Disassimpl is a simple, multi-architecture (or at least it is supposed to be), multi-mode disassembly utility powered by the Capstone Disassembly Engine found here. It uses Python's Capstone module and said module is accessed from the Python C API. This adds a few more dependencies, but avoids some of the annoying issues with the Capstone C API. If you're installing a disassembler, you probably won't mind installing a couple Python3 modules anyway, so.
Please note, a large portion of this utility has not been tested, and some architectures may not even disassemble correctly. Considering this entire project is less than 1000 lines, I am even more confident it will break on some challenges. Furthermore, this isn't even a stable release. I still have concepts in mind that shall be added, so I wouldn't even call this version 1.0; it will likely stay this way for a bit. The only well-tested portion of Disassimpl's functionality is the extraction of the file structure from binaries, but the disassembly function is largely untested (and visibly misbehaves on PPC and MIPS-esc architectures).
Disassimpl's help menu has various options available in it, even this early in its release. Below you can find a list of its current commands that can be found in the help menu (accessed via -h):
[-a ARG] used to set Disassimpl to a certain architecture during disassembly (default: X86).
[-m ARG] used to set Disassimpl to a certain mode during disassembly (default: LEM).
[-d] used to set Debug mode on; should never need this (unless you want to see cool stuff) (default: off).
[-f ARG] used to set the full path to the target binary to be disassembled.
[-h] used to forcefully display the help menu.
[-i] used to set Disassimpl into information mode, rather than disassembly mode (default: off).
[-o ARG] used to set the path to an output file to save results, if wanted (default: None).
As stated above, Disassimpl is supposed to support multiple architectures. Below is the list of supposedly supported architectures:
- ARM | ARM architecture (including Thumb, Thumb-2)
- ARM64 | ARM-64, also called AArch64
- MIPS | Mips architecture
- X86 | X86 architecture (including x86 & x86-64)
- PPC | PowerPC architecture
- SPARC | Sparc architecture
- SYSZ | SystemZ architecture
- XCORE | XCore architecture
- EVM | Ethereum architecture
- LEM | little-endian mode (default mode)
- ARM | ARM mode
- 16 | 16-bit mode (X86)
- 32 | 32-bit mode (X86)
- 64 | 64-bit mode (X86, PPC)
- THUMB | ARM's Thumb mode, including Thumb-2
- MCLASS | ARM's Cortex-M series
- V8 | ARMv8 A32 encodings for ARM
- V9 | SparcV9 mode (Sparc)
- MICRO | MicroMips mode (MIPS)
- MIPS3 | Mips III ISA
- MIPS2 | Mips II ISA
- MIPS32R6 | Mips32r6 ISA
- QPX | Quad Processing eXtensions mode (PPC)
- BEM | big-endian mode
- MIPS32 | Mips32 ISA (Mips)
- MIPS64 | Mips64 ISA (Mips)
A view of the help menu:
A view of PE and ELF file structure extractions:
A view of a disassembled SparcV8 binary:
- Notes
- All exported files keep their original in-console format.
- No, there is not supposed to be an E at the end of the name.
- To-do
- Test, test, and test some more.
- Get some criticism.