Expand description
§capstone-rs
Bindings to the capstone library disassembly framework.
The Capstone
struct is the main interface to the library.
§Requirements
capstone-rs
uses the capstone-sys
crate to provide the low-level bindings to the Capstone C library.
See the capstone-sys
page for the requirements and supported platforms.
- Minimum Rust Version:
1.60.0
§Example
extern crate capstone;
use capstone::prelude::*;
const X86_CODE: &'static [u8] = b"\x55\x48\x8b\x05\xb8\x13\x00\x00\xe9\x14\x9e\x08\x00\x45\x31\xe4";
/// Print register names
fn reg_names(cs: &Capstone, regs: &[RegId]) -> String {
let names: Vec<String> = regs.iter().map(|&x| cs.reg_name(x).unwrap()).collect();
names.join(", ")
}
/// Print instruction group names
fn group_names(cs: &Capstone, regs: &[InsnGroupId]) -> String {
let names: Vec<String> = regs.iter().map(|&x| cs.group_name(x).unwrap()).collect();
names.join(", ")
}
fn main() {
let cs = Capstone::new()
.x86()
.mode(arch::x86::ArchMode::Mode64)
.syntax(arch::x86::ArchSyntax::Att)
.detail(true)
.build()
.expect("Failed to create Capstone object");
let insns = cs.disasm_all(X86_CODE, 0x1000)
.expect("Failed to disassemble");
println!("Found {} instructions", insns.len());
for i in insns.as_ref() {
println!();
println!("{}", i);
let detail: InsnDetail = cs.insn_detail(&i).expect("Failed to get insn detail");
let arch_detail: ArchDetail = detail.arch_detail();
let ops = arch_detail.operands();
let output: &[(&str, String)] = &[
("insn id:", format!("{:?}", i.id().0)),
("bytes:", format!("{:?}", i.bytes())),
("read regs:", reg_names(&cs, detail.regs_read())),
("write regs:", reg_names(&cs, detail.regs_write())),
("insn groups:", group_names(&cs, detail.groups())),
];
for &(ref name, ref message) in output.iter() {
println!("{:4}{:12} {}", "", name, message);
}
println!("{:4}operands: {}", "", ops.len());
for op in ops {
println!("{:8}{:?}", "", op);
}
}
}
Produces:
Found 4 instructions
0x1000: pushq %rbp
read regs: rsp
write regs: rsp
insn groups: mode64
0x1001: movq 0x13b8(%rip), %rax
read regs:
write regs:
insn groups:
0x1008: jmp 0x8ae21
read regs:
write regs:
insn groups: jump
0x100d: xorl %r12d, %r12d
read regs:
write regs: rflags
insn groups:
To see more demos, see the examples/
directory.
More complex demos welcome!
§Features
full
†: do not compile Capstone C library in diet modestd
†: enablestd
-only features, such as theError
traituse_bindgen
: runbindgen
to generate Rust bindings to Capstone C library instead of using pre-generated bindings (not recommended).
†: enabled by default
§Reporting Issues
Please open a Github issue
§Author
- Library Author: Nguyen Anh Quynh
- Binding Author(s):
- m4b m4b.github.io@gmail.com
- Richo Healey richo@psych0tik.net
- Travis Finkenauer tmfinken@gmail.com
You may find a full list of contributors on Github.
§License
Modules§
- Contains architecture-specific types and modules
- Contains items that you probably want to always import
Macros§
- Define Rust enum that is created from C enum
- Defines getters for a bitmask
Structs§
- An instance of the capstone disassembler
- Represents an empty set of
ExtraMode
. - A single disassembled CPU instruction.
- Contains architecture-independent details about an
Insn
. - Represents the group an instruction belongs to, which may be architecture-specific.
- Iterator over instruction group ids
- Represents an instruction id, which may be architecture-specific.
- A single disassembled CPU instruction that lives on the Rust heap.
- Represents an register id, which is architecture-specific.
Enums§
- Architectures for the disassembler
- Disassembler endianness
- An error enum for this library
- Extra modes or features that can be enabled with some modes
- Disassembler modes
- Represents how the register is accessed.
- Disassembly syntax
Statics§
- Represents that no extra modes are enabled. Can be passed to
Capstone::new_raw()
as theextra_mode
argument.
Traits§
- A C-like enum can list its variants
Type Aliases§
- Integer type used in
InsnGroupId
- Integer type used in
InsnId
- Integer type used in
RegId