Menu
▾
▴
capstone-users — Capstone mailing list for users
You can subscribe to this list here.
| 2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(11) |
Dec
(11) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2014 |
Jan
(12) |
Feb
(3) |
Mar
(7) |
Apr
(4) |
May
(31) |
Jun
(2) |
Jul
(4) |
Aug
(2) |
Sep
(16) |
Oct
(13) |
Nov
(2) |
Dec
(25) |
| 2015 |
Jan
(28) |
Feb
(9) |
Mar
(7) |
Apr
(1) |
May
(3) |
Jun
(1) |
Jul
(3) |
Aug
(12) |
Sep
|
Oct
(11) |
Nov
(4) |
Dec
|
| 2016 |
Jan
(4) |
Feb
|
Mar
(8) |
Apr
|
May
(2) |
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2017 |
Jan
|
Feb
(1) |
Mar
(3) |
Apr
(2) |
May
(4) |
Jun
(6) |
Jul
(9) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(7) |
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(3) |
Sep
|
Oct
(2) |
Nov
(7) |
Dec
(2) |
| 2019 |
Jan
(1) |
Feb
(1) |
Mar
(5) |
Apr
(1) |
May
(1) |
Jun
(4) |
Jul
(6) |
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
(4) |
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
(3) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
(1) |
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2024 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
|
From: GROETZ, M. A C. U. A. AFRL/R. <mic...@us...> - 2015-01-23 15:15:58
|
When I try to disassemble Test.exe, I get the following:
0x1000: pop r10
0x1002: npop
0x1003 add byte ptr [rbx], a1
0x1005: add byte ptr [rbx], a1
That's all I get. Here's my C code:
-----
#define _CRT_SECURE_NO_WARNINGS
#include <stdio.h>
#include <stdlib.h>
#include "../inttypes.h"
#include <capstone.h>
#define CODE "\x55\x48\x8b\x05\xb8\x13\x00\x00"
int main(void)
{
csh handle;
cs_insn *insn;
size_t count;
if (cs_open(CS_ARCH_X86, CS_MODE_64, &handle) != CS_ERR_OK)
{
return -1;
}
FILE * file;
unsigned char * buffer;
unsigned long fileLen;
file = fopen("C:/test/test.exe", "rb");
fseek(file, 0, SEEK_END);
fileLen = ftell(file);
fseek(file, 0, SEEK_SET);
buffer = (unsigned char *)malloc(fileLen + 1);
fread(buffer, fileLen, 1, file);
fclose(file);
count = cs_disasm(handle, buffer, sizeof(buffer) - 1, 0x1000, 0, &insn);
if (count > 0)
{
size_t j;
for (j = 0; j < count; j++)
{
printf("0x%"PRIx64":\t%s\t\t%s\n", insn[j].address, insn[j].mnemonic, insn[j].op_str);
}
cs_free(insn, count);
}
else
{
printf("ERROR: Failed to dissassemble given code!\n");
}
cs_close(&handle);
return 0;
}
Thanks.
-----Original Message-----
From: Nguyen Anh Quynh [mailto:aq...@gm...]
Sent: Friday, January 23, 2015 9:44 AM
To: Capstone disassembly framework (www.capstone-engine.org)
Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help
On Fri, Jan 23, 2015 at 8:50 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote:
I never could get the Java version to work - even with v1.6. I moved on to implementing the program in C. I did get your C example to work with no problems and the output was as expected. Quick question about Test.exe. Is that program from me to buffer and disassemble? If so, I only get about 3 or 4 lines of disassembly. That doesn't seem quite right to me. Or is Test.exe for another purpose.
Test.exe is compiled from tests/test.c.
can you paste all the output of Test.exe here?
thanks.
Thanks, Mike
-----Original Message-----
From: Nguyen Anh Quynh [mailto:aq...@gm...]
Sent: Thursday, January 22, 2015 6:08 PM
To: Capstone disassembly framework (www.capstone-engine.org)
Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help
On Fri, Jan 23, 2015 at 1:28 AM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote:
I installed Java 1.6 and tried with that. No luck. I'm going to see if I can get the C version to work instead of the Java on Windows.
to test, you can simply run Test.exe available in http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip
let me know what you find with your Java code.
thanks,
Q
-----Original Message-----
From: Nguyen Anh Quynh [mailto:aq...@gm...]
Sent: Thursday, January 22, 2015 9:58 AM
To: Capstone disassembly framework (www.capstone-engine.org)
Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help
On Thu, Jan 22, 2015 at 10:32 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote:
I'm using Java 1.8.0_25 and Capstone 3.0. I don't have access to a system to put Ubuntu on. I'm using Win 7 64 bit with NetBeans IDE 8.0.2.
I can try a older version of Java.
on Windows you need to put the core library (from http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip) in the same directory with TestX86.java
in the same directory, put http://capstone-engine.org/download/3.0/capstone.jar.
can you compile & run TestX86.java with your current Java 1.8.0?
thanks.
-----Original Message-----
From: Nguyen Anh Quynh [mailto:aq...@gm...]
Sent: Thursday, January 22, 2015 9:04 AM
To: Capstone disassembly framework (www.capstone-engine.org)
Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help
On Thu, Jan 22, 2015 at 9:23 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote:
>a quick question: do you have any problem with the TestX86.java code? what
>is the output of it?
------------------------
Here's the output from TexstX86.java. I only included 32 and 64 bit (I'm running on a 64 bit machine). If you need all of the output let me know.
this is strange, as i dont have any issue here.
some questions:
- which Capstone version are you using?
- what is your Java version?
here is what i did:
- download the latest Capstone from Github. you can get the "next" branch code from https://github.com/aquynh/capstone/archive/next.zip
- unzip, compile & download on Ubuntu 64bit 14.04:
$ ./make.sh
$ sudo ./make.sh install
$ cd bindings/java/
$ make clean; make
$ ./run.sh x86 # <--- this actually runs TestX86.java
here is my Java version:
$ java -version
java version "1.6.0_33"
OpenJDK Runtime Environment (IcedTea6 1.13.5) (6b33-1.13.5-1ubuntu0.14.04)
OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode)
now, can you repeat all the steps above?
thanks.
Q
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Capstone-users mailing list
Cap...@li...
https://lists.sourceforge.net/lists/listinfo/capstone-users
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Capstone-users mailing list
Cap...@li...
https://lists.sourceforge.net/lists/listinfo/capstone-users
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Capstone-users mailing list
Cap...@li...
