Capstone – Multi-platform, Multi-architecture Disassembly Framework


Capstone is a lightweight multi-platform, multi-architecture disassembly framework. The target of the author is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.

It is one of a very few disassembly frameworks that can support multi-architectures. So far, it can handle 4 most important architectures: ARM, ARM64 (aka ARMv8/AArch64), Mips & X86. More will be added in the future when possible.

Implemented in pure C language, Capstone is easy to be adopted for your low-level tool. Furthermore, lightweight & efficient bindings for popular languages such as Python, Ruby, OCaml, C#, Java & Go are also available.

Note that all of our the bindings are all manually coded, since we do not want to rely on bloated SWIG for wrapping.

Features

  • Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86 (more details).
  • Clean/simple/lightweight/intuitive architecture-neutral API.
  • Provide details on disassembled instruction (called “decomposer” by others).
  • Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
  • Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.
  • Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).
  • Thread-safe by design.
  • Distributed under the open source BSD license.

You can download Capstone source here:

capstone-1.0.tgz

Or read more here.

Posted in: Hacking Tools, Secure Coding, Security Software

, ,


Latest Posts:


Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.


Comments are closed.