Struct Capstone 

pub struct Capstone { /* private fields */ }

A capstone instance that can be used for disassembly.

Implementations

impl Capstone

pub fn open(arch: Arch, mode: Mode) -> Result<Self, Error>

Initializes capstone with the given arch and mode.

pub fn details<'i>(&self, insn: &'i Insn<'_>) -> Details<'i>

Retrieves some general details about an instruction. This value is only available if the engine was not compiled in DIET mode and details mode is turned on for this instance of Capstone. If details about an instruction are not available, this will panic.

Panics

If instruction details were not turned on for this Capstone instance or if Capstone was compiled in DIET mode.

pub fn try_details<'i>(&self, insn: &'i Insn<'_>) -> Option<Details<'i>>

Retrieves some general details about an instruction. This value is only available if the engine was not compiled in DIET mode and details mode is turned on for this instance of Capstone. If details about an instruction are not available, this will return Option::None.

pub fn disasm<'s>( &'s self, code: &[u8], address: u64, ) -> Result<InsnBuffer<'s>, Error>

Disassembles all of the instructions in a buffer with the given starting address. This will dynamically allocate memory to contain the disassembled instructions.

pub fn disasm_count<'s>( &'s self, code: &[u8], address: u64, count: usize, ) -> Result<InsnBuffer<'s>, Error>

Disassembles at most count instructions from the buffer using the given starting address. This will dynamically allocate memory to contain the disassembled instructions.

pub fn disasm_iter<'s>(&'s self, code: &[u8], address: u64) -> InsnIter<'s>

Returns an iterator that will lazily disassemble the instructions in the given binary.

pub fn set_syntax(&mut self, syntax: Syntax) -> Result<(), Error>

Sets the assembly syntax for the disassembling engine at runtime.

If the syntax is supported then Result::Ok is returned with no value. If the syntax is not supported then Result::Err is returned.

pub fn set_mode(&mut self, mode: Mode) -> Result<(), Error>

Change the engine’s mode at runtime after it has been initialized.

pub fn set_details_enabled(&mut self, detail: bool) -> Result<(), Error>

Setting detail to true will make the disassembling engine break down instruction structure into details.

pub fn set_unsigned(&mut self, unsigned: bool) -> Result<(), Error>

Setting unsigned to true will make the disassembling engine print immediate operands in unsigned form.

pub fn reset_mnemonic<I>(&mut self, insn: I) -> Result<(), Error>

where I: Into<InsnId>,

Removes a custom mnemonic that was previously set by Capstone::set_mnemonic.

pub fn set_mnemonic<I, M>(&mut self, insn: I, mnemonic: M) -> Result<(), Error>

where I: Into<InsnId>, M: Into<Cow<'static, str>>,

Customize the mnemonic for an instruction with an alternative name.

pub fn setup_skipdata<M, F>( &mut self, mnemonic: Option<M>, callback: Option<F>, ) -> Result<(), Error>

where M: Into<Cow<'static, str>>, F: 'static + UnwindSafe + FnMut(&[u8], usize) -> usize,

Sets a custom setup for SKIPDATA mode.

Setting mnemonic allows for customizing the mnemonic of the instruction used to represent data. By default this will be .byte.

The user defined callback (if there is one) will be called whenever Capstone hits data. If the returned value from the callback is positive (greater than 0), Capstone will skip exactly that number of bytes and continue. Otherwise, if the callback retruns 0, Capstone stops disassembling and returns immediately from Capstone::disasm or causes the Iterator from Capstone::disasm_iter to return None.

Note

If the callback is None, Capstone will skip a number of bytes depending on the architecture:

• Arm: 2 bytes (Thumb mode) or 4 bytes.
• Arm64: 4 bytes.
• Mips: 4 bytes.
• M680x: 1 byte.
• PowerPC: 4 bytes.
• Sparc: 4 bytes.
• SystemZ: 2 bytes.
• X86: 1 bytes.
• XCore: 2 bytes.
• EVM: 1 bytes.
• MOS65XX: 1 bytes.

pub fn set_skipdata_mode(&mut self, skipdata: bool) -> Result<(), Error>

Place the disassembling engine in SKIPDATA mode. Use Capstone::setup_skipdata to configure this mode.

pub fn details_enabled(&self) -> bool

Returns true if this Capstone instance has instruction details enabled.

pub fn skipdata_mode(&self) -> bool

Returns true if the disassembling engine is currently in SKIPDATA mode.

pub fn arch(&self) -> Arch

Returns the current arch that this instance of the Capstone disassembly engine is set to disassemble.

pub fn reg_name<R>(&self, reg: R) -> &str

where R: Into<Reg>,

Returns the user friendly name of a register. This will return an empty string if the register is not valid for the current architecture.

pub fn insn_name<I>(&self, insn: I) -> &str

where I: Into<InsnId>,

Returns the user friendly name of an instruction. This will return an empty string if the instruction is not valid for the current architecture.

pub fn group_name<G>(&self, group: G) -> &str

where G: Into<InsnGroup>,

Returns the user friendly name of an instruction group. This will return an empty string if the instruction group is not valid for the current architecture.

pub fn regs_used( &self, insn: &Insn<'_>, regs_used_out: &mut RegsUsed, ) -> Result<(), Error>

Retrieves all of the registers read from and written to either implicitly or explicitly by an instruction and places them into the given buffer.

Trait Implementations

impl Drop for Capstone

fn drop(&mut self)

Executes the destructor for this type.