Linux/MacOS 
|
Windows
|
FreeBSD
Bindings to the capstone library disassembly framework.
capstone-rs uses the capstone-sys crate to provide the low-level bindings to the Capstone C library.
See the capstone-sys page for the requirements and supported platforms.
1.29.2 or later```rust extern crate capstone;
use capstone::prelude::*;
const X86_CODE: &'static [u8] = b"\x55\x48\x8b\x05\xb8\x13\x00\x00\xe9\x14\x9e\x08\x00\x45\x31\xe4";
/// Print register names
fn regnames
/// Print instruction group names
fn groupnames
fn example() -> CsResult<()> { let cs = Capstone::new() .x86() .mode(arch::x86::ArchMode::Mode64) .syntax(arch::x86::ArchSyntax::Att) .detail(true) .build()?;
let insns = cs.disasm_all(X86_CODE, 0x1000)?;
println!("Found {} instructions", insns.len());
for i in insns.iter() {
println!("");
println!("{}", i);
let detail: InsnDetail = cs.insn_detail(&i)?;
let output: &[(&str, String)] =
&[
("read regs:", reg_names(&cs, detail.regs_read())),
("write regs:", reg_names(&cs, detail.regs_write())),
("insn groups:", group_names(&cs, detail.groups())),
];
for &(ref name, ref message) in output.iter() {
println!(" {:12} {}", name, message);
}
}
Ok(())
}
fn main() { if let Err(err) = example() { println!("Error: {}", err); } } ```
Produces:
``` Found 4 instructions
0x1000: pushq %rbp read regs: rsp write regs: rsp insn groups: mode64
0x1001: movq 0x13b8(%rip), %rax read regs: write regs: insn groups:
0x1008: jmp 0x8ae21 read regs: write regs: insn groups: jump
0x100d: xorl %r12d, %r12d read regs: write regs: rflags insn groups: ```
To see more demos, see the examples/ directory.
More complex demos welcome!
alloc_system: use the system allocator instead of the default Rust allocator.
Useful for running Valgrind.
Please open a Github issue
You may find a full list of contributors on Github.