Struct falcon_capstone::capstone::Capstone
[−]
[src]
pub struct Capstone { /* fields omitted */ }
Capstone handle.
Methods
impl Capstone
[src]
fn new(arch: cs_arch, mode: cs_mode) -> Result<Capstone, CsErr>
[src]
Create a Capstone handle.
arch
architecture type (CS_ARCH_*), mode
hardware mode (CS_MODE_*).
fn option(&self, typ: cs_opt_type, value: cs_opt_value) -> Result<(), CsErr>
[src]
Set option for disassembling engine at runtime.
typ
type of option to set. value
value of the option.
fn disasm(&self, buf: &[u8], addr: u64, count: usize) -> Result<InstrBuf, CsErr>
[src]
Disassemble binary code, given the code buffer, address and number of instructions to be decoded.
buf
is the code buffer. addr
is the address of the first instruction, count
is the
number of instructions to decode, if 0
decode until the buffer is empty or an invalid
instruction is found.
Returns a buffer of decoded instructions or an error (in case of troubles).
Examples
use capstone_rust::capstone as cs; let code = vec![0x55, 0x48, 0x8b, 0x05, 0xb8, 0x13, 0x00, 0x00]; let dec = cs::Capstone::new(cs::cs_arch::CS_ARCH_X86, cs::cs_mode::CS_MODE_32).unwrap(); let buf = dec.disasm(code.as_slice(), 0, 0).unwrap(); for x in buf.iter() { println!("{:x}: {} {}", x.address, x.mnemonic, x.op_str); }
use capstone_rust::capstone as cs; let code = vec![0x55, 0x48, 0x8b, 0x05, 0xb8, 0x13, 0x00, 0x00]; let dec = cs::Capstone::new(cs::cs_arch::CS_ARCH_X86, cs::cs_mode::CS_MODE_32).unwrap(); let buf = dec.disasm(code.as_slice(), 0, 0).unwrap(); assert_eq!(buf.get(0).unwrap().mnemonic, "push"); assert_eq!(buf.get(1).unwrap().mnemonic, "dec"); assert_eq!(buf.get(2).unwrap().mnemonic, "mov");
fn reg_name(&self, reg_id: u32) -> Option<&str>
[src]
Return friendly name of register in a string.
Returns None
if reg_id
is invalid. You can find the register mapping in Capstone's
C headers (e.g. x86.h for x86).
Examples
use capstone_rust::capstone as cs; let dec = cs::Capstone::new(cs::cs_arch::CS_ARCH_X86, cs::cs_mode::CS_MODE_32).unwrap(); assert_eq!(dec.reg_name(21).unwrap(), "ebx");
fn group_name(&self, group_id: u32) -> Option<&str>
[src]
Return friendly name of group.
Returns None
if group_id
is invalid. You can find the group mapping in Capstone's
C headers (e.g. x86.h for x86).
Examples
use capstone_rust::capstone as cs; let dec = cs::Capstone::new(cs::cs_arch::CS_ARCH_X86, cs::cs_mode::CS_MODE_32).unwrap(); assert_eq!(dec.group_name(2).unwrap(), "call");