Consider using zydis instead of capstone #10
Comments
|
I won't be doing that work, i spent a significant amount of time upstreaming patches to capstone to support the functionality i needed here. If someone else wants to create a 'ZyDis' disassembler class such as i did for capstone: https://github.com/stevemk14ebr/PolyHook_2_0/blob/master/sources/CapstoneDisassembler.cpp then i would merge that work (if it passed all tests). This library looks cool and i'd like to give people an option, lets actually make use of the work to make the disassembler generic 😄 |
|
We are previous game-hackers as well and originally wrote Zydis as a disassembler to assist our hooking lib (which we never got around to actually build, lol). I suspect you'd find pretty much anything you'll need built in. We provide detailed information on what bytes of the input correspond to what instruction "segments" (disp, imm, ...) out-of-the-box (I suspect this might be what you had to contrib into Capstone since I remember some guy on UC having issues with this a while ago). If something turns out to be missing, we'll be happy to help! |
|
Getting a visit from you here is enough kick in the pants, I'll start working on integration 😋. And yes that's good to hear, that was what I had to upstream to capstone. |
|
There is a usable branch for zydis now. It passes all my tests. I'm going to keep it as a branch forever i think. |
|
zydis is now in master. Both capstone and zydis are stubbed out. It's up to the user which they want to use. |
|
Noice! This will probably also make it easier to maintain for you compared to having two branches requiring constant synchronization. |
|
@athre0z would you be able to resolve microsoft/vcpkg#8426 so i can enable zydis on vcpkg. |
|
I already sank like two days trying to get this thing to build on all platforms, working around bugs and platform specific behavior in vcpkg with this PR and now that I found some constellation where everything appears to be working fine locally on all platforms, it's breaking in their CI in some weird way that I cannot reproduce locally, presumably because of some kind of caching issue. Anyways, I'll try to get it fixed soon(tm). |
|
Yea...cmake can be fun. I wish you luck. Appreciate you attempting it though. |
|
It's merged! |
|
great! @xeropresence would you be interested in taking a look? |
https://github.com/zyantific/zydis
Capstone has a very big size. It was used in x64dbg first and it was replaced with zydis.
The text was updated successfully, but these errors were encountered: