[HN Gopher] Capstone Disassembler Framework
       ___________________________________________________________________
        
       Capstone Disassembler Framework
        
       Author : xvilka
       Score  : 53 points
       Date   : 2024-09-25 15:48 UTC (7 hours ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | jstrieb wrote:
       | Capstone is very useful!
       | 
       | Someone (not me) has also cross-compiled Capstone to WebAssembly
       | so it can be used in client-side browser applications.
       | 
       | https://alexaltea.github.io/capstone.js/
       | 
       | I've used this in a couple of projects to support disassembly in
       | static web apps with no back end.
        
       | post-factum wrote:
       | It is also used in one of the Linux kernel debuggers:
       | https://codeberg.org/pf-kernel/crush
        
         | xvilka wrote:
         | Haha, I noticed you had this commit https://codeberg.org/pf-
         | kernel/crush/commit/24c19bfacc7fff64...
         | 
         | Upcoming v6 release (current 'next' branch) of the capstone
         | updated SystemZ (S390) significantly, so it should work even
         | better now.
        
       | stonethrowaway wrote:
       | I think it's incredible this is implemented in C. Well done!
        
         | xvilka wrote:
         | It uses semi-automatic mechanism[1][2] of generating C code
         | from the LLVM sources (TableGen files).
         | 
         | [1] https://github.com/capstone-
         | engine/capstone/blob/next/suite/...
         | 
         | [2] https://github.com/capstone-
         | engine/capstone/blob/next/docs/A...
        
       | smolsky wrote:
       | It's difficult to find a succinct overview. Here is a slide deck
       | buried among links: http://www.capstone-
       | engine.org/BHUSA2014-capstone.pdf
        
         | tptacek wrote:
         | Capstone is sort of an "industry standard" open source multi-
         | architectural disassembler library, especially for security
         | tooling.
         | 
         | This is a useful page to get a sense of what it's about (ie,
         | what you're getting out of it vs. something more like objdump):
         | 
         | https://www.capstone-engine.org/beyond_llvm.html
        
       | woodruffw wrote:
       | Capstone supports an impressive breadth of architectures.
       | However, if all you need is x86/AMD64 decoding and disassembly,
       | there are much higher quality (in terms of accurate decoding)
       | libraries out there.
       | 
       | I wrote a differential fuzzer for x86 decoders a few years ago,
       | and XED and Zydis generally performed far better (in terms of
       | accuracy) than Capstone[1]. And on the Rust side, yaxpeax and
       | iced-x86 perform very admirably.
       | 
       | [1]:
       | https://blog.trailofbits.com/2019/10/31/destroying-x86_64-in...
        
         | canucker2016 wrote:
         | Did you mean x86/x64 decoding?
         | 
         | Looking at the libs, none of them seem to mention ARM64 inst.
         | decoding.
        
           | woodruffw wrote:
           | Yep, I meant AMD64, fixed.
        
       | deoxykev wrote:
       | Imhex is a really great frontend for Capstone.
       | https://github.com/WerWolv/ImHex
        
       | nicolodev wrote:
       | Another good replacement for capstone/keystone based on LLVM is
       | nyxstone https://github.com/emproof-com/nyxstone
        
         | ashvardanian wrote:
         | It looks pretty promising! How would you compare the
         | strengths/weaknesses?
        
       | Cieric wrote:
       | Haven't had a chance to use capstone yet, but a project I really
       | like happens to use it.
       | 
       | https://github.com/xoreaxeaxeax/sandsifter
        
       ___________________________________________________________________
       (page generated 2024-09-25 23:00 UTC)