capstone-d 1.0.0

D bindings for the Capstone disassembly framework


To use this package, run the following command in your project's root directory:

Manual usage
Put the following dependency into your project's dependences section:


This package provides sub packages which can be used individually:

capstone-d:example-basic - Basic example usage of the bindings

Build Status codecov

capstone-d

What is this?

This package implements idiomatic D bindings for version 3.0.5 of Capstone - the disassembly framework powering many reverse engineering tools. If you do not need the expressivity and safety of D but just the plain C API in D, non-idiomatic bindings might be just what you're looking for.

Examples

Introductory Example

The following D code uses these bindings for a concise implementation of the introductory example for the original C library.

import std.format;
import std.stdio;

import capstone;

auto CODE = cast(ubyte[])"\x55\x48\x8b\x05\xb8\x13\x00\x00";

void main(){
    auto cs = Capstone.create(Arch.x86, ModeFlags(Mode.bit64));
    auto res = cs.disasm(CODE, 0x1000);
    foreach(instr; res)
        writefln!"0x%x:\t%s\t\t%s"(instr.address, instr.mnemonic, instr.opStr);
}

Running this will disassemble the byte sequence \x55\x48\x8b\x05\xb8\x13\x00\x00 on a x86_64 architecture and output the following

0x1000: push            rbp
0x1001: mov             rax, qword ptr [rip + 0x13b8]

Querying the library's capabilities

If you wanted to determine which architectures are supported by the capstone library that you have installed on your system, you could do so as follows:

import std.format;
import std.stdio;
import std.traits;

import capstone;

void main(){
    writefln!"Version: %s (lib), %s (bindings)"(versionOfLibrary, versionOfBindings);
    writeln("Querying Support:");
    foreach(query; EnumMembers!SupportQuery)
        writefln!"%-10s: %s"(query, supports(query));
}

In my case, using the precompiled version 3.0.5 for Arch Linux, this will output

Version: 3.0 (lib), 3.0 (bindings)
Querying Support:
arm       : true
arm64     : true
mips      : true
x86       : true
powerPc   : true
sparc     : true
systemZ   : true
xCore     : true
all       : true
diet      : false
x86Reduce : false

How to include this in your project

The package is available in the D package management s.t. it suffices to add capstone-d as a dependency in the dub.json of your project. Furthermore, the examples folder contains a basic project to get you started.

F.A.Q.

The C API had cs_op_count to count an instruction's number of operands of a givenType. Why is it missing?

Because this can easily be accomplished in D as follows:

auto number = operands.count!(op => op.type == givenType)

In the C API, if you want to iterate over an instruction's operands of a given type, you first have to determine those operands' indices in the operands array. To this end the C API provides cs_op_index to determine the index of an instruction's k-th operand of a givenType in the operands array. Why is this function missing in these bindings?

Because in D, accessing operands of a given type is easier than using such a function:

auto opsOfGivenType = operands.filter!(op => op.type == givenType)

How to determine an instruction's length in bytes ?

Unlike in the C API, an instruction instr does indeed not have a size member. In D, arrays & slices have length, so you can simpliy use instr.bytes.length.

Contribute

Keep in mind that the bindings are still under development, but you can always create an issue if you find bugs or think that something could be improved. If you want to tackle an issue or contribute to the plugin feel free to create a pull request.

Authors:
  • Dimitri Bohlender
Sub packages:
capstone-d:example-basic
Dependencies:
none
Versions:
2.1.1 2020-Oct-13
2.1.0 2019-Jun-08
2.0.0 2019-May-21
1.0.0 2018-Dec-25
0.1.0 2018-Oct-29
Show all 7 versions
Download Stats:
  • 0 downloads today

  • 3 downloads this week

  • 4 downloads this month

  • 77 downloads total

Score:
1.0
Short URL:
capstone-d.dub.pm