https://lists.sourceforge.net/lists/listinfo/capstone-users
|
|
From: Nguyen A. Q. <aq...@gm...> - 2015-01-23 14:44:25
|
On Fri, Jan 23, 2015 at 8:50 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA < mic...@us...> wrote: > I never could get the Java version to work - even with v1.6. I moved on to > implementing the program in C. I did get your C example to work with no > problems and the output was as expected. Quick question about Test.exe. Is > that program from me to buffer and disassemble? If so, I only get about 3 > or 4 lines of disassembly. That doesn't seem quite right to me. Or is > Test.exe for another purpose. > Test.exe is compiled from tests/test.c. can you paste all the output of Test.exe here? thanks. > > Thanks, Mike > -----Original Message----- > From: Nguyen Anh Quynh [mailto:aq...@gm...] > Sent: Thursday, January 22, 2015 6:08 PM > To: Capstone disassembly framework (www.capstone-engine.org) > Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help > > > > On Fri, Jan 23, 2015 at 1:28 AM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA > <mic...@us...> wrote: > > > I installed Java 1.6 and tried with that. No luck. I'm going to > see if I can get the C version to work instead of the Java on Windows. > > > > > to test, you can simply run Test.exe available in > http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip > > > let me know what you find with your Java code. > > > thanks, > Q > > > > > -----Original Message----- > From: Nguyen Anh Quynh [mailto:aq...@gm...] > > Sent: Thursday, January 22, 2015 9:58 AM > To: Capstone disassembly framework (www.capstone-engine.org) > Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help > > > > On Thu, Jan 22, 2015 at 10:32 PM, GROETZ, MICHAEL A CTR USAF AFMC > AFRL/RYWA <mic...@us...> wrote: > > > I'm using Java 1.8.0_25 and Capstone 3.0. I don't have access to a > system to put Ubuntu on. I'm using Win 7 64 bit with NetBeans IDE 8.0.2. > > I can try a older version of Java. > > > > on Windows you need to put the core library (from > http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip) in the > same directory with TestX86.java > > in the same directory, put > http://capstone-engine.org/download/3.0/capstone.jar. > > can you compile & run TestX86.java with your current Java 1.8.0? > > > > thanks. > > > > > > > -----Original Message----- > From: Nguyen Anh Quynh [mailto:aq...@gm...] > Sent: Thursday, January 22, 2015 9:04 AM > To: Capstone disassembly framework (www.capstone-engine.org) > Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help > > > > On Thu, Jan 22, 2015 at 9:23 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA > <mic...@us...> wrote: > > > >a quick question: do you have any problem with the TestX86.java > code? what > >is the output of it? > ------------------------ > Here's the output from TexstX86.java. I only included 32 and 64 > bit (I'm running on a 64 bit machine). If you need all of the output let me > know. > > > > > this is strange, as i dont have any issue here. > > > some questions: > > - which Capstone version are you using? > > - what is your Java version? > > > > here is what i did: > > > - download the latest Capstone from Github. you can get the "next" branch > code from https://github.com/aquynh/capstone/archive/next.zip > > > - unzip, compile & download on Ubuntu 64bit 14.04: > > $ ./make.sh > $ sudo ./make.sh install > $ cd bindings/java/ > $ make clean; make > $ ./run.sh x86 # <--- this actually runs TestX86.java > > > > here is my Java version: > > $ java -version > java version "1.6.0_33" > OpenJDK Runtime Environment (IcedTea6 1.13.5) > (6b33-1.13.5-1ubuntu0.14.04) > OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode) > > > > > now, can you repeat all the steps above? > > > thanks. > Q > > > > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users > |
|
From: GROETZ, M. A C. U. A. AFRL/R. <mic...@us...> - 2015-01-23 13:05:21
|
I never could get the Java version to work - even with v1.6. I moved on to implementing the program in C. I did get your C example to work with no problems and the output was as expected. Quick question about Test.exe. Is that program from me to buffer and disassemble? If so, I only get about 3 or 4 lines of disassembly. That doesn't seem quite right to me. Or is Test.exe for another purpose. Thanks, Mike -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 6:08 PM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Fri, Jan 23, 2015 at 1:28 AM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: I installed Java 1.6 and tried with that. No luck. I'm going to see if I can get the C version to work instead of the Java on Windows. to test, you can simply run Test.exe available in http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip let me know what you find with your Java code. thanks, Q -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 9:58 AM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Thu, Jan 22, 2015 at 10:32 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: I'm using Java 1.8.0_25 and Capstone 3.0. I don't have access to a system to put Ubuntu on. I'm using Win 7 64 bit with NetBeans IDE 8.0.2. I can try a older version of Java. on Windows you need to put the core library (from http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip) in the same directory with TestX86.java in the same directory, put http://capstone-engine.org/download/3.0/capstone.jar. can you compile & run TestX86.java with your current Java 1.8.0? thanks. -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 9:04 AM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Thu, Jan 22, 2015 at 9:23 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: >a quick question: do you have any problem with the TestX86.java code? what >is the output of it? ------------------------ Here's the output from TexstX86.java. I only included 32 and 64 bit (I'm running on a 64 bit machine). If you need all of the output let me know. this is strange, as i dont have any issue here. some questions: - which Capstone version are you using? - what is your Java version? here is what i did: - download the latest Capstone from Github. you can get the "next" branch code from https://github.com/aquynh/capstone/archive/next.zip - unzip, compile & download on Ubuntu 64bit 14.04: $ ./make.sh $ sudo ./make.sh install $ cd bindings/java/ $ make clean; make $ ./run.sh x86 # <--- this actually runs TestX86.java here is my Java version: $ java -version java version "1.6.0_33" OpenJDK Runtime Environment (IcedTea6 1.13.5) (6b33-1.13.5-1ubuntu0.14.04) OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode) now, can you repeat all the steps above? thanks. Q ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Capstone-users mailing list Cap...@li... https://lists.sourceforge.net/lists/listinfo/capstone-users ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Capstone-users mailing list Cap...@li... https://lists.sourceforge.net/lists/listinfo/capstone-users |
|
From: Nguyen A. Q. <aq...@gm...> - 2015-01-22 23:08:50
|
On Fri, Jan 23, 2015 at 1:28 AM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA < mic...@us...> wrote: > I installed Java 1.6 and tried with that. No luck. I'm going to see if I > can get the C version to work instead of the Java on Windows. > > to test, you can simply run Test.exe available in http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip let me know what you find with your Java code. thanks, Q -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 9:58 AM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Thu, Jan 22, 2015 at 10:32 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: I'm using Java 1.8.0_25 and Capstone 3.0. I don't have access to a system to put Ubuntu on. I'm using Win 7 64 bit with NetBeans IDE 8.0.2. I can try a older version of Java. on Windows you need to put the core library (from http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip) in the same directory with TestX86.java in the same directory, put http://capstone-engine.org/download/3.0/capstone.jar. can you compile & run TestX86.java with your current Java 1.8.0? thanks. -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 9:04 AM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Thu, Jan 22, 2015 at 9:23 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA < mic...@us...> wrote: >a quick question: do you have any problem with the TestX86.java code? what >is the output of it? ------------------------ Here's the output from TexstX86.java. I only included 32 and 64 bit (I'm running on a 64 bit machine). If you need all of the output let me know. this is strange, as i dont have any issue here. some questions: - which Capstone version are you using? - what is your Java version? here is what i did: - download the latest Capstone from Github. you can get the "next" branch code from https://github.com/aquynh/capstone/archive/next.zip - unzip, compile & download on Ubuntu 64bit 14.04: $ ./make.sh $ sudo ./make.sh install $ cd bindings/java/ $ make clean; make $ ./run.sh x86 # <--- this actually runs TestX86.java here is my Java version: $ java -version java version "1.6.0_33" OpenJDK Runtime Environment (IcedTea6 1.13.5) (6b33-1.13.5-1ubuntu0.14.04) OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode) now, can you repeat all the steps above? thanks. Q ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Capstone-users mailing list Cap...@li... https://lists.sourceforge.net/lists/listinfo/capstone-users ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Capstone-users mailing list Cap...@li... https://lists.sourceforge.net/lists/listinfo/capstone-users |
