Crate capstone

Bindings to the capstone library disassembly framework.

This crate is a wrapper around the Capstone disassembly library, a "lightweight multi-platform, multi-architecture disassembly framework."

The Capstone struct is the main interface to the library.

extern crate capstone;

use capstone::prelude::*;

const X86_CODE: &'static [u8] = b"\x55\x48\x8b\x05\xb8\x13\x00\x00\xe9\x14\x9e\x08\x00\x45\x31\xe4";

/// Print register names
fn reg_names<T, I>(cs: &Capstone, regs: T) -> String
where
    T: Iterator<Item = I>,
    I: Into<RegId>,
{
    let names: Vec<String> = regs.map(|x| cs.reg_name(x.into()).unwrap()).collect();
    names.join(", ")
}

/// Print instruction group names
fn group_names<T, I>(cs: &Capstone, regs: T) -> String
where
    T: Iterator<Item = I>,
    I: Into<InsnGroupId>,
{
    let names: Vec<String> = regs.map(|x| cs.group_name(x.into()).unwrap()).collect();
    names.join(", ")
}

fn main() {
    let mut cs = Capstone::new()
        .x86()
        .mode(arch::x86::ArchMode::Mode64)
        .syntax(arch::x86::ArchSyntax::Att)
        .detail(true)
        .build()
        .expect("Failed to create Capstone object");

    let insns = cs.disasm_all(X86_CODE, 0x1000)
        .expect("Failed to disassemble");
    println!("Found {} instructions", insns.len());
    for i in insns.iter() {
        println!();
        println!("{}", i);

        let detail: InsnDetail = cs.insn_detail(&i).expect("Failed to get insn detail");
        let arch_detail: ArchDetail = detail.arch_detail();
        let ops = arch_detail.operands();

        let output: &[(&str, String)] = &[
            ("insn id:", format!("{:?}", i.id().0)),
            ("bytes:", format!("{:?}", i.bytes())),
            ("read regs:", reg_names(&cs, detail.regs_read())),
            ("write regs:", reg_names(&cs, detail.regs_write())),
            ("insn groups:", group_names(&cs, detail.groups())),
        ];

        for &(ref name, ref message) in output.iter() {
            println!("{:4}{:12} {}", "", name, message);
        }

        println!("{:4}operands: {}", "", ops.len());
        for op in ops {
            println!("{:8}{:?}", "", op);
        }
    }
}

Produces:

Found 4 instructions

0x1000: pushq %rbp
    insn id:     580
    bytes:       [85]
    read regs:   rsp
    write regs:  rsp
    insn groups: mode64
    operands: 1
        X86Operand(X86Operand { size: 8, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Reg(RegId(36)) })

0x1001: movq 0x13b8(%rip), %rax
    insn id:     442
    bytes:       [72, 139, 5, 184, 19, 0, 0]
    read regs:
    write regs:
    insn groups:
    operands: 2
        X86Operand(X86Operand { size: 8, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Mem(X86OpMem(x86_op_mem { segment: 0, base: 41, index: 0, scale: 1, disp: 5048 })) })
        X86Operand(X86Operand { size: 8, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Reg(RegId(35)) })

0x1008: jmp 0x8ae21
    insn id:     266
    bytes:       [233, 20, 158, 8, 0]
    read regs:
    write regs:
    insn groups: jump
    operands: 1
        X86Operand(X86Operand { size: 8, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Imm(568865) })

0x100d: xorl %r12d, %r12d
    insn id:     327
    bytes:       [69, 49, 228]
    read regs:
    write regs:  rflags
    insn groups:
    operands: 2
        X86Operand(X86Operand { size: 4, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Reg(RegId(222)) })
        X86Operand(X86Operand { size: 4, avx_bcast: X86_AVX_BCAST_INVALID, avx_zero_opmask: false, op_type: Reg(RegId(222)) })

Modules

InsnGroupType
arch	Contains architecture-specific types and modules
prelude	Contains items that you probably want to always import

Macros

define_cs_enum_wrapper_reverse	Define Rust enum that is created from C enum
define_impl_bitmask	Defines getters for a bitmask

Structs

Capstone	An instance of the capstone disassembler
EmptyExtraModeIter	Represents an empty set of ExtraMode.
Insn	A wrapper for the raw capstone-sys instruction
InsnDetail	Contains architecture-independent details about an instruction, such as register reads.
InsnGroupId	Represents the group an instruction belongs to, which may be architecture-specific.
InsnGroupIter	Iterator over instruction group ids
InsnId	Represents an instruction id, which may be architecture-specific.
InstructionIterator	An iterator over the instructions returned by disasm
Instructions	Representation of the array of instructions returned by disasm
RegId	Represents an register id, which is architecture-specific.
RegsIter	Iterator over registers ids

Enums

Arch	Architectures for the disassembler
Endian	Disassembler endianness
Error	An error enum for this library
ExtraMode	Extra modes or features that can be enabled with some modes
Mode	Disassembler modes
Syntax	Disassembly syntax

Statics

NO_EXTRA_MODE

Represents that no extra modes are enabled. Can be passed to Capstone::new_raw() as the extra_mode argument.

Traits

EnumList

A C-like enum can list its variants

Type Definitions

CsResult
InsnGroupIdInt	Integer type used in InsnGroupId
InsnIdInt	Integer type used in InsnId
RegIdInt	Integer type used in RegId