Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / capstone / d70e2b286a7466ab8ed6895213acc24e52b8b2fa
commitd70e2b286a7466ab8ed6895213acc24e52b8b2fa[log] [tgz]
authorbeatcracker <beatcracker@users.noreply.github.com>Tue Sep 11 07:50:55 2018 +0300
committerNguyen Anh Quynh <aquynh@gmail.com>Tue Sep 11 12:50:55 2018 +0800
treec66730a7c10fe309b53d31bdd23a99ca33435ef6
parentc3bc95b4a10a35891f56c929640d39c6946c9ad8 [diff]
Update PowerShell bindings (#1239)

* Remove trailing whitespace

* ~2x speedup by removing array appending

More info: https://powershell.org/2013/09/16/powershell-performance-the-operator-and-when-to-avoid-it/

* Import inline C# conditionally

Avoids errors when importing module using "-Force"

* Throw exception on missing DLL

+ use idiomatic PowerShell

* Throw exception on errors

+ use idiomatic PowerShell

* Throw exception on errors

+ use idiomatic PowerShell

* Use idiomatic PowerShell

* Fix DLL path escaping

* Add native PowerShell formatting

Instruction address will display as "0xdeadbeef" in console output, but the actual value will be stored as appropriate integer type.

This allows to use "Address" property directly in code that relies on Get-Capstone disasselbly w/o type conversion.

The original module author was using hex-strings, because when you add things in PowerShell like this:  $Integer + '0xFF' , PowerShell will cast everything to the type of the first operand. And it's smart enough to cast hex-string to integer.

Example: https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Trace-Execution.ps1#L195

But this is unreliable and moreover, PowerShell has peculiar quirks when casting hex-strings: https://github.com/PowerShell/PowerShell/issues/3313

* Move Capstone init to separate function

* Add Get-CaptoneVersion function

Which resturns "version" object. Also add back erroneously deleted "return" to Get-CapstoneDisassembly -Version and convert it to advanced function.

* Fix help text

* Replace double quotes with single quotes where appropriate

* No need to assign $null to switch params

* Make return usage more obvious

* No need for double quotes in version banner

* Add space after comma

* ~3x speedup by removing New-Object usage. Requires PS 3.0

* Cosmetic fixes

* Remove PS 2.0 compatibility code

* Fix PSScriptAnalyzer warnings

* Don't load module if inline C# doesn't compile

* Return actual instruction bytes

* Fix version function

* Use lowercase for accelerators

* Remove "Mandatory = $False" since it's default

* Add spaces around "=" and ";"

* Use lowercase for built-in variables

* Tabs -> Spaces

* Update help

* Use standard manifest

* UTF-8, no BOM

* Remove remaining New-Object invocations

* Bump module version (semver anyone?)

* Restore PSv2 compatibility

Use [pscustomobject]/New-Object based on reported PS version.

* Tabs -> Spaces

* Update authors
3 files changed
tree: c66730a7c10fe309b53d31bdd23a99ca33435ef6
  1. arch/
  2. bindings/
  3. contrib/
  4. cstool/
  5. docs/
  6. include/
  7. msvc/
  8. packages/
  9. suite/
  10. tests/
  11. windows/
  12. windowsce/
  13. xcode/
  14. .appveyor.yml
  15. .gitattributes
  16. .gitignore
  17. .travis.yml
  18. capstone.pc.in
  19. ChangeLog
  20. CMakeLists.txt
  21. COMPILE.TXT
  22. COMPILE_CMAKE.TXT
  23. COMPILE_MSVC.TXT
  24. config.mk
  25. CREDITS.TXT
  26. cs.c
  27. cs_priv.h
  28. functions.mk
  29. HACK.TXT
  30. LEB128.h
  31. LICENSE.TXT
  32. LICENSE_LLVM.TXT
  33. make.sh
  34. Makefile
  35. MathExtras.h
  36. MCDisassembler.h
  37. MCFixedLenDisassembler.h
  38. MCInst.c
  39. MCInst.h
  40. MCInstrDesc.c
  41. MCInstrDesc.h
  42. MCRegisterInfo.c
  43. MCRegisterInfo.h
  44. nmake-x86.bat
  45. nmake.bat
  46. pkgconfig.mk
  47. README.md
  48. RELEASE_NOTES
  49. SStream.c
  50. SStream.h
  51. TODO
  52. utils.c
  53. utils.h
README.md

Capstone Engine

Build Status Build status

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.

Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features:

  • Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).

  • Having clean/simple/lightweight/intuitive architecture-neutral API.

  • Provide details on disassembled instruction (called “decomposer” by others).

  • Provide semantics of the disassembled instruction, such as list of implicit registers read & written.

  • Implemented in pure C language, with lightweight bindings for Clojure, F#, Common Lisp, Visual Basic, PHP, PowerShell, Emacs, Haskell, Perl, Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml, Lua, Rust, Delphi, Free Pascal & Vala ready either in main code, or provided externally by the community).

  • Native support for all popular platforms: Windows, Mac OSX, iOS, Android, Linux, *BSD, Solaris, etc.

  • Thread-safe by design.

  • Special support for embedding into firmware or OS kernel.

  • High performance & suitable for malware analysis (capable of handling various X86 malware tricks).

  • Distributed under the open source BSD license.

Further information is available at http://www.capstone-engine.org

Compile

See COMPILE.TXT file for how to compile and install Capstone.

Documentation

See docs/README for how to customize & program your own tools with Capstone.

Hack

See HACK.TXT file for the structure of the source code.

License

This project is released under the BSD license. If you redistribute the binary or source code of Capstone, please attach file LICENSE.TXT with your products.