|
From: GROETZ, M. A C. U. A. AFRL/R. <mic...@us...> - 2015-01-22 18:05:18
|
I installed Java 1.6 and tried with that. No luck. I'm going to see if I can get the C version to work instead of the Java on Windows. -Mike -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 9:58 AM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Thu, Jan 22, 2015 at 10:32 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: I'm using Java 1.8.0_25 and Capstone 3.0. I don't have access to a system to put Ubuntu on. I'm using Win 7 64 bit with NetBeans IDE 8.0.2. I can try a older version of Java. on Windows you need to put the core library (from http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip) in the same directory with TestX86.java in the same directory, put http://capstone-engine.org/download/3.0/capstone.jar. can you compile & run TestX86.java with your current Java 1.8.0? thanks. -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 9:04 AM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Thu, Jan 22, 2015 at 9:23 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: >a quick question: do you have any problem with the TestX86.java code? what >is the output of it? ------------------------ Here's the output from TexstX86.java. I only included 32 and 64 bit (I'm running on a 64 bit machine). If you need all of the output let me know. this is strange, as i dont have any issue here. some questions: - which Capstone version are you using? - what is your Java version? here is what i did: - download the latest Capstone from Github. you can get the "next" branch code from https://github.com/aquynh/capstone/archive/next.zip - unzip, compile & download on Ubuntu 64bit 14.04: $ ./make.sh $ sudo ./make.sh install $ cd bindings/java/ $ make clean; make $ ./run.sh x86 # <--- this actually runs TestX86.java here is my Java version: $ java -version java version "1.6.0_33" OpenJDK Runtime Environment (IcedTea6 1.13.5) (6b33-1.13.5-1ubuntu0.14.04) OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode) now, can you repeat all the steps above? thanks. Q ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Capstone-users mailing list Cap...@li... https://lists.sourceforge.net/lists/listinfo/capstone-users |
|
From: GROETZ, M. A C. U. A. AFRL/R. <mic...@us...> - 2015-01-22 16:27:31
|
I did what you said and I still had no luck. Will try a older version of Java. Thanks. -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 9:58 AM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Thu, Jan 22, 2015 at 10:32 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: I'm using Java 1.8.0_25 and Capstone 3.0. I don't have access to a system to put Ubuntu on. I'm using Win 7 64 bit with NetBeans IDE 8.0.2. I can try a older version of Java. on Windows you need to put the core library (from http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip) in the same directory with TestX86.java in the same directory, put http://capstone-engine.org/download/3.0/capstone.jar. can you compile & run TestX86.java with your current Java 1.8.0? thanks. -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 9:04 AM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Thu, Jan 22, 2015 at 9:23 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: >a quick question: do you have any problem with the TestX86.java code? what >is the output of it? ------------------------ Here's the output from TexstX86.java. I only included 32 and 64 bit (I'm running on a 64 bit machine). If you need all of the output let me know. this is strange, as i dont have any issue here. some questions: - which Capstone version are you using? - what is your Java version? here is what i did: - download the latest Capstone from Github. you can get the "next" branch code from https://github.com/aquynh/capstone/archive/next.zip - unzip, compile & download on Ubuntu 64bit 14.04: $ ./make.sh $ sudo ./make.sh install $ cd bindings/java/ $ make clean; make $ ./run.sh x86 # <--- this actually runs TestX86.java here is my Java version: $ java -version java version "1.6.0_33" OpenJDK Runtime Environment (IcedTea6 1.13.5) (6b33-1.13.5-1ubuntu0.14.04) OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode) now, can you repeat all the steps above? thanks. Q ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Capstone-users mailing list Cap...@li... https://lists.sourceforge.net/lists/listinfo/capstone-users |
|
From: Nguyen A. Q. <aq...@gm...> - 2015-01-22 14:58:22
|
On Thu, Jan 22, 2015 at 10:32 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: > I'm using Java 1.8.0_25 and Capstone 3.0. I don't have access to a system > to put Ubuntu on. I'm using Win 7 64 bit with NetBeans IDE 8.0.2. > > I can try a older version of Java. > on Windows you need to put the core library (from http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip) in the same directory with TestX86.java in the same directory, put http://capstone-engine.org/download/3.0/capstone.jar. can you compile & run TestX86.java with your current Java 1.8.0? thanks. -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 9:04 AM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Thu, Jan 22, 2015 at 9:23 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA < mic...@us...> wrote: >a quick question: do you have any problem with the TestX86.java code? what >is the output of it? ------------------------ Here's the output from TexstX86.java. I only included 32 and 64 bit (I'm running on a 64 bit machine). If you need all of the output let me know. this is strange, as i dont have any issue here. some questions: - which Capstone version are you using? - what is your Java version? here is what i did: - download the latest Capstone from Github. you can get the "next" branch code from https://github.com/aquynh/capstone/archive/next.zip - unzip, compile & download on Ubuntu 64bit 14.04: $ ./make.sh $ sudo ./make.sh install $ cd bindings/java/ $ make clean; make $ ./run.sh x86 # <--- this actually runs TestX86.java here is my Java version: $ java -version java version "1.6.0_33" OpenJDK Runtime Environment (IcedTea6 1.13.5) (6b33-1.13.5-1ubuntu0.14.04) OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode) now, can you repeat all the steps above? thanks. Q ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Capstone-users mailing list Cap...@li... https://lists.sourceforge.net/lists/listinfo/capstone-users |
|
From: GROETZ, M. A C. U. A. AFRL/R. <mic...@us...> - 2015-01-22 14:32:49
|
I'm using Java 1.8.0_25 and Capstone 3.0. I don't have access to a system to put Ubuntu on. I'm using Win 7 64 bit with NetBeans IDE 8.0.2. I can try a older version of Java. Thanks, Mike -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Thursday, January 22, 2015 9:04 AM To: Capstone disassembly framework (www.capstone-engine.org) Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Thu, Jan 22, 2015 at 9:23 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: >a quick question: do you have any problem with the TestX86.java code? what >is the output of it? ------------------------ Here's the output from TexstX86.java. I only included 32 and 64 bit (I'm running on a 64 bit machine). If you need all of the output let me know. this is strange, as i dont have any issue here. some questions: - which Capstone version are you using? - what is your Java version? here is what i did: - download the latest Capstone from Github. you can get the "next" branch code from https://github.com/aquynh/capstone/archive/next.zip - unzip, compile & download on Ubuntu 64bit 14.04: $ ./make.sh $ sudo ./make.sh install $ cd bindings/java/ $ make clean; make $ ./run.sh x86 # <--- this actually runs TestX86.java here is my Java version: $ java -version java version "1.6.0_33" OpenJDK Runtime Environment (IcedTea6 1.13.5) (6b33-1.13.5-1ubuntu0.14.04) OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode) now, can you repeat all the steps above? thanks. Q |
