Consider Differentiating Between "no more instructions" and "invalid instruction"
uxmal opened this issue · 3 comments
It seems there is no way for a client program to distinguish the situation when the last instruction in the provided byte range has been read from when an invalid instruction has been encountered. It would be highly useful if it were possible to detect the difference.
Perhaps this is a limitation in the native Capstone interface. If so, let me know and I will raise the issue there.
As a suggestion, if an invalid instruction is encountered, have the Id property return Invalid. Again, it's possible this might need to be done at the native level.
Capstone implementation of cs_disasm is rather clear. It iterates over the input code buffer you provide until the end of it.
If cs_disasm can consume all the bytes without error, the function returns with a success return code.
If for some reason an error is encountered (either invalid or incomplete instruction), the function checks for the SKIPDATA option being set on the disassembler. If it's not, the function aborts with an error. If it is set, there is two options :
- A callback function has been configured on the disassembler to be invoked in such case. The function is invoked with some context and will decide how many bytes to skip.
- No callback function is defined,
cs_disasmuses an hard coded value that is architecture dependent and that you can't modify from outside Capstone. For x86 this is 1 byte.
TL;DR : The easiest way for you is to use the Capstone.NET CapstoneImport.SetOption function with DisassembleOptionType.SkipData and turn option on. Caveat, you are not explicitly notified of skipped bytes between instructions. The other way using a callback is for Interop gurus.
So 3 years later and the API now exposes a property that allows you to determine this easily in V2.0.0. For those that are interested, please see this WIKI article. Thank you for your patience.