Wrong disassembly

[Arc157]

Hello, so I compiled capstone for android using android-ndk-r20-x86_64 on Linux Ubuntu 20.04. I implemented the produced shared libraries into my project but it didn't work because I got an UnsatisfiedLinkError. I fixed this by using patchelf, to patch the used libcapstone.so.5 in the library to use libcapstone.so instead. I've been wondering if patchelf corrupted the library in some way. Anyway, I came up with this code to use the API:

void assemble(ks_arch arch, ks_mode mode, const char *assembly) {
    ks_engine* mHandle;
    size_t count;
    unsigned char *encode = nullptr;
    size_t size;

    ks_err mOpen = ks_open(arch, mode, &mHandle);
    if (mOpen == KS_ERR_OK) {
        if (ks_asm(mHandle, assembly, 0, &encode, &size, &count) == KS_ERR_OK) {
            for (size_t i = 0; i < size; i++) {
                __android_log_print(ANDROID_LOG_ERROR, "Hook", "%02x", encode[i]);
            }
        } else {
            ks_errno(mHandle);
            __android_log_print(ANDROID_LOG_ERROR, "Hook", "Failed to assemble!");
        }
    } else {
        __android_log_print(ANDROID_LOG_ERROR, "Hook", "Failed to open: %u", mOpen);
    }

    ks_free(encode);
    ks_err mClose = ks_close(mHandle);
    if (mClose == KS_ERR_OK) {
        __android_log_print(ANDROID_LOG_ERROR, "Hook", "Successfully closed!");
    } else {
        __android_log_print(ANDROID_LOG_ERROR, "Hook", "Failed to close: %u", mClose);
    }
}

void disassemble(cs_arch arch, cs_mode mode, const char *hex) {
    csh mHandle;
    cs_insn* mInstruction;

    cs_err mOpen = cs_open(arch, mode, &mHandle);
    if (mOpen == CS_ERR_OK) {
        size_t mDisassembly = cs_disasm(mHandle, (unsigned char*)hex, sizeof(hex), 0x0, 0, &mInstruction);
        char buffer[500];
        for (size_t i = 0; i < mDisassembly; i++) {
            sprintf(buffer, "%s %s", mInstruction[i].mnemonic, mInstruction[i].op_str);
            __android_log_print(ANDROID_LOG_ERROR, "Hook", "%s", buffer);
        }
        cs_free(mInstruction, mDisassembly);
    } else {
        __android_log_print(ANDROID_LOG_ERROR, "Hook", "Failed to open: %u", mOpen);
    }

    cs_err mClose = cs_close(&mHandle);
    if (mClose == CS_ERR_OK) {
        __android_log_print(ANDROID_LOG_ERROR, "Hook", "Successfully closed!");
    } else {
        __android_log_print(ANDROID_LOG_ERROR, "Hook", "Failed to close: %u", mClose);
    }
}

This is how I called the disassemble function. The other assemble function works just fine.

disassemble(CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN, "\x1F\x20\x03\xD5");

The produced result is:

nop 
orr w0, w8, #0x3ff0000

This is wrong because I only need the nop code. Here are the capstone (and keystone) shared libraries: capstone.zip. If somebody could help me fix this issue it would be fascinating! Thank you!

[Arc157]

Looks like the issue was from the patchelf library. Hopefully nobody else runs into this problem!