|
From: Nguyen A. Q. <aq...@gm...> - 2015-01-22 14:04:37
|
On Thu, Jan 22, 2015 at 9:23 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA < mic...@us...> wrote: > >a quick question: do you have any problem with the TestX86.java code? what > >is the output of it? > ------------------------ > Here's the output from TexstX86.java. I only included 32 and 64 bit (I'm > running on a 64 bit machine). If you need all of the output let me know. > > this is strange, as i dont have any issue here. some questions: - which Capstone version are you using? - what is your Java version? here is what i did: - download the latest Capstone from Github. you can get the "next" branch code from https://github.com/aquynh/capstone/archive/next.zip - unzip, compile & download on Ubuntu 64bit 14.04: $ ./make.sh $ sudo ./make.sh install $ cd bindings/java/ $ make clean; make $ ./run.sh x86 # <--- this actually runs TestX86.java here is my Java version: $ java -version java version "1.6.0_33" OpenJDK Runtime Environment (IcedTea6 1.13.5) (6b33-1.13.5-1ubuntu0.14.04) OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode) now, can you repeat all the steps above? thanks. Q |
|
From: GROETZ, M. A C. U. A. AFRL/R. <mic...@us...> - 2015-01-22 13:43:57
|
>a quick question: do you have any problem with the TestX86.java code? what >is the output of it? ------------------------ Here's the output from TexstX86.java. I only included 32 and 64 bit (I'm running on a 64 bit machine). If you need all of the output let me know. Thanks You for your help. -Mike ------------------------------------ Platform: X86 32 (Intel syntax) Code: 0x8d 0x4c 0x32 0x08 0x01 0xd8 0x81 0xc6 0x34 0x12 0x00 0x00 0x05 0x23 0x01 0x00 0x00 0x36 0x8b 0x84 0x91 0x23 0x01 0x00 0x00 0x41 0x8d 0x84 0x39 0x89 0x67 0x00 0x00 0x8d 0x87 0x89 0x67 0x00 0x00 0xb4 0xc6 Disasm: 0x1000: null null Prefix: 0x00 0x00 0x00 0x00 Opcode: 0x8d 0x00 0x00 0x00 rex: 0x0 addr_size: 4 modrm: 0x4c disp: 0x8 sib: 0x32 sib_base: edx sib_index: esi sib_scale: 1 op_count: 2 operands[0].type: REG = ecx operands[0].size: 4 operands[1].type: MEM operands[1].mem.base: REG = edx operands[1].mem.index: REG = esi operands[1].mem.disp: 0x8 operands[1].size: 4 0x1004: null null Prefix: 0x00 0x00 0x00 0x00 Opcode: 0x01 0x00 0x00 0x00 rex: 0x0 addr_size: 4 modrm: 0xd8 disp: 0x0 sib: 0x0 op_count: 2 operands[0].type: REG = eax operands[0].size: 4 operands[1].type: REG = ebx operands[1].size: 4 0x1006: null null Prefix: 0x00 0x00 0x00 0x00 Opcode: 0x81 0x00 0x00 0x00 rex: 0x0 addr_size: 4 modrm: 0xc6 disp: 0x0 sib: 0x0 imm_count: 1 imms[1]: 0x1234 op_count: 2 operands[0].type: REG = esi operands[0].size: 4 operands[1].type: IMM = 0x1234 operands[1].size: 4 0x100c: null null Prefix: 0x00 0x00 0x00 0x00 Opcode: 0x05 0x00 0x00 0x00 rex: 0x0 addr_size: 4 modrm: 0x0 disp: 0x0 sib: 0x0 imm_count: 1 imms[1]: 0x123 op_count: 2 operands[0].type: REG = eax operands[0].size: 4 operands[1].type: IMM = 0x123 operands[1].size: 4 0x1011: null null Prefix: 0x00 0x36 0x00 0x00 Opcode: 0x8b 0x00 0x00 0x00 rex: 0x0 addr_size: 4 modrm: 0x84 disp: 0x123 sib: 0x91 sib_base: ecx sib_index: edx sib_scale: 4 op_count: 2 operands[0].type: REG = eax operands[0].size: 4 operands[1].type: MEM operands[1].mem.segment: REG = ss operands[1].mem.base: REG = ecx operands[1].mem.index: REG = edx operands[1].mem.scale: 4 operands[1].mem.disp: 0x123 operands[1].size: 4 0x1019: null null Prefix: 0x00 0x00 0x00 0x00 Opcode: 0x41 0x00 0x00 0x00 rex: 0x0 addr_size: 4 modrm: 0x0 disp: 0x0 sib: 0x0 op_count: 1 operands[0].type: REG = ecx operands[0].size: 4 0x101a: null null Prefix: 0x00 0x00 0x00 0x00 Opcode: 0x8d 0x00 0x00 0x00 rex: 0x0 addr_size: 4 modrm: 0x84 disp: 0x6789 sib: 0x39 sib_base: ecx sib_index: edi sib_scale: 1 op_count: 2 operands[0].type: REG = eax operands[0].size: 4 operands[1].type: MEM operands[1].mem.base: REG = ecx operands[1].mem.index: REG = edi operands[1].mem.disp: 0x6789 operands[1].size: 4 0x1021: null null Prefix: 0x00 0x00 0x00 0x00 Opcode: 0x8d 0x00 0x00 0x00 rex: 0x0 addr_size: 4 modrm: 0x87 disp: 0x6789 sib: 0x0 op_count: 2 operands[0].type: REG = eax operands[0].size: 4 operands[1].type: MEM operands[1].mem.base: REG = edi operands[1].mem.disp: 0x6789 operands[1].size: 4 0x1027: null null Prefix: 0x00 0x00 0x00 0x00 Opcode: 0xb4 0x00 0x00 0x00 rex: 0x0 addr_size: 4 modrm: 0x0 disp: 0x0 sib: 0x0 imm_count: 1 imms[1]: 0xffffffffffffffc6 op_count: 2 operands[0].type: REG = ah operands[0].size: 1 operands[1].type: IMM = 0xffffffffffffffc6 operands[1].size: 1 0x1029: ------------------------------------------------------------------ Platform: X86 64 (Intel syntax) Code: 0x55 0x48 0x8b 0x05 0xb8 0x13 0x00 0x00 Disasm: 0x1000: null null Prefix: 0x00 0x00 0x00 0x00 Opcode: 0x55 0x00 0x00 0x00 rex: 0x0 addr_size: 8 modrm: 0x0 disp: 0x0 sib: 0x0 op_count: 1 operands[0].type: REG = rbp operands[0].size: 8 0x1001: null null Prefix: 0x00 0x00 0x00 0x00 Opcode: 0x8b 0x00 0x00 0x00 rex: 0x48 addr_size: 8 modrm: 0x5 disp: 0x13b8 sib: 0x0 op_count: 2 operands[0].type: REG = rax operands[0].size: 8 operands[1].type: MEM operands[1].mem.base: REG = rip operands[1].mem.disp: 0x13b8 operands[1].size: 8 0x1008: |
|
From: Nguyen A. Q. <aq...@gm...> - 2015-01-21 15:17:29
|
On Wed, Jan 21, 2015 at 10:22 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA
<mic...@us...> wrote:
> Hi Everyone -
>
> I'm really new to Capstone and I'm trying to just get the basic java
> example on the capstone website to work. Here is my code:
>
a quick question: do you have any problem with the TestX86.java code? what
is the output of it?
thanks.
Q
>
> ----------------------
> package malwaredisassembler;
>
> import capstone.Capstone;
>
> import java.io.FileInputStream;
> import java.io.File;
>
> public class MalwareDisassembler
> {
> public static byte [] CODE = { 0x55, 0x48, (byte) 0x8b, 0x05, (byte)
> 0xb8, 0x13, 0x00, 0x00 };
>
> public static void main(String[] args)
> {
> Capstone cs = new Capstone(Capstone.CS_ARCH_X86,
> Capstone.CS_MODE_64);
>
> try
> {
> //FileInputStream fileInputStream = null;
>
> //File file = new File("C:/test/test.exe");
>
> //byte[] bFile = new byte[(int) file.length()];
> //fileInputStream = new FileInputStream(file);
> //fileInputStream.read(bFile);
> //fileInputStream.close();
>
> Capstone.CsInsn[] allInstructions = cs.disasm(CODE, 0x1000);
>
> for (int i=0; i < allInstructions.length; i++)
> {
> System.out.printf("0x%x:\t%s\t%s\n",
> allInstructions[i].address, allInstructions[i].mnemonic,
> allInstructions[i].opStr);
> }
> }
> catch (Exception e)
> {
> }
> }
> }
> -------------------------------------------
>
> Here's my output:
>
> 0x1000: null null
> 0x1001: null null
>
> What am I doing wrong? I have the capstone jar file included in my
> project. I also have the capstone.dll included in my project directory. I'm
> running Java 1.8.0.
>
> If someone could help me understand why I'm getting the nulls I would
> appreciate it.
>
> Thanks, Mike
>
>
>
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> Capstone-users mailing list
> Cap...@li...
> https://lists.sourceforge.net/lists/listinfo/capstone-users
>
|
|
From: GROETZ, M. A C. U. A. AFRL/R. <mic...@us...> - 2015-01-21 14:43:30
|
Hi Everyone -
I'm really new to Capstone and I'm trying to just get the basic java example on the capstone website to work. Here is my code:
----------------------
package malwaredisassembler;
import capstone.Capstone;
import java.io.FileInputStream;
import java.io.File;
public class MalwareDisassembler
{
public static byte [] CODE = { 0x55, 0x48, (byte) 0x8b, 0x05, (byte) 0xb8, 0x13, 0x00, 0x00 };
public static void main(String[] args)
{
Capstone cs = new Capstone(Capstone.CS_ARCH_X86, Capstone.CS_MODE_64);
try
{
//FileInputStream fileInputStream = null;
//File file = new File("C:/test/test.exe");
//byte[] bFile = new byte[(int) file.length()];
//fileInputStream = new FileInputStream(file);
//fileInputStream.read(bFile);
//fileInputStream.close();
Capstone.CsInsn[] allInstructions = cs.disasm(CODE, 0x1000);
for (int i=0; i < allInstructions.length; i++)
{
System.out.printf("0x%x:\t%s\t%s\n", allInstructions[i].address, allInstructions[i].mnemonic,
allInstructions[i].opStr);
}
}
catch (Exception e)
{
}
}
}
-------------------------------------------
Here's my output:
0x1000: null null
0x1001: null null
What am I doing wrong? I have the capstone jar file included in my project. I also have the capstone.dll included in my project directory. I'm running Java 1.8.0.
If someone could help me understand why I'm getting the nulls I would appreciate it.
