[New Tool] Capstone Disassembly Engine v3.0 Released

Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Features

• Multi-architectures: Arm, Arm64 (Armv8), Mips, PowerPC, Sparc, SystemZ, XCore & X86 (include X86_64) (details).
• Clean/simple/lightweight/intuitive architecture-neutral API.
• Provide details on disassembled instruction (called “decomposer” by some others).
• Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
• Implemented in pure C language, with bindings for Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml & Vala available.
• Native support for Windows & *nix (with Mac OSX, iOS, Android, Linux, *BSD & Solaris confirmed).
• Thread-safe by design.
• Special support for embedding into firmware or OS kernel.
• High performance & suitable for malware analysis (capable of handling various X86 malware tricks).
• Distributed under the open source BSD license.

Changelog v3.0

API changes

• New API cs_disasm_iter & cs_malloc. See online doc at http://capstone-engine.org/iteration.html
• Renamed API cs_disasm_ex to cs_disasm (cs_disasm_ex is still supported, but marked obsolete to be removed in future)
• Support SKIPDATA mode, so Capstone can jump over unknown data and keep going from the next legitimate instruction.
• More details provided in cs_detail struct for all architectures.
• API version was bumped to 3.0.

Bindings support

• Python binding supports Python3 (besides Python2).
• Support Ocaml binding.

Architectures

• New architectures: Sparc, SystemZ & XCore.
• Important bugfixes for Arm, Arm64, Mips, PowerPC & X86.
• Support more instructions for Arm, Arm64, Mips, PowerPC & X86.
• Always expose absolute addresses rather than relative addresses (Arm, Arm64, Mips, PPC, Sparc, X86).
• Use common instruction operand types REG, IMM, MEM & FP across all architectures (to enable cross-architecture analysis).
• Use common instruction group types across all architectures (to enable cross-architecture analysis).

X86

• X86 engine is mature & handles all the malware tricks (that we are aware of).
• Added a lot of new instructions (such as AVX512, 3DNow, etc).
• Add prefixed symbols X86_PREFIX_REP/REPNE/LOCK/CS/DS/SS/FS/GS/ES/OPSIZE/ADDRSIZE (x86.h).
• Print immediate in positive form & hexadecimal for AND/OR/XOR instructions.
• More friendly disassembly for JMP16i (in the form segment:offset)

Mips

• Engine added supports for new hardware modes: Mips32R6 (CS_MODE_MIPS32R6) & *MipsGP64(*CS_MODE_MIPSGP64).
• Removed the ABI-only mode CS_MODE_N64.
• New modes CS_MODE_MIPS32 & CS_MODE_MIPS64 (instead of CS_MODE_32 & CS_MODE_64).

ARM

• Support new mode CS_MODE_V8 for Armv8 A32 encodings.
• Print immediate in positive form & hexadecimal for AND/ORR/EOR/BIC instructions

ARM64

• Print immediate in hexadecimal for AND/ORR/EOR/TST instructions.

PowerPC

• Do not print a dot in front of absolute address.

Others

• Support for Microsoft Visual Studio (so Windows native compilation using MSVC is possible).
• Support CMake compilation.
• Cross-compile for Android.
• Build libraries/tests using XCode project
• Much faster, while consuming less memory for all architectures.

More Information: here

[button size=large style=round color=red align=none url=http://capstone-engine.org/download.html]Download Capstone Disassembly Engine v3.0[/button]