Capstone is a lightweight multi-platform, multi-architecture disassembly framework. The target of the author is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
It is one of a very few disassembly frameworks that can support multi-architectures. So far, it can handle 4 most important architectures: ARM, ARM64 (aka ARMv8/AArch64), Mips & X86. More will be added in the future when possible.
Implemented in pure C language, Capstone is easy to be adopted for your low-level tool. Furthermore, lightweight & efficient bindings for popular languages such as Python, Ruby, OCaml, C#, Java & Go are also available.
Note that all of our the bindings are all manually coded, since we do not want to rely on bloated SWIG for wrapping.
- Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86 (more details).
- Clean/simple/lightweight/intuitive architecture-neutral API.
- Provide details on disassembled instruction (called “decomposer” by others).
- Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
- Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.
- Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).
- Thread-safe by design.
- Distributed under the open source BSD license.
You can download Capstone source here:
Or read more here.