Thanks, Mike
|
|
From: Nguyen A. Q. <aq...@gm...> - 2015-01-20 13:40:20
|
Greetings, We are happy to announce the Release Candidate 2 of version 3.0.1 of Capstone disassembly framework! Find the link to source code at http://capstone-engine.org/Version-3.0.1-RC2.html Or get it from the tag name “3.0.1-rc2” in our Github repo at https://github.com/aquynh/capstone Please test and report all the issues you can find. Summary of important changes in v3.0.1-RC2 - Bug fixes for X86, Arm & Arm64. - Fixed some issues, including a memory leaking bug, for Python (Cython) bindings. Thanks, Capstone Engine team. |
|
From: Nguyen A. Q. <aq...@gm...> - 2015-01-05 16:32:22
|
Greetings, We are pleased to announce the Release Candidate 1 of version 3.0.1 of Capstone disassembly framework! Find the link to source code at http://capstone-engine.org/Version-3.0.1-RC1.html Or get it from the tag name “3.0.1-rc1” in our Github repo at https://github.com/aquynh/capstone Please test and report all the issues you can find. Summary of important changes in v3.0.1 - Bug fixes for X86, Arm, Arm64 & PowerPC. - X86 engine now can handle better some tricky X86 code. - Fixed some memory leaking & NULL memory access issues for Python bindings. So be sure to reinstall the Python binding together with the new core. Thanks, Quynh |
|
From: Capstone E. <cap...@gm...> - 2014-12-28 05:32:54
|
On Fri, Dec 26, 2014 at 8:07 PM, derrek <der...@ya...> wrote: > > > > On Thu, Dec 25, 2014 at 6:31 AM, Der Rek <der...@ya...> wrote: > > Hi, > > this is the first time I'm using a mailing list, please forgive me when > I'm doing something wrong. > > I noticed when disassembling an ARM mode "BL <label>" instr, the detailed > instr info in cs_insn->detail > is wrong. > cs_insn->detail->regs_read_count is 0x01 and regs_read[0] is 0x0c, which > is ARM_REG_SP in enum arm_reg defined in arm.h. > However, the expected result should be like this I guess: > cs_insn->detail->regs_read_count should be 0x01 and regs_read[0] should > be ARM_REG_PC (which is 0x0B in the arm_reg enum). > "BL" is branch with link. Which means SP (= stack pointer) isn't involved > at all. > In addition, regs_write_count is 0x01, but it should be 0x02. ARM_REG_PC > is missing in regs_write (ofc the program counter gets updated on jumps). > > > on the missing of REG_PC, keep in mind that regs_write[] just contains > registers *implicitly* modified by instructions, and PC register is never > considered. > > Does capstone also provide an array of regs explicitly modified/read by > instructions (so we don't need to check the operands for each instruction > separately when doing dataflow analysis)? > no, but this feature has been requested for a long time. there is no plan for that yet, but this will requires some new API. if you want to work on that, you are very welcome! thanks. |
|
From: Capstone E. <cap...@gm...> - 2014-12-25 03:29:39
|
On Thu, Dec 25, 2014 at 6:31 AM, Der Rek <der...@ya...> wrote: > Hi, > > this is the first time I'm using a mailing list, please forgive me when > I'm doing something wrong. > > I noticed when disassembling an ARM mode "BL <label>" instr, the detailed > instr info in cs_insn->detail > is wrong. > cs_insn->detail->regs_read_count is 0x01 and regs_read[0] is 0x0c, which > is ARM_REG_SP in enum arm_reg defined in arm.h. > However, the expected result should be like this I guess: > cs_insn->detail->regs_read_count should be 0x01 and regs_read[0] should > be ARM_REG_PC (which is 0x0B in the arm_reg enum). > "BL" is branch with link. Which means SP (= stack pointer) isn't involved > at all. > In addition, regs_write_count is 0x01, but it should be 0x02. ARM_REG_PC > is missing in regs_write (ofc the program counter gets updated on jumps). > on the missing of REG_PC, keep in mind that regs_write[] just contains registers *implicitly* modified by instructions, and PC register is never considered. thanks. |
|
From: Capstone E. <cap...@gm...> - 2014-12-25 03:26:53
|
On Thu, Dec 25, 2014 at 6:31 AM, Der Rek <der...@ya...> wrote: > Hi, > > this is the first time I'm using a mailing list, please forgive me when > I'm doing something wrong. > > I noticed when disassembling an ARM mode "BL <label>" instr, the detailed > instr info in cs_insn->detail > is wrong. > cs_insn->detail->regs_read_count is 0x01 and regs_read[0] is 0x0c, which > is ARM_REG_SP in enum arm_reg defined in arm.h. > However, the expected result should be like this I guess: > cs_insn->detail->regs_read_count should be 0x01 and regs_read[0] should > be ARM_REG_PC (which is 0x0B in the arm_reg enum). > "BL" is branch with link. Which means SP (= stack pointer) isn't involved > at all. > In addition, regs_write_count is 0x01, but it should be 0x02. ARM_REG_PC > is missing in regs_write (ofc the program counter gets updated on jumps). > > I wonder why nobody has noticed this bug... you even have it on your > website! In the tutorials, e.g. http://www.capstone-engine.org/lang_c.html > > 0x1000: bl #-0x4c // insn-name: BL Implicit registers read: sp > > Capstone is pretty new to me, I'm "using" it since today now... Thus, I > don't know where to look in the source code to find and patch this bug. > which version are you using? if that is v3.0, can you try again with the "next" branch of our Github repo to see if the problem is fixed? https://github.com/aquynh/capstone/archive/next.zip thanks. |
|
From: Der R. <der...@ya...> - 2014-12-24 22:32:11
|
Hi, this is the first time I'm using a mailing list, please forgive me when I'm doing something wrong. I noticed when disassembling an ARM mode "BL <label>" instr, the detailed instr info in cs_insn->detailis wrong.cs_insn->detail->regs_read_count is 0x01 and regs_read[0] is 0x0c, which is ARM_REG_SP in enum arm_reg defined in arm.h.However, the expected result should be like this I guess:cs_insn->detail->regs_read_count should be 0x01 and regs_read[0] should be ARM_REG_PC (which is 0x0B in the arm_reg enum)."BL" is branch with link. Which means SP (= stack pointer) isn't involved at all.In addition, regs_write_count is 0x01, but it should be 0x02. ARM_REG_PC is missing in regs_write (ofc the program counter gets updated on jumps). I wonder why nobody has noticed this bug... you even have it on your website! In the tutorials, e.g. http://www.capstone-engine.org/lang_c.html 0x1000: bl #-0x4c // insn-name: BL Implicit registers read: sp Capstone is pretty new to me, I'm "using" it since today now... Thus, I don't know where to look in the source code to find and patch this bug. Regards,-derrek |
|
From: Capstone E. <cap...@gm...> - 2014-12-15 03:48:48
|
On Mon, Dec 15, 2014 at 4:59 AM, Jan Newger <jan...@ne...> wrote: > > On 14.12.2014 21:44, Capstone Engine wrote: > > > > > > On Thu, Dec 4, 2014 at 10:14 PM, Nguyen Anh Quynh <aq...@gm... > > <mailto:aq...@gm...>> wrote: > > > > > > > > On Thu, Dec 4, 2014 at 9:08 PM, Jan Newger <jan...@ne... > > <mailto:jan...@ne...>> wrote: > > > > I don't have the dev environment for this in place, it would mean > > additional time for me to set this up. > > > > > > > > sure, there is no hurry. > > > > > > Jan, do you have any progress on this? > > > > > > thanks. > > > Patch is attached. > for the record, do you want to send a PR on Github? thanks, Q |
|
From: Jan N. <jan...@ne...> - 2014-12-14 20:59:53
|
On 14.12.2014 21:44, Capstone Engine wrote: > > > On Thu, Dec 4, 2014 at 10:14 PM, Nguyen Anh Quynh <aq...@gm... > <mailto:aq...@gm...>> wrote: > > > > On Thu, Dec 4, 2014 at 9:08 PM, Jan Newger <jan...@ne... > <mailto:jan...@ne...>> wrote: > > I don't have the dev environment for this in place, it would mean > additional time for me to set this up. > > > > sure, there is no hurry. > > > Jan, do you have any progress on this? > > > thanks. > Patch is attached. |
|
From: Capstone E. <cap...@gm...> - 2014-12-14 20:44:59
|
On Thu, Dec 4, 2014 at 10:14 PM, Nguyen Anh Quynh <aq...@gm...> wrote: > > > > On Thu, Dec 4, 2014 at 9:08 PM, Jan Newger <jan...@ne...> wrote: > >> I don't have the dev environment for this in place, it would mean >> additional time for me to set this up. >> > > > sure, there is no hurry. > Jan, do you have any progress on this? thanks. |
