Just found this, looks like a cool project!
Just some comments on how Capstone engine is used:
-
Latest version 3.0.2 is more complete, smaller & faster than v2.1.2, so please update.
-
The API cs_disasm_ex() is still supported (but deprecated) but it is better to use the new API name cs_disasm() now.
-
Rather than checking instruction mnemonic string, you can use instruction id (cs_insn.id), such as X86_INS_JAE, for example.
-
In Capstone 3.0.2, you can easily check if an instruction is a JUMP instruction by using the API cs_insn_group() with group id X86_GRP_JUMP, like followings:
if (cs_insn_group(handle, insn, X86_GRP_JUMP)) { /* this is a jump instruction */ }
We also have other groups such for CALL, INT, IRET etc. See x86.h for more info.
-
For more details, see tests\test_x86.c on how to take advantage of some other API (such as turning on DETAIL mode for above instruction details)
Thanks.
Just found this, looks like a cool project!
Just some comments on how Capstone engine is used:
Latest version 3.0.2 is more complete, smaller & faster than v2.1.2, so please update.
The API
cs_disasm_ex()is still supported (but deprecated) but it is better to use the new API namecs_disasm()now.Rather than checking instruction mnemonic string, you can use instruction id (
cs_insn.id), such asX86_INS_JAE, for example.In Capstone 3.0.2, you can easily check if an instruction is a JUMP instruction by using the API
cs_insn_group()with group idX86_GRP_JUMP, like followings:if (cs_insn_group(handle, insn, X86_GRP_JUMP)) { /* this is a jump instruction */ }
We also have other groups such for CALL, INT, IRET etc. See
x86.hfor more info.For more details, see
tests\test_x86.con how to take advantage of some other API (such as turning on DETAIL mode for above instruction details)Thanks.