Struct Capstone

pub struct Capstone { /* private fields */ }

An instance of the capstone disassembler

Create with an instance with .new() and disassemble bytes with .disasm_all().

Implementations

impl Capstone

pub fn new() -> CapstoneBuilder

Create a new instance of the decompiler using the builder pattern interface. This is the recommended interface to Capstone.

use capstone::prelude::*;
let cs = Capstone::new().x86().mode(arch::x86::ArchMode::Mode32).build();

pub fn new_raw<T: Iterator<Item = ExtraMode>>( arch: Arch, mode: Mode, extra_mode: T, endian: Option<Endian>, ) -> CsResult<Capstone>

Create a new instance of the decompiler using the “raw” interface. The user must ensure that only sensible Arch/Mode combinations are used.

use capstone::{Arch, Capstone, NO_EXTRA_MODE, Mode};
let cs = Capstone::new_raw(Arch::X86, Mode::Mode64, NO_EXTRA_MODE, None);
assert!(cs.is_ok());

pub fn disasm_all<'a>( &'a self, code: &[u8], addr: u64, ) -> CsResult<Instructions<'a>>

Disassemble all instructions in buffer

cs.disasm_all(b"\x90", 0x1000).unwrap();

pub fn disasm_count<'a>( &'a self, code: &[u8], addr: u64, count: usize, ) -> CsResult<Instructions<'a>>

Disassemble count instructions in code

pub fn set_extra_mode<T: Iterator<Item = ExtraMode>>( &mut self, extra_mode: T, ) -> CsResult<()>

Set extra modes in addition to normal mode

pub fn set_syntax(&mut self, syntax: Syntax) -> CsResult<()>

Set the assembly syntax (has no effect on some platforms)

pub fn set_endian(&mut self, endian: Endian) -> CsResult<()>

Set the endianness (has no effect on some platforms).

pub fn set_mode(&mut self, mode: Mode) -> CsResult<()>

Sets the engine’s disassembly mode. Be careful, various combinations of modes aren’t supported See the capstone-sys documentation for more information.

pub fn set_detail(&mut self, enable_detail: bool) -> CsResult<()>

Controls whether to capstone will generate extra details about disassembled instructions.

Pass true to enable detail or false to disable detail.

pub fn set_skipdata(&mut self, enable_skipdata: bool) -> CsResult<()>

Controls whether capstone will skip over invalid or data instructions.

Pass true to enable skipdata or false to disable skipdata.

pub fn reg_name(&self, reg_id: RegId) -> Option<String>

Converts a register id reg_id to a String containing the register name. Unavailable in Diet mode

pub fn insn_name(&self, insn_id: InsnId) -> Option<String>

Converts an instruction id insn_id to a String containing the instruction name. Unavailable in Diet mode. Note: This function ignores the current syntax and uses the default syntax.

pub fn group_name(&self, group_id: InsnGroupId) -> Option<String>

Converts a group id group_id to a String containing the group name. Unavailable in Diet mode

pub fn insn_detail<'s, 'i: 's>( &'s self, insn: &'i Insn<'_>, ) -> CsResult<InsnDetail<'i>>

Returns Detail structure for a given instruction

Requires:

1. Instruction was created with detail enabled
2. Skipdata is disabled

pub fn lib_version() -> (u32, u32)

Returns a tuple (major, minor) indicating the version of the capstone C library.

pub fn supports_arch(arch: Arch) -> bool

Returns whether the capstone library supports a given architecture.

pub fn is_diet() -> bool

Returns whether the capstone library was compiled in diet mode.

Trait Implementations

impl Debug for Capstone

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Drop for Capstone

fn drop(&mut self)

Executes the destructor for this type.