|
From: Jason O. <ja...@ko...> - 2014-12-04 17:38:54
|
The try:finally solution is a great tip. And it entirely avoids the circular reference issue with __del__! I love it. > On Dec 4, 2014, at 06:14, Nguyen Anh Quynh <aq...@gm...> wrote: > > > >> On Thu, Dec 4, 2014 at 9:08 PM, Jan Newger <jan...@ne...> wrote: >> I don't have the dev environment for this in place, it would mean >> additional time for me to set this up. > > > sure, there is no hurry. > > thanks. > Q > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users |
|
From: Nguyen A. Q. <aq...@gm...> - 2014-12-04 14:15:14
|
On Thu, Dec 4, 2014 at 9:08 PM, Jan Newger <jan...@ne...> wrote: > I don't have the dev environment for this in place, it would mean > additional time for me to set this up. > sure, there is no hurry. thanks. Q |
|
From: Jan N. <jan...@ne...> - 2014-12-04 14:09:16
|
I don't have the dev environment for this in place, it would mean additional time for me to set this up. On 12/04/2014 02:54 PM, Nguyen Anh Quynh wrote: > > > On Thu, Dec 4, 2014 at 8:01 PM, Jan Newger <jan...@ne... > <mailto:jan...@ne...>> wrote: > > I think the easiest fix would be to free the memory from a finally > clause, as described here: > > https://docs.python.org/2/reference/simple_stmts.html#the-yield-statement > > Like this (untested): > > def disasm(self, code, offset, count=0): > all_insn = ctypes.POINTER(_cs_insn)() > '''if not _python2: > print(code) > code = code.encode() > print(code)''' > res = _cs.cs_disasm(self.csh, code, len(code), offset, count, > ctypes.byref(all_insn)) > if res > 0: > try: > for i in range(res): > yield CsInsn(self, all_insn[i]) > finally: > _cs.cs_free(all_insn, res) > else: > status = _cs.cs_errno(self.csh) > if status != CS_ERR_OK: > raise CsError(status) > return > yield > > > can you submit a pull request on Github? > > thanks, > Q > > > > > > > On 12/04/2014 01:07 AM, Jasiel Spelman wrote: > > Nguyen, > > > > Here is example code that hopefully better illustrates Juriaan's > > point/what Jan is seeing: > > > > def gen_example(): > > print '[gen_example] START' > > for i in xrange(2): > > print '[gen_example] before yield: ', i > > yield i > > print '[gen_example] after yield: ', i > > print '[gen_example] END' > > > > print "Typical case" > > for i in gen_example(): > > print > > > > print "Jan's case" > > for i in gen_example(): > > if i == 1: > > break > > print > > > > > > Typical case > > [gen_example] START > > [gen_example] before yield: 0 > > > > [gen_example] after yield: 0 > > [gen_example] before yield: 1 > > > > [gen_example] after yield: 1 > > [gen_example] END > > > > > > Jan's case > > [gen_example] START > > [gen_example] before yield: 0 > > > > [gen_example] after yield: 0 > > [gen_example] before yield: 1 > > > > > > On Wed, Dec 3, 2014 at 5:49 PM, Nguyen Anh Quynh > <aq...@gm... <mailto:aq...@gm...> > > <mailto:aq...@gm... <mailto:aq...@gm...>>> wrote: > > > > > > > > On Thu, Dec 4, 2014 at 6:32 AM, Jurriaan Bremer > > <jur...@gm... <mailto:jur...@gm...> > <mailto:jur...@gm... <mailto:jur...@gm...>>> > wrote: > > > > The 'yield' keyword allows one to fetch new records/rows (in > > this case > > disassembled instructions) on-demand. Doing an early exit > (e.g., > > quitting from a for-loop iterating over a function that > yield's > > after > > only, say, 2 out of 10 items) will prematurely exit the > function as > > well. Because, of course, why would Python calculate the > latter 8 > > results when they're not used in the first place? This is > also > > useful > > for never-ending functions - I suppose calculating digits > of Pi > > would be > > a 'good' example. > > > > Anyway, so your cs_free() call is never reached in this > case - you > > should switch to cs_free()'ing every row after each iteration > > through > > the for loop. > > > > > > but the loop is called upon the number of successfully > disassembled > > instructions, > > so there is no where in the code that might possibly quit the > loop > > prematurely. > > > > thanks, > > > > Q > > > > On 12/04/2014 12:27 AM, Nguyen Anh Quynh wrote: > > > > > > > > > On Thu, Dec 4, 2014 at 4:42 AM, Jan Newger > <jan...@ne... <mailto:jan...@ne...> > <mailto:jan...@ne... <mailto:jan...@ne...>> > > > <mailto:jan...@ne... > <mailto:jan...@ne...> <mailto:jan...@ne... > <mailto:jan...@ne...>>>> wrote: > > > > > > This is the python implementation of the disasm function > > (starting at > > > line 791): > > > > > > def disasm(self, code, offset, count=0): > > > all_insn = ctypes.POINTER(_cs_insn)() > > > '''if not _python2: > > > print(code) > > > code = code.encode() > > > print(code)''' > > > res = _cs.cs_disasm(self.csh, code, len(code), > > offset, count, > > > ctypes.byref(all_insn)) > > > if res > 0: > > > for i in range(res): > > > yield CsInsn(self, all_insn[i]) > > > _cs.cs_free(all_insn, res) > > > else: > > > status = _cs.cs_errno(self.csh) > > > if status != CS_ERR_OK: > > > raise CsError(status) > > > return > > > yield > > > > > > I'm really no python expert, but from what I see you > > apparently need to > > > free the instruction instances manually. However, if > client > > code stops > > > enumeration over the instructions prematurely, then > > _cs.cs_free() is > > > never invoked, and thus memory is leaked, right? > > > > > > > > > yes the problem must be with Python binding but not the core. > > > however, in the above code, cs_free() is called after the > "for" loop, > > > so i dont see how memleak can happen "prematurely". > > > > > > > > > thanks. > > > > > > > > > > > > > > > > > > On 03.12.2014 22:25, Jan Newger wrote: > > > > It seems the equivalent C implementation is not > affected by > > the mem > > > > leak, which is to be expected, since the memory is > > explicitly freed > > > > anyways, and the group checking boils down to > comparing an > > integer > > > value. > > > > > > > > If I had to guess, I'd suspect that in the python > case the > > group > > > > checking code introduces a spurious reference to the > > instruction > > > > instance(?) which cannot be claimed by the GC. > > > > > > > > On 03.12.2014 16:57, Jan Newger wrote: > > > >> No I haven't tried to reproduce the mem leak with C. > > > >> It already took me a considerable amount of time to > come > > up with this > > > >> minimal example. > > > >> > > > >> On 12/03/2014 04:53 PM, Capstone Engine wrote: > > > >>> > > > >>> > > > >>> On Wed, Dec 3, 2014 at 10:32 PM, Jan Newger > > > <jan...@ne... <mailto:jan...@ne...> > <mailto:jan...@ne... <mailto:jan...@ne...>> > > <mailto:jan...@ne... <mailto:jan...@ne...> > <mailto:jan...@ne... <mailto:jan...@ne...>>> > > > >>> <mailto:jan...@ne... > <mailto:jan...@ne...> > > <mailto:jan...@ne... <mailto:jan...@ne...>> > <mailto:jan...@ne... <mailto:jan...@ne...> > > <mailto:jan...@ne... <mailto:jan...@ne...>>>>> > > > wrote: > > > >>> > > > >>> > > > >>> Yes, it's using the latest version. > > > >>> OS was win7 x64 running python 2.7 with 32bit > libraries. > > > >>> > > > >>> > > > >>> this is interesting. have you tried to code the same > > program in > > > C to see > > > >>> if the mem leak issue still happens? > > > >>> > > > >>> > > > >>> thanks. > > > >>> > > > >>> > > > >>> > > > >>> > > > >>> On 12/03/2014 04:31 PM, Nguyen Anh Quynh wrote: > > > >>> > > > > >>> > > > > >>> > On Wed, Dec 3, 2014 at 4:57 PM, Jan Newger > > > <jan...@ne... <mailto:jan...@ne...> > <mailto:jan...@ne... <mailto:jan...@ne...>> > > <mailto:jan...@ne... <mailto:jan...@ne...> > <mailto:jan...@ne... <mailto:jan...@ne...>>> > > > <mailto:jan...@ne... > <mailto:jan...@ne...> <mailto:jan...@ne... > <mailto:jan...@ne...>> > > <mailto:jan...@ne... <mailto:jan...@ne...> > <mailto:jan...@ne... <mailto:jan...@ne...>>>> > > > >>> > <mailto:jan...@ne... > <mailto:jan...@ne...> > > <mailto:jan...@ne... <mailto:jan...@ne...>> > > > <mailto:jan...@ne... > <mailto:jan...