Crate capstone_sys

Expand description

Low-level, unsafe Rust bindings for the Capstone disassembly library.

We recommend against using this crate directly. Instead, consider using capstone-rs, which provides a high-level, safe, “Rusty” interface.

Supported disassembly architectures

arm: ARM
arm64: ARM64 (also known as AArch64)
mips: MIPS
ppc: PowerPC
sparc: SPARC
sysz: System z
x86: x86 family (includes 16, 32, and 64 bit modes)
xcore: XCore

For each architecture, at least the following types are defined (replace ARCH with architecture names shown above):

enum ARCH_insn: instruction ids
enum ARCH_insn_group: architecture-specific group ids
enum ARCH_op_type: instruction operand types ids
enum ARCH_reg¹: register ids
struct ARCH_op_mem: operand referring to memory
struct cs_ARCH_op: instruction operand
struct cs_ARCH: instruction

Note: documentation for functions/types was taken directly from Capstone C headers.

¹: Defined as a “constified” enum modules because discriminant values are not unique. Rust requires discriminant values to be unique.

Structs

CapstoneArchInfo

Information specific to architecture

__va_list_tag

arm64_op_mem

Instruction’s operand referring to memory This is associated with ARM64_OP_MEM operand type above

arm_op_mem

Instruction’s operand referring to memory This is associated with ARM_OP_MEM operand type above

bpf_op_mem

Instruction’s operand referring to memory This is associated with BPF_OP_MEM operand type above

cs_ac_type

Common instruction operand access types - to be consistent across all architectures. It is possible to combine access types, for example: CS_AC_READ | CS_AC_WRITE

cs_arm

Instruction structure

cs_arm64

Instruction structure

cs_arm64_op

Instruction operand

cs_arm64_op__bindgen_ty_1

cs_arm_op

Instruction operand

cs_arm_op__bindgen_ty_1

cs_bpf

Instruction structure

cs_bpf_op

Instruction operand

cs_detail

NOTE: All information in cs_detail is only available when CS_OPT_DETAIL = CS_OPT_ON Initialized as memset(., 0, offsetof(cs_detail, ARCH)+sizeof(cs_ARCH)) by ARCH_getInstruction in arch/ARCH/ARCHDisassembler.c if cs_detail changes, in particular if a field is added after the union, then update arch/ARCH/ARCHDisassembler.c accordingly

cs_evm

Instruction structure

cs_insn

Detail information of disassembled instruction

cs_m68k

The M68K instruction and it’s operands

cs_m68k_op

Instruction operand

cs_m68k_op_reg_pair

Register pair in one operand.

cs_m680x

The M680X instruction and it’s operands

cs_m680x_op

Instruction operand

cs_mips

Instruction structure

cs_mips_op

Instruction operand

cs_mode

Mode type

cs_mos65xx

The MOS65XX address mode and it’s operands

cs_mos65xx_op

Instruction operand

cs_opt_mem

User-defined dynamic memory related functions: malloc/calloc/realloc/free/vsnprintf() By default, Capstone uses system’s malloc(), calloc(), realloc(), free() & vsnprintf().

cs_opt_mnem

Customize mnemonic for instructions with alternative name. To reset existing customized instruction to its default mnemonic, call cs_option(CS_OPT_MNEMONIC) again with the same @id and NULL value for @mnemonic.

cs_opt_skipdata

User-customized setup for SKIPDATA option

cs_ppc

Instruction structure

Instruction operand

Instruction structure

Instruction operand

Instruction operand

cs_tms320c64x__bindgen_ty_1

cs_tms320c64x__bindgen_ty_2

cs_tms320c64x_op

cs_wasm

Instruction structure

cs_wasm_brtable

cs_wasm_op

cs_x86

Instruction structure

cs_x86_encoding

cs_x86_op

Instruction operand

cs_xcore

Instruction structure

cs_xcore_op

Instruction operand

m68k_op_br_disp

m68k_op_mem

Instruction’s operand referring to memory This is associated with M68K_OP_MEM operand type above

m68k_op_size

Operation size of the current instruction (NOT the actually size of instruction)

m680x_op_ext

Instruction’s operand referring to extended addressing

m680x_op_idx

Instruction’s operand referring to indexed addressing

m680x_op_rel

Instruction’s memory operand referring to relative addressing (Bcc/LBcc)

mips_op_mem

Instruction’s operand referring to memory This is associated with MIPS_OP_MEM operand type above

ppc_op_crx

ppc_op_mem

Instruction’s operand referring to memory This is associated with PPC_OP_MEM operand type above

riscv_op_mem

sparc_op_mem

Instruction’s operand referring to memory This is associated with SPARC_OP_MEM operand type above

sysz_op_mem

Instruction’s operand referring to memory This is associated with SYSZ_OP_MEM operand type above

tms320c64x_op_mem

x86_op_mem

Instruction’s operand referring to memory This is associated with X86_OP_MEM operand type above

xcore_op_mem

Instruction’s operand referring to memory This is associated with XCORE_OP_MEM operand type above

