/capstone-rs

high-level Capstone system bindings for Rust

Primary LanguageRustMIT LicenseMIT

capstone-rs

Crates.io Badge Travis CI Badge Appveyor CI Badge codecov

API Documentation

Bindings to the capstone library disassembly framework.

Requirements

capstone-rs uses the capstone-sys crate to provide the low-level bindings to the Capstone C library.

See the capstone-sys GitHub page for the requirements and supported platforms.

  • Minimum Rust Version: 1.23.0 or later

Example

extern crate capstone;

use capstone::prelude::*;

const CODE: &'static [u8] =
    b"\x55\x48\x8b\x05\xb8\x13\x00\x00\xe8\x4a\xed\xff\xff\xe9\x14\x9e\x08\x00\x45\x31\xe4";

/// Print register names
fn reg_names<T, I>(cs: &Capstone, regs: T) -> String
where
    T: Iterator<Item = I>,
    I: Into<u64>,
{
    let names: Vec<String> = regs.map(|x| cs.reg_name(x.into()).unwrap()).collect();
    names.join(", ")
}

/// Print instruction group names
fn group_names<T, I>(cs: &Capstone, regs: T) -> String
where
    T: Iterator<Item = I>,
    I: Into<u64>,
{
    let names: Vec<String> = regs.map(|x| cs.group_name(x.into()).unwrap()).collect();
    names.join(", ")
}

fn example() -> CsResult<()> {
    let cs = Capstone::new()
        .x86()
        .mode(arch::x86::ArchMode::Mode64)
        .syntax(arch::x86::ArchSyntax::Att)
        .detail(true)
        .build()?;

    let insns = cs.disasm_all(CODE, 0x1000)?;
    println!("Found {} instructions", insns.len());
    for i in insns.iter() {
        println!("");
        println!("{}", i);
        let output: &[(&str, String)] =
            &[
                (
                    "read regs:",
                    reg_names(&cs, cs.read_register_ids(&i)?.iter().map(|x| *x)),
                ),
                (
                    "write regs:",
                    reg_names(&cs, cs.write_register_ids(&i)?.iter().map(|x| *x)),
                ),
                (
                    "insn groups:",
                    group_names(&cs, cs.insn_group_ids(&i)?.iter().map(|x| *x)),
                ),
            ];
        for &(ref name, ref message) in output.iter() {
            println!("    {:12} {}", name, message);
        }
    }
    Ok(())
}

fn main() {
    if let Err(err) = example() {
        println!("Error: {}", err);
    }
}

Produces:

Found 5 instructions

0x1000: pushq %rbp
    read regs:   rsp
    write regs:  rsp
    insn groups: mode64

0x1001: movq 0x13b8(%rip), %rax
    read regs:
    write regs:
    insn groups:

0x1008: callq 0xfffffffffffffd57
    read regs:   rsp
    write regs:
    insn groups: call, mode64

0x100d: jmp 0x8ae26
    read regs:
    write regs:
    insn groups: jump

0x1012: xorl %r12d, %r12d
    read regs:
    write regs:  rflags
    insn groups:

To see more demos, see the examples/ directory. More complex demos welcome!

Features

alloc_system: use the system allocator instead of the default Rust allocator. This feature is only available on Rust 1.28 and later. Useful for running valgrind.

Reporting Issues

Please open a Github issue

Author

You may find a full list of contributors on Github.

License

MIT