@ne...> <mailto:jan...@ne... > <mailto:jan...@ne...>>> > > <mailto:jan...@ne... <mailto:jan...@ne...> > <mailto:jan...@ne... <mailto:jan...@ne...>> > > > <mailto:jan...@ne... > <mailto:jan...@ne...> > > <mailto:jan...@ne... > <mailto:jan...@ne...>>>>>> wrote: > > > >>> > > > > >>> > Hey, > > > >>> > > > > >>> > I was playing around with a few python > scripts > > (using > > > >>> capstone among > > > >>> > other things) and always ran out of > memory - and I > > > have no > > > >>> freaking idea > > > >>> > why. > > > >>> > > > > >>> > > > > >>> > is this with the latest 3.0 version? > > > >>> > > > > >>> > thanks, > > > >>> > Q > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > The code is really short: > > > >>> > > > > >>> > > > > >>> > from capstone import Cs > > > >>> > from capstone import CS_ARCH_X86 > > > >>> > from capstone import CS_MODE_32 > > > >>> > from capstone import CS_GRP_JUMP > > > >>> > from capstone import CS_GRP_CALL > > > >>> > from capstone import CS_GRP_RET > > > >>> > from capstone.x86_const import X86_INS_JNE, > > X86_INS_JMP > > > >>> > > > > >>> > """ > > > >>> > 0x401000: push ecx > > > >>> > 0x401001: pop ecx > > > >>> > 0x401002: mov eax, dword ptr > [esp + > > 0x18] > > > >>> > 0x401006: mov eax, dword ptr > [eax] > > > >>> > 0x401008: sar eax, 0 > > > >>> > 0x40100b: xor edi, eax > > > >>> > 0x40100d: nop > > > >>> > 0x40100e: add dword ptr [esp > + 0x18], 4 > > > >>> > 0x401013: nop > > > >>> > 0x401014: dec word ptr [esp + > 0x14] > > > >>> > 0x401019: shld edi, ecx, 0 > > > >>> > 0x40101d: jne 0x401000 > > > >>> > """ > > > >>> > def get_code(): > > > >>> > CODE = > > > >>> > > > > >>> > > > > > > "\x51\x59\x8B\x44\x24\x18\x8B\x00\xC1\xF8\x00\x33\xF8\x90\x83\x44\x24\x18\x04\x90\x66\xFF\x4C\x24\x14\x0F\xA4\xCF\x00\x75\xE1" > > > >>> > > > > >>> > return CODE > > > >>> > > > > >>> > def is_branch(instr): > > > >>> > for group in branch_groups: > > > >>> > if group in instr.groups: > > > >>> > return True > > > >>> > return False > > > >>> > #return False > > > >>> > > > > >>> > # Disassemble until we hit basic block end. > > > >>> > def disasm(code): > > > >>> > disasm = Cs(CS_ARCH_X86, CS_MODE_32) > > > >>> > disasm.detail = True > > > >>> > address = 0x401000 > > > >>> > for instr in disasm.disasm(code, > address): > > > >>> > print "0x%x:\t%s\t%s" % > (instr.address, > > > instr.mnemonic, > > > >>> > instr.op_str) > > > >>> > if is_branch(instr): > > > >>> > break > > > >>> > > > > >>> > branch_groups = [CS_GRP_JUMP, CS_GRP_CALL, > > CS_GRP_RET] > > > >>> > code = get_code() > > > >>> > while True: > > > >>> > disasm(code) > > > >>> > > > > >>> > > > > >>> > That code goes out of memory after a few > > seconds. The > > > super > > > >>> weird thing > > > >>> > is, that if I change the implementation of > > > "is_branch(instr)" > > > >>> to simply > > > >>> > return False all the time, then the program > > does not > > > go out > > > >>> of memory! > > > >>> > Does anyone have an idea what's going on? > > > >>> > > > > >>> > Best > > > >>> > Jan > > > >>> > > > > >>> > > > > >>> > > > > > > ------------------------------------------------------------------------------ > > > >>> > Download BIRT iHub F-Type - The Free > > Enterprise-Grade > > > BIRT Server > > > >>> > from Actuate! Instantly Supercharge > Your Business > > > Reports and > > > >>> Dashboards > > > >>> > with Interactivity, Sharing, Native Excel > > Exports, App > > > >>> Integration & > > > >>> > more > > > >>> > Get technology previously reserved for > > billion-dollar > > > >>> corporations, FREE > > > >>> > > > > >>> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > >>> > > _______________________________________________ > > > >>> > Capstone-users mailing list > > > >>> > Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>> > > > >>> <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>>> > > > >>> > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>> > > > >>> <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>>>> > > > >>> > > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > > > ------------------------------------------------------------------------------ > > > >>> > Download BIRT iHub F-Type - The Free > Enterprise-Grade > > > BIRT Server > > > >>> > from Actuate! Instantly Supercharge Your > Business > > Reports and > > > >>> Dashboards > > > >>> > with Interactivity, Sharing, Native Excel > Exports, App > > > >>> Integration & more > > > >>> > Get technology previously reserved for > billion-dollar > > > >>> corporations, FREE > > > >>> > > > > >>> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > >>> > > > > >>> > > > > >>> > > > > >>> > _______________________________________________ > > > >>> > Capstone-users mailing list > > > >>> > Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>> > > > >>> <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>>> > > > >>> > > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > >>> > > > > >>> > > > >>> > > > >>> > > > > > > ------------------------------------------------------------------------------ > > > >>> Download BIRT iHub F-Type - The Free > Enterprise-Grade > > BIRT > > > Server > > > >>> from Actuate! Instantly Supercharge Your > Business Reports > > > and Dashboards > > > >>> with Interactivity, Sharing, Native Excel > Exports, App > > > Integration & > > > >>> more > > > >>> Get technology previously reserved for > billion-dollar > > > corporations, FREE > > > >>> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > >>> _______________________________________________ > > > >>> Capstone-users mailing list > > > >>> Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>> > > > >>> <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>>> > > > >>> > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > >>> > > > >>> > > > >>> > > > >>> > > > >>> > > > > > > ------------------------------------------------------------------------------ > > > >>> Download BIRT iHub F-Type - The Free Enterprise-Grade > > BIRT Server > > > >>> from Actuate! Instantly Supercharge Your Business > Reports and > > > Dashboards > > > >>> with Interactivity, Sharing, Native Excel Exports, App > > > Integration & more > > > >>> Get technology previously reserved for billion-dollar > > > corporations, FREE > > > >>> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > >>> > > > >>> > > > >>> > > > >>> _______________________________________________ > > > >>> Capstone-users mailing list > > > >>> Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>> > > > >>> > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > >>> > > > >> > > > >> > > > >> > > > > > > ------------------------------------------------------------------------------ > > > >> Download BIRT iHub F-Type - The Free > Enterprise-Grade BIRT > > Server > > > >> from Actuate! Instantly Supercharge Your Business > Reports and > > > Dashboards > > > >> with Interactivity, Sharing, Native Excel Exports, App > > > Integration & more > > > >> Get technology previously reserved for billion-dollar > > > corporations, FREE > > > >> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > >> _______________________________________________ > > > >> Capstone-users mailing list > > > >> Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>> > > > >> > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > >> > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > Download BIRT iHub F-Type - The Free > Enterprise-Grade BIRT > > Server > > > > from Actuate! Instantly Supercharge Your Business > Reports and > > > Dashboards > > > > with Interactivity, Sharing, Native Excel Exports, App > > Integration > > > & more > > > > Get technology previously reserved for billion-dollar > > > corporations, FREE > > > > > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > > _______________________________________________ > > > > Capstone-users mailing list > > > > Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>> > > > > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > Download