Enums

arm64_at_op

AT operations

arm64_barrier_op

Memory barrier operands

ARM64 condition code

DC operations

ARM64 extender type

IC operations

ARM64 instruction

Operand type for instruction’s operands

arm64_prefetch_op

Prefetch operations (PRFM)

arm64_pstate

System PState Field (MSR instruction)

ARM64 shift type

System registers

TLBI operations

Vector arrangement specifier (for FloatingPoint/Advanced SIMD insn)

arm_cc

ARM condition code

arm_cpsflag_type

Operand type for SETEND instruction

arm_cpsmode_type

arm_insn

ARM instruction

arm_mem_barrier

The memory barrier constants map directly to the 4-bit encoding of the option field for Memory Barrier operations.

arm_op_type

Operand type for instruction’s operands

arm_setend_type

Operand type for SETEND instruction

arm_shifter

ARM shift type

arm_sysreg

arm_vectordata_type

Data type for elements of vector instructions.

bpf_op_type

Operand type for instruction’s operands

bpf_reg

BPF registers

cs_arch

Architecture type

cs_op_type

Common instruction operand types - to be consistent across all architectures.

cs_opt_type

Runtime option for the disassembled engine

evm_insn

EVM instruction

m68k_address_mode

M68K Addressing Modes

m68k_cpu_size

Operation size of the CPU instructions

m68k_fpu_size

Operation size of the FPU instructions (Notice that FPU instruction can also use CPU sizes if needed)

m68k_group_type

Group of M68K instructions

m68k_insn

M68K instruction

m68k_op_br_disp_size

Operand type for instruction’s operands

m68k_op_type

Operand type for instruction’s operands

m68k_size_type

Type of size that is being used for the current instruction

m680x_group_type

Group of M680X instructions

m680x_insn

M680X instruction IDs

m680x_op_type

Operand type for instruction’s operands

mips_insn

MIPS instruction

mips_op_type

Operand type for instruction’s operands

mos65xx_address_mode

MOS65XX Addressing Modes

mos65xx_op_type

Operand type for instruction’s operands

mos65xx_reg

MOS65XX registers and special registers

ppc_bc

PPC branch codes for some branch instructions

ppc_bh

PPC branch hint for some branch instructions

ppc_insn

PPC instruction

ppc_op_type

Operand type for instruction’s operands

riscv_insn

riscv_op_type

sparc_cc

Enums corresponding to Sparc condition codes, both icc’s and fcc’s.

sparc_hint

Branch hint

sparc_insn

SPARC instruction

sparc_op_type

Operand type for instruction’s operands

sysz_cc

Enums corresponding to SystemZ condition codes

sysz_insn

SystemZ instruction

sysz_op_type

Operand type for instruction’s operands

AVX broadcast type

AVX Code Condition type

x86_avx_rm

AVX static rounding mode type

x86_insn

X86 instructions

x86_op_type

Operand type for instruction’s operands

x86_prefix

Instruction prefixes - to be used in cs_x86.prefix[]

x86_sse_cc

SSE Code Condition type

x86_xop_cc

XOP Code Condition type

xcore_insn

XCore instruction

xcore_op_type

Operand type for instruction’s operands

Constants

ARM64_SYSREG_DBGDTRTX_EL0

CS_AC_INVALID

< Uninitialized/invalid access type.

CS_AC_READ

< Operand read from memory or register.

CS_AC_WRITE

< Operand write to memory or register.

CS_MODE_16

< 16-bit mode (X86)

CS_MODE_32

< 32-bit mode (X86)

CS_MODE_64

< 64-bit mode (X86, PPC)

< 32-bit ARM

< big-endian mode

< Book-E mode (PPC)

< Classic BPF mode (default)

CS_MODE_BPF_EXTENDED

< Extended BPF mode

CS_MODE_LITTLE_ENDIAN

< little-endian mode (default mode)

< M68K 68000 mode

< M68K 68010 mode

< M68K 68020 mode

< M68K 68030 mode

< M68K 68040 mode

< M68K 68060 mode

< M680X Hitachi 6301,6303 mode

CS_MODE_M680X_6309

< M680X Hitachi 6309 mode

CS_MODE_M680X_6800

< M680X Motorola 6800,6802 mode

CS_MODE_M680X_6801

< M680X Motorola 6801,6803 mode

CS_MODE_M680X_6805

< M680X Motorola/Freescale 6805 mode

CS_MODE_M680X_6808

< M680X Motorola/Freescale/NXP 68HC08 mode

CS_MODE_M680X_6809

< M680X Motorola 6809 mode

CS_MODE_M680X_6811

< M680X Motorola/Freescale/NXP 68HC11 mode

CS_MODE_M680X_CPU12

< M680X Motorola/Freescale/NXP CPU12 < used on M68HC12/HCS12

CS_MODE_M680X_HCS08

< M680X Freescale/NXP HCS08 mode

CS_MODE_MCLASS

< ARM’s Cortex-M series

CS_MODE_MICRO

< MicroMips mode (MIPS)

