Crate capstone[−][src]
Expand description
Bindings to the capstone library disassembly framework.
This crate is a wrapper around the Capstone disassembly library, a “lightweight multi-platform, multi-architecture disassembly framework.”
The Capstone
struct is the main interface to the library.
extern crate capstone; use capstone::prelude::*; const X86_CODE: &'static [u8] = b"\x55\x48\x8b\x05\xb8\x13\x00\x00\xe9\x14\x9e\x08\x00\x45\x31\xe4"; /// Print register names fn reg_names(cs: &Capstone, regs: &[RegId]) -> String { let names: Vec<String> = regs.iter().map(|&x| cs.reg_name(x).unwrap()).collect(); names.join(", ") } /// Print instruction group names fn group_names(cs: &Capstone, regs: &[InsnGroupId]) -> String { let names: Vec<String> = regs.iter().map(|&x| cs.group_name(x).unwrap()).collect(); names.join(", ") } fn main() { let cs = Capstone::new() .x86() .mode(arch::x86::ArchMode::Mode64) .syntax(arch::x86::ArchSyntax::Att) .detail(true) .build() .expect("Failed to create Capstone object"); let insns = cs.disasm_all(X86_CODE, 0x1000) .expect("Failed to disassemble"); println!("Found {} instructions", insns.len()); for i in insns.as_ref() { println!(); println!("{}", i); let detail: InsnDetail = cs.insn_detail(&i).expect("Failed to get insn detail"); let arch_detail: ArchDetail = detail.arch_detail(); let ops = arch_detail.operands(); let output: &[(&str, String)] = &[ ("insn id:", format!("{:?}", i.id().0)), ("bytes:", format!("{:?}", i.bytes())), ("read regs:", reg_names(&cs, detail.regs_read())), ("write regs:", reg_names(&cs, detail.regs_write())), ("insn groups:", group_names(&cs, detail.groups())), ]; for &(ref name, ref message) in output.iter() { println!("{:4}{:12} {}", "", name, message); } println!("{:4}operands: {}", "", ops.len()); for op in ops { println!("{:8}{:?}", "", op); } } }
Produces:
Found 4 instructions 0x1000: pushq %rbp insn id: 580 bytes: [85] read regs: rsp write regs: rsp insn groups: mode64 operands: 1 X86Operand(X86Operand { size: 8, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Reg(RegId(36)) }) 0x1001: movq 0x13b8(%rip), %rax insn id: 442 bytes: [72, 139, 5, 184, 19, 0, 0] read regs: write regs: insn groups: operands: 2 X86Operand(X86Operand { size: 8, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Mem(X86OpMem(x86_op_mem { segment: 0, base: 41, index: 0, scale: 1, disp: 5048 })) }) X86Operand(X86Operand { size: 8, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Reg(RegId(35)) }) 0x1008: jmp 0x8ae21 insn id: 266 bytes: [233, 20, 158, 8, 0] read regs: write regs: insn groups: jump operands: 1 X86Operand(X86Operand { size: 8, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Imm(568865) }) 0x100d: xorl %r12d, %r12d insn id: 327 bytes: [69, 49, 228] read regs: write regs: rflags insn groups: operands: 2 X86Operand(X86Operand { size: 4, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Reg(RegId(222)) }) X86Operand(X86Operand { size: 4, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Reg(RegId(222)) })
Modules
Contains architecture-specific types and modules
Contains items that you probably want to always import
Macros
Define Rust enum that is created from C enum
Defines getters for a bitmask
Structs
An instance of the capstone disassembler
Represents an empty set of ExtraMode
.
A single disassembled CPU instruction.
Contains architecture-independent details about an Insn
.
Represents the group an instruction belongs to, which may be architecture-specific.
Iterator over instruction group ids
Represents an instruction id, which may be architecture-specific.
Represents an register id, which is architecture-specific.
Enums
Architectures for the disassembler
Disassembler endianness
An error enum for this library
Extra modes or features that can be enabled with some modes
Disassembler modes
Represents how the register is accessed.
Disassembly syntax
Statics
Represents that no extra modes are enabled. Can be passed to Capstone::new_raw()
as the
extra_mode
argument.
Traits
A C-like enum can list its variants
Type Definitions
Integer type used in InsnGroupId
Integer type used in InsnId
Integer type used in RegId