable because detail option is OFF

CS_ERR_DIET

Access irrelevant data in "diet" engine

CS_ERR_HANDLE

Invalid handle: cs_op_count(), cs_op_index()

CS_ERR_MEM

Out-Of-Memory error: cs_open(), cs_disasm(), cs_disasm_iter()

CS_ERR_MEMSETUP

Dynamic memory management uninitialized (see CS_OPT_MEM)

CS_ERR_MODE

Invalid/unsupported mode: cs_open()

CS_ERR_OK

No error: everything was fine

CS_ERR_OPTION

Invalid/unsupported option: cs_option()

CS_ERR_SKIPDATA

Access irrelevant data for "data" instruction in SKIPDATA mode

CS_ERR_VERSION

Unsupported version (bindings)

CS_ERR_X86_ATT

X86 AT&T syntax is unsupported (opt-out at compile time)

CS_ERR_X86_INTEL

X86 Intel syntax is unsupported (opt-out at compile time)

CS_GRP_CALL

all call instructions

CS_GRP_INT

all interrupt instructions (int+syscall)

CS_GRP_INVALID

uninitialized/invalid group.

CS_GRP_IRET

all interrupt return instructions

CS_GRP_JUMP

all jump instructions (conditional+direct+indirect jumps)

CS_GRP_RET

all return instructions

CS_MODE_16

16-bit mode (X86)

CS_MODE_32

32-bit mode (X86)

CS_MODE_64

64-bit mode (X86, PPC)

CS_MODE_ARM

32-bit ARM

CS_MODE_BIG_ENDIAN

big-endian mode

CS_MODE_LITTLE_ENDIAN

little-endian mode (default mode)

CS_MODE_MCLASS

ARM's Cortex-M series

CS_MODE_MICRO

MicroMips mode (MIPS)

CS_MODE_MIPS3

Mips III ISA

CS_MODE_MIPS32

Mips32 ISA (Mips)

CS_MODE_MIPS32R6

Mips32r6 ISA

CS_MODE_MIPS64

Mips64 ISA (Mips)

CS_MODE_MIPSGP64

General Purpose Registers are 64-bit wide (MIPS)

CS_MODE_THUMB

ARM's Thumb mode, including Thumb-2

CS_MODE_V8

ARMv8 A32 encodings for ARM

CS_MODE_V9

SparcV9 mode (Sparc)

CS_OPT_DETAIL

Break down instruction structure into details

CS_OPT_MEM

User-defined dynamic memory related functions

CS_OPT_MODE

Change engine's mode at run-time

CS_OPT_OFF

Turn OFF an option - default option of CS_OPT_DETAIL, CS_OPT_SKIPDATA.

CS_OPT_ON

Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA).

CS_OPT_SKIPDATA

Skip data when disassembling. Then engine is in SKIPDATA mode.

CS_OPT_SKIPDATA_SETUP

Setup user-defined function for SKIPDATA option

CS_OPT_SYNTAX
CS_OPT_SYNTAX_ATT

X86 ATT asm syntax (CS_OPT_SYNTAX).

CS_OPT_SYNTAX_DEFAULT

Default asm syntax (CS_OPT_SYNTAX).

CS_OPT_SYNTAX_INTEL

X86 Intel asm syntax - default on X86 (CS_OPT_SYNTAX).

CS_OPT_SYNTAX_NOREGNAME

Prints register name with only number (CS_OPT_SYNTAX)

CS_OP_FP

Floating-Point operand.

CS_OP_IMM

Immediate operand.

CS_OP_INVALID

uninitialized/invalid operand.

CS_OP_MEM

Memory operand.

CS_OP_REG

Register operand.

Functions

cs_close

Close CS handle: MUST do to release the handle when it is not used anymore. NOTE: this must be only called when there is no longer usage of Capstone, not even access to cs_insn array. The reason is the this API releases some cached memory, thus access to any Capstone API after cs_close() might crash your application.

cs_disasm

Disassemble binary code, given the code buffer, size, address and number of instructions to be decoded. This API dynamically allocate memory to contain disassembled instruction. Resulted instructions will be put into *insn

cs_disasm_iter

Fast API to disassemble binary code, given the code buffer, size, address and number of instructions to be decoded. This API put the resulted instruction into a given cache in @insn. See tests/test_iter.c for sample code demonstrating this API.

cs_errno

Report the last error number when some API function fail. Like glibc's errno, cs_errno might not retain its old value once accessed.

cs_free

Free memory allocated by cs_malloc() or cs_disasm() (argument @insn)

cs_group_name

Return friendly name of a group id (that an instruction can belong to) Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...)

cs_insn_group

Check if a disassembled instruction belong to a particular group. Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) Internally, this simply verifies if group_id matches any member of insn->groups array.

cs_insn_name

Return friendly name of an instruction in a string. Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...)

cs_malloc

Allocate memory for 1 instruction to be used by cs_disasm_iter().

cs_op_count

Count the number of operands of a given type. Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...)

cs_op_index

Retrieve the position of operand of given type in .operands[] array. Later, the operand can be accessed using the returned position. Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...)

cs_open

Initialize CS handle: this must be done before any usage of CS.

cs_option

Set option for disassembling engine at runtime

cs_reg_name

Return friendly name of register in a string. Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...)

cs_reg_read

Check if a disassembled instruction IMPLICITLY used a particular register. Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) Internally, this simply verifies if reg_id matches any member of insn->regs_read array.

cs_reg_write

Check if a disassembled instruction IMPLICITLY modified a particular register. Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) Internally, this simply verifies if @reg_id matches any member of insn->regs_write array.

cs_strerror

Return a string describing given error code.

cs_support

This API can be used to either ask for archs supported by this library, or check to see if the library was compile with 'diet' option (or called in 'diet' mode).

cs_version

Return combined API version & major and minor version numbers.

Type Definitions

cs_arch

Architecture type

cs_err

All type of errors encountered by Capstone API. These are values returned by cs_errno()

cs_group_type

Common instruction groups - to be consistent across all architectures.

cs_mode

Mode type

cs_op_type

Common instruction operand types - to be consistent across all architectures.

cs_opt_type

Runtime option for the disassembled engine

cs_opt_value

Runtime option value (associated with option type above)

csh

Handle using with all API