< Mips II ISA

< Mips III ISA

< Mips32 ISA (Mips)

< Mips32r6 ISA

< Mips64 ISA (Mips)

CS_MODE_MOS65XX_65C02

< MOS65XXX WDC 65c02

CS_MODE_MOS65XX_6502

< MOS65XXX MOS 6502

CS_MODE_MOS65XX_65816

< MOS65XXX WDC 65816, 8-bit m/x

CS_MODE_MOS65XX_65816_LONG_M

< MOS65XXX WDC 65816, 16-bit m, 8-bit x

CS_MODE_MOS65XX_65816_LONG_MX

CS_MODE_MOS65XX_65816_LONG_X

< MOS65XXX WDC 65816, 8-bit m, 16-bit x

CS_MODE_MOS65XX_W65C02

< MOS65XXX WDC W65c02

CS_MODE_QPX

< Quad Processing eXtensions mode (PPC)

CS_MODE_RISCV32

< RISCV RV32G

CS_MODE_RISCV64

< RISCV RV64G

CS_MODE_RISCVC

< RISCV compressed instructure mode

CS_MODE_SPE

< Signal Processing Engine mode (PPC)

CS_MODE_THUMB

< ARM’s Thumb mode, including Thumb-2

CS_MODE_V8

< ARMv8 A32 encodings for ARM

CS_MODE_V9

< SparcV9 mode (Sparc)

CS_SUPPORT_DIET

CS_SUPPORT_X86_REDUCE

X86_PREFIX_REPE

Statics

ARCH_INCLUDES

BINDINGS_FILE

BINDINGS_IMPL_FILE

Functions

cs_close ^⚠

Close CS handle: MUST do to release the handle when it is not used anymore. NOTE: this must be only called when there is no longer usage of Capstone, not even access to cs_insn array. The reason is the this API releases some cached memory, thus access to any Capstone API after cs_close() might crash your application.

cs_disasm ^⚠

Disassemble binary code, given the code buffer, size, address and number of instructions to be decoded. This API dynamically allocate memory to contain disassembled instruction. Resulting instructions will be put into @*insn

cs_disasm_iter ^⚠

Fast API to disassemble binary code, given the code buffer, size, address and number of instructions to be decoded. This API puts the resulting instruction into a given cache in @insn. See tests/test_iter.c for sample code demonstrating this API.

cs_errno ^⚠

Report the last error number when some API function fail. Like glibc’s errno, cs_errno might not retain its old value once accessed.

cs_free ^⚠

Free memory allocated by cs_malloc() or cs_disasm() (argument @insn)

cs_group_name ^⚠

Return friendly name of a group id (that an instruction can belong to) Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, …)

cs_insn_group ^⚠

Check if a disassembled instruction belong to a particular group. Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, …) Internally, this simply verifies if @group_id matches any member of insn->groups array.

cs_insn_name ^⚠

Return friendly name of an instruction in a string. Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, …)

cs_malloc ^⚠

Allocate memory for 1 instruction to be used by cs_disasm_iter().

cs_op_count ^⚠

Count the number of operands of a given type. Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, …)

cs_op_index ^⚠

Retrieve the position of operand of given type in .operands[] array. Later, the operand can be accessed using the returned position. Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, …)

cs_open ^⚠

Initialize CS handle: this must be done before any usage of CS.

cs_option ^⚠

Set option for disassembling engine at runtime

cs_reg_name ^⚠

Return friendly name of register in a string. Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, …)

cs_reg_read ^⚠

Check if a disassembled instruction IMPLICITLY used a particular register. Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, …) Internally, this simply verifies if @reg_id matches any member of insn->regs_read array.

cs_reg_write ^⚠

Check if a disassembled instruction IMPLICITLY modified a particular register. Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, …) Internally, this simply verifies if @reg_id matches any member of insn->regs_write array.

cs_regs_access ^⚠

Retrieve all the registers accessed by an instruction, either explicitly or implicitly.

cs_strerror ^⚠

Return a string describing given error code.

cs_support ^⚠

This API can be used to either ask for archs supported by this library, or check to see if the library was compile with ‘diet’ option (or called in ‘diet’ mode).

cs_version ^⚠

Return combined API version & major and minor version numbers.