Skip to content
gapstone is a Go binding for the capstone disassembly library
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.travis.yml Update .travis.yml Oct 25, 2016
LICENSE minor cleanup and futzing Nov 24, 2013
README.md advertise the next branch Apr 13, 2016
arm.SPEC verify 3.0.4 upstream Jul 16, 2015
arm64.SPEC bulk update, v3 work Sep 7, 2014
arm64_constants.go correct import style Apr 13, 2016
arm64_decomposer.go correct import style Apr 13, 2016
arm64_decomposer_test.go
arm_constants.go correct import style Apr 13, 2016
arm_decomposer.go correct import style Apr 13, 2016
arm_decomposer_test.go correct import style Apr 13, 2016
bench_iter_test.go Limit DisasmIter to go1.7 and onward Jun 21, 2017
engine.go
engine_constants.go updates for 3.0 release Nov 20, 2014
engine_iter.go Limit DisasmIter to go1.7 and onward Jun 21, 2017
errno_test.go replace errno_test Jul 9, 2014
genconst updates for 3.0 release Nov 20, 2014
genspec pull in genspec from next Jun 6, 2015
mips.SPEC updates for 3.0 release Nov 20, 2014
mips_constants.go correct import style Apr 13, 2016
mips_decomposer.go correct import style Apr 13, 2016
mips_decomposer_test.go correct import style Apr 13, 2016
ppc.SPEC updates for 3.0 release Nov 20, 2014
ppc_constants.go correct import style Apr 13, 2016
ppc_decomposer.go correct import style Apr 13, 2016
ppc_decomposer_test.go correct import style Apr 13, 2016
skipdata_test.go bulk update, v3 work Sep 7, 2014
sparc.SPEC update for 3.0.3-rc1 May 2, 2015
sparc_constants.go correct import style Apr 13, 2016
sparc_decomposer.go correct import style Apr 13, 2016
sparc_decomposer_test.go correct import style Apr 13, 2016
sysZ.SPEC xcore tests pass Jul 8, 2014
sysz_constants.go correct import style Apr 13, 2016
sysz_decomposer.go
sysz_decomposer_test.go correct import style Apr 13, 2016
test.SPEC update for 3.0.3-rc1 May 2, 2015
test_detail.SPEC update constants Apr 12, 2016
test_detail_test.go updates for 3.0 release Nov 20, 2014
test_resources_test.go correct import style Apr 13, 2016
test_test.go correct import style Apr 13, 2016
trampoline.go correct import style Apr 13, 2016
travis_install_capstone_stable.sh need make as well as make install Jul 17, 2015
version_test.go remove pkg-config support ( and boring refctoring ) Apr 12, 2014
x86.SPEC
x86_constants.go correct import style Apr 13, 2016
x86_decomposer.go correct import style Apr 13, 2016
x86_decomposer_test.go
xcore.SPEC verify 3.0.4 upstream Jul 16, 2015
xcore_constants.go correct import style Apr 13, 2016
xcore_decomposer.go
xcore_decomposer_test.go correct import style Apr 13, 2016

README.md

gapstone

Gapstone is a Go binding for the Capstone disassembly library.

CURRENT UPSTREAM VERSION: 3.0.4

Build Status

(head over to the next branch for the newest stuff)

SUMMARY

( FROM THE CAPSTONE README )

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.

Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features:

  • Support multiple hardware architectures: ARM, ARM64 (ARMv8), Mips, PPC, Sparc, SystemZ, XCore and X86.

  • Having clean/simple/lightweight/intuitive architecture-neutral API.

  • Provide details on disassembled instruction (called “decomposer” by others).

  • Provide semantics of the disassembled instruction, such as list of implicit registers read & written.

  • Implemented in pure C language, with lightweight wrappers for C++, C#, Go, Java, NodeJS, Ocaml, Python, Ruby & Vala ready (available in main code, or provided externally by the community).

  • Native support for all popular platforms: Windows, Mac OSX, iOS, Android, Linux, *BSD, Solaris, etc.

  • Thread-safe by design.

  • Special support for embedding into firmware or OS kernel.

  • Distributed under the open source BSD license.

Further information is available at http://www.capstone-engine.org

To install:

First install the capstone library from either https://github.com/aquynh/capstone or http://www.capstone-engine.org

Then, assuming you have set up your Go environment according to the docs, just:

go get -u github.com/bnagy/gapstone

Tests are provided. You should probably run them.

cd $GOPATH/src/github.com/bnagy/gapstone
go test

To start writing code:

Take a look at the examples *_test.go

Here's "Hello World":

package main

import (
    "github.com/bnagy/gapstone"
    "log"
)

func main() {

    engine, err := gapstone.New(
        gapstone.CS_ARCH_X86,
        gapstone.CS_MODE_32,
    )

    if err == nil {

        defer engine.Close()

        maj, min := engine.Version()
        log.Printf("Hello Capstone! Version: %v.%v\n", maj, min)

        var x86Code32 = "\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34" +
            "\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91" +
            "\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00" +
            "\x8d\x87\x89\x67\x00\x00\xb4\xc6"

        insns, err := engine.Disasm(
            []byte(x86Code32), // code buffer
            0x10000,           // starting address
            0,                 // insns to disassemble, 0 for all
        )

        if err == nil {
            log.Printf("Disasm:\n")
            for _, insn := range insns {
                log.Printf("0x%x:\t%s\t\t%s\n", insn.Address, insn.Mnemonic, insn.OpStr)
            }
            return
        }
        log.Fatalf("Disassembly error: %v", err)
    }
    log.Fatalf("Failed to initialize engine: %v", err)
}

Autodoc is available at http://godoc.org/github.com/bnagy/gapstone

Contributing

If you feel like chipping in, especially with better tests or examples, fork and send me a pull req.

Library Author: Nguyen Anh Quynh
Binding Author: Ben Nagy
License: BSD style - see LICENSE file for details

(c) 2013 COSEINC. All Rights Reserved.
You can’t perform that action at this time.