Crate capstone

Source

Expand description

§capstone-rs

Linux/macOS/Windows | FreeBSD

API Documentation

Bindings to the capstone library disassembly framework.

The Capstone struct is the main interface to the library.

§Requirements

capstone-rs uses the capstone-sys crate to provide the low-level bindings to the Capstone C library.

See the capstone-sys page for the requirements and supported platforms.

Minimum Rust Version: 1.70.0

§Example

extern crate capstone;

use capstone::prelude::*;

const X86_CODE: &'static [u8] = b"\x55\x48\x8b\x05\xb8\x13\x00\x00\xe9\x14\x9e\x08\x00\x45\x31\xe4";

/// Print register names
fn reg_names(cs: &Capstone, regs: &[RegId]) -> String {
    let names: Vec<String> = regs.iter().map(|&x| cs.reg_name(x).unwrap()).collect();
    names.join(", ")
}

/// Print instruction group names
fn group_names(cs: &Capstone, regs: &[InsnGroupId]) -> String {
    let names: Vec<String> = regs.iter().map(|&x| cs.group_name(x).unwrap()).collect();
    names.join(", ")
}

fn main() {
    let cs = Capstone::new()
        .x86()
        .mode(arch::x86::ArchMode::Mode64)
        .syntax(arch::x86::ArchSyntax::Att)
        .detail(true)
        .build()
        .expect("Failed to create Capstone object");

    let insns = cs.disasm_all(X86_CODE, 0x1000)
        .expect("Failed to disassemble");
    println!("Found {} instructions", insns.len());
    for i in insns.as_ref() {
        println!();
        println!("{}", i);

        let detail: InsnDetail = cs.insn_detail(&i).expect("Failed to get insn detail");
        let arch_detail: ArchDetail = detail.arch_detail();
        let ops = arch_detail.operands();

        let output: &[(&str, String)] = &[
            ("insn id:", format!("{:?}", i.id().0)),
            ("bytes:", format!("{:?}", i.bytes())),
            ("read regs:", reg_names(&cs, detail.regs_read())),
            ("write regs:", reg_names(&cs, detail.regs_write())),
            ("insn groups:", group_names(&cs, detail.groups())),
        ];

        for &(ref name, ref message) in output.iter() {
            println!("{:4}{:12} {}", "", name, message);
        }

        println!("{:4}operands: {}", "", ops.len());
        for op in ops {
            println!("{:8}{:?}", "", op);
        }
    }
}

Produces:

Found 4 instructions

0x1000: pushq %rbp
    read regs:   rsp
    write regs:  rsp
    insn groups: mode64

0x1001: movq 0x13b8(%rip), %rax
    read regs:
    write regs:
    insn groups:

0x1008: jmp 0x8ae21
    read regs:
    write regs:
    insn groups: jump

0x100d: xorl %r12d, %r12d
    read regs:
    write regs:  rflags
    insn groups:

To see more demos, see the examples/ directory. More complex demos welcome!

§Features

full^†: do not compile Capstone C library in diet mode
std^†: enable std-only features, such as the Error trait
use_bindgen: run bindgen to generate Rust bindings to Capstone C library instead of using pre-generated bindings (not recommended).

^†: enabled by default

§Reporting Issues

Please open a Github issue

§Author

Library Author: Nguyen Anh Quynh
Binding Author(s):
- m4b m4b.github.io@gmail.com
- Richo Healey richo@psych0tik.net
- Travis Finkenauer tmfinken@gmail.com

You may find a full list of contributors on Github.

§License

MIT

Modules§

InsnGroupType
arch: Contains architecture-specific types and modules
prelude: Contains items that you probably want to always import

Macros§

define_cs_enum_wrapper_reverse: Define Rust enum that is created from C enum
define_impl_bitmask: Defines getters for a bitmask

Structs§

Capstone: An instance of the capstone disassembler
EmptyExtraModeIter: Represents an empty set of ExtraMode.
Insn: A single disassembled CPU instruction.
InsnDetail: Contains architecture-independent details about an Insn.
InsnGroupId: Represents the group an instruction belongs to, which may be architecture-specific.
InsnId: Represents an instruction id, which may be architecture-specific.
Instructions: Represents a slice of Insn returned by Capstone disasm*() methods.
OwnedInsn: A single disassembled CPU instruction that lives on the Rust heap.
RegId: Represents an register id, which is architecture-specific.

Enums§

Arch: Architectures for the disassembler
Endian: Disassembler endianness
Error: An error enum for this library
ExtraMode: Extra modes or features that can be enabled with some modes
Mode: Disassembler modes
RegAccessType: Represents how the register is accessed.
Syntax: Disassembly syntax

Statics§

NO_EXTRA_MODE: Represents that no extra modes are enabled. Can be passed to Capstone::new_raw() as the extra_mode argument.

Traits§

EnumList: A C-like enum can list its variants

Type Aliases§

CsResult
InsnGroupIdInt: Integer type used in InsnGroupId
InsnIdInt: Integer type used in InsnId
RegIdInt: Integer type used in RegId

Crate capstoneCopy item path