BI商业智能>> capstone-d>> 返回
项目作者: bohlender

项目描述 :
D bindings for the Capstone disassembly framework
高级语言: D
项目地址: git://github.com/bohlender/capstone-d.git
创建时间: 2018-06-13T13:09:21Z
项目社区:https://github.com/bohlender/capstone-d
开源协议:MIT License
下载


Build Status
codecov

capstone-d

What is this?

This package implements idiomatic D bindings for version 4.0 of Capstone - the disassembly framework powering many reverse engineering tools. If you do not need the expressivity and safety of D but just the plain C API in D, non-idiomatic bindings might be just what you’re looking for.

Examples

Introductory Example

The following D code uses these bindings for a concise implementation of the introductory example for the original C library.

  1. import std.format;
  2. import std.stdio;
  4. import capstone;
  6. auto CODE = cast(ubyte[])"\x55\x48\x8b\x05\xb8\x13\x00\x00";
  8. void main(){
  9.     auto cs = create(Arch.x86, ModeFlags(Mode.bit64));
  10.     auto res = cs.disasm(CODE, 0x1000);
  11.     foreach(instr; res)
  12.         writefln!"0x%x:\t%s\t\t%s"(instr.address, instr.mnemonic, instr.opStr);
  13. }

Running this will disassemble the byte sequence \x55\x48\x8b\x05\xb8\x13\x00\x00 on a x86_64 architecture and output the following

  1. 0x1000: push            rbp
  2. 0x1001: mov             rax, qword ptr [rip + 0x13b8]

Querying the library’s capabilities

If you wanted to determine which architectures are supported by the capstone library that you have installed on your system, you could do so as follows:

  1. import std.format;
  2. import std.stdio;
  3. import std.traits;
  5. import capstone;
  7. void main(){
  8.     writefln!"Version: %s (lib), %s (bindings)"(versionOfLibrary, versionOfBindings);
  9.     writeln("Querying Support:");
  10.     foreach(query; EnumMembers!SupportQuery)
  11.         writefln!"%-10s: %s"(query, supports(query));
  12. }

In my case, after compiling version 4.0 for Arch Linux, this will output

  1. Version: 4.0 (lib), 4.0 (bindings)
  2. Querying Support:
  3. arm       : true
  4. arm64     : true
  5. mips      : true
  6. x86       : true
  7. ppc       : true
  8. sparc     : true
  9. sysz      : true
  10. xcore     : true
  11. m68k      : true
  12. tms320c64x: true
  13. m680x     : true
  14. evm       : true
  15. all       : true
  16. diet      : false
  17. x86reduce : false

How to include this in your project

The package is available in the D package management s.t. it suffices to add capstone-d as a dependency in the dub.json of your project.
Furthermore, the examples folder contains a basic project to get you started.

F.A.Q.

The C API had cs_op_count to count an instruction’s number of operands of a givenType. Why is it missing?

Because this can easily be accomplished in D as follows:

  1. auto number = operands.count!(op => op.type == givenType)

In the C API, if you want to iterate over an instruction’s operands of a given type, you first have to determine those operands’ indices in the operands array. To this end the C API provides cs_op_index to determine the index of an instruction’s k-th operand of a givenType in the operands array. Why is this function missing in these bindings?

Because in D, accessing operands of a given type is easier than using such a function:

  1. auto opsOfGivenType = operands.filter!(op => op.type == givenType)

How to determine an instruction’s length in bytes ?

Unlike in the C API, an instruction instr does indeed not have a size member. In D, arrays & slices have length, so you can simpliy use instr.bytes.length.

Contribute

If you find bugs or think that something could be improved, simply create an according issue.
If you want to tackle an issue or contribute to the bindings feel free to create a pull request.