capstone instead of distorm3

[b3mb4m]

Read it, http://www.capstone-engine.org/BHUSA2014-capstone.pdf

import distorm3
from capstone import *
from binascii import hexlify

print distorm3.Decode(0, "\x41", distorm3.Decode32Bits)

md = Cs(CS_ARCH_X86, CS_MODE_32)
for i in md.disasm("\x41", 0x00):
    `print [(i.address, i.size, (i.mnemonic+" "+i.op_str), hexlify(i.bytes))]

  //distorm3 :  [(0L, 1L, 'INC ECX', '41')]
  //capstone :  [(0L, 1, u'inc ecx', '41')]

Ref : https://github.com/aquynh/capstone Ref : http://www.capstone-engine.org/lang_python.html

[kgretzky]

I am familiar with Capstone. I used diStorm3 as I only wanted to retrieve the size of instructions.

[vysecurity]

I implemented mine in Capstone. Good work, saw how you overcame some of the challenges I found too quite differently :)

I was trying to find out how to use "label" functionality in Capstone but did not think it supported it. I wonder how you overcame this? Will take some time to read your source.

[b3mb4m]

I'm just open it for future works(arm,mips,sparc etc. maybe) consider it :)

[kgretzky]

vysec: Capstone, doesn't support labels, but it will give you the destination address of the jump instruction, but you can do it yourself as well easily. What I do then is create labels of my own. I put the disassembled instructions into array of objects and these objects have label parameters if needed. If I stumble upon a jump, I create a new label that I assign to this jump's destination and put also the jump destination label for that jump instruction. That allows me to be later independent from fixed addressing and I can then apply fixes to relative jump offsets as I know exactly to which instruction the jump should point to.

b3mb4m: Of course! Will change that in the future for sure.