BIRT iHub F-Type - The Free Enterprise-Grade > BIRT Server > > > from Actuate! Instantly Supercharge Your Business > Reports and > > Dashboards > > > with Interactivity, Sharing, Native Excel Exports, App > > Integration & > > > more > > > Get technology previously reserved for billion-dollar > > corporations, FREE > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > _______________________________________________ > > > Capstone-users mailing list > > > Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > <mailto:Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>>> > > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT > Server > > > from Actuate! Instantly Supercharge Your Business Reports and > > Dashboards > > > with Interactivity, Sharing, Native Excel Exports, App > > Integration & more > > > Get technology previously reserved for billion-dollar > > corporations, FREE > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > > > > > > > > > > _______________________________________________ > > > Capstone-users mailing list > > > Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > > > ------------------------------------------------------------------------------ > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > > from Actuate! Instantly Supercharge Your Business Reports and > Dashboards > > with Interactivity, Sharing, Native Excel Exports, App > Integration & > > more > > Get technology previously reserved for billion-dollar > corporations, FREE > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > _______________________________________________ > > Capstone-users mailing list > > Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > > ------------------------------------------------------------------------------ > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > > from Actuate! Instantly Supercharge Your Business Reports and > Dashboards > > with Interactivity, Sharing, Native Excel Exports, App > Integration & > > more > > Get technology previously reserved for billion-dollar > corporations, FREE > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > _______________________________________________ > > Capstone-users mailing list > > Cap...@li... > <mailto:Cap...@li...> > > <mailto:Cap...@li... > <mailto:Cap...@li...>> > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > > > > > > ------------------------------------------------------------------------------ > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > > from Actuate! Instantly Supercharge Your Business Reports and > Dashboards > > with Interactivity, Sharing, Native Excel Exports, App > Integration & more > > Get technology previously reserved for billion-dollar > corporations, FREE > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > > > > > > _______________________________________________ > > Capstone-users mailing list > > Cap...@li... > <mailto:Cap...@li...> > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & > more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > Capstone-users mailing list > Cap...@li... > <mailto:Cap...@li...> > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users > |
|
From: Nguyen A. Q. <aq...@gm...> - 2014-12-04 13:55:29
|
On Thu, Dec 4, 2014 at 8:01 PM, Jan Newger <jan...@ne...> wrote: > I think the easiest fix would be to free the memory from a finally > clause, as described here: > > https://docs.python.org/2/reference/simple_stmts.html#the-yield-statement > > Like this (untested): > > def disasm(self, code, offset, count=0): > all_insn = ctypes.POINTER(_cs_insn)() > '''if not _python2: > print(code) > code = code.encode() > print(code)''' > res = _cs.cs_disasm(self.csh, code, len(code), offset, count, > ctypes.byref(all_insn)) > if res > 0: > try: > for i in range(res): > yield CsInsn(self, all_insn[i]) > finally: > _cs.cs_free(all_insn, res) > else: > status = _cs.cs_errno(self.csh) > if status != CS_ERR_OK: > raise CsError(status) > return > yield > > can you submit a pull request on Github? thanks, Q On 12/04/2014 01:07 AM, Jasiel Spelman wrote: > > Nguyen, > > > > Here is example code that hopefully better illustrates Juriaan's > > point/what Jan is seeing: > > > > def gen_example(): > > print '[gen_example] START' > > for i in xrange(2): > > print '[gen_example] before yield: ', i > > yield i > > print '[gen_example] after yield: ', i > > print '[gen_example] END' > > > > print "Typical case" > > for i in gen_example(): > > print > > > > print "Jan's case" > > for i in gen_example(): > > if i == 1: > > break > > print > > > > > > Typical case > > [gen_example] START > > [gen_example] before yield: 0 > > > > [gen_example] after yield: 0 > > [gen_example] before yield: 1 > > > > [gen_example] after yield: 1 > > [gen_example] END > > > > > > Jan's case > > [gen_example] START > > [gen_example] before yield: 0 > > > > [gen_example] after yield: 0 > > [gen_example] before yield: 1 > > > > > > On Wed, Dec 3, 2014 at 5:49 PM, Nguyen Anh Quynh <aq...@gm... > > <mailto:aq...@gm...>> wrote: > > > > > > > > On Thu, Dec 4, 2014 at 6:32 AM, Jurriaan Bremer > > <jur...@gm... <mailto:jur...@gm...>> wrote: > > > > The 'yield' keyword allows one to fetch new records/rows (in > > this case > > disassembled instructions) on-demand. Doing an early exit (e.g., > > quitting from a for-loop iterating over a function that yield's > > after > > only, say, 2 out of 10 items) will prematurely exit the function > as > > well. Because, of course, why would Python calculate the latter 8 > > results when they're not used in the first place? This is also > > useful > > for never-ending functions - I suppose calculating digits of Pi > > would be > > a 'good' example. > > > > Anyway, so your cs_free() call is never reached in this case - > you > > should switch to cs_free()'ing every row after each iteration > > through > > the for loop. > > > > > > but the loop is called upon the number of successfully disassembled > > instructions, > > so there is no where in the code that might possibly quit the loop > > prematurely. > > > > thanks, > > > > Q > > > > On 12/04/2014 12:27 AM, Nguyen Anh Quynh wrote: > > > > > > > > > On Thu, Dec 4, 2014 at 4:42 AM, Jan Newger <jan...@ne... > <mailto:jan...@ne...> > > > <mailto:jan...@ne... <mailto:jan...@ne...>>> > wrote: > > > > > > This is the python implementation of the disasm function > > (starting at > > > line 791): > > > > > > def disasm(self, code, offset, count=0): > > > all_insn = ctypes.POINTER(_cs_insn)() > > > '''if not _python2: > > > print(code) > > > code = code.encode() > > > print(code)''' > > > res = _cs.cs_disasm(self.csh, code, len(code), > > offset, count, > > > ctypes.byref(all_insn)) > > > if res > 0: > > > for i in range(res): > > > yield CsInsn(self, all_insn[i]) > > > _cs.cs_free(all_insn, res) > > > else: > > > status = _cs.cs_errno(self.csh) > > > if status != CS_ERR_OK: > > > raise CsError(status) > > > return > > > yield > > > > > > I'm really no python expert, but from what I see you > > apparently need to > > > free the instruction instances manually. However, if client > > code stops > > > enumeration over the instructions prematurely, then > > _cs.cs_free() is > > > never invoked, and thus memory is leaked, right? > > > > > > > > > yes the problem must be with Python binding but not the core. > > > however, in the above code, cs_free() is called after the "for" > loop, > > > so i dont see how memleak can happen "prematurely". > > > > > > > > > thanks. > > > > > > > > > > > > > > > > > > On 03.12.2014 22:25, Jan Newger wrote: > > > > It seems the equivalent C implementation is not affected by > > the mem > > > > leak, which is to be expected, since the memory is > > explicitly freed > > > > anyways, and the group checking boils down to comparing an > > integer > > > value. > > > > > > > > If I had to guess, I'd suspect that in the python case the > > group > > > > checking code introduces a spurious reference to the > > instruction > > > > instance(?) which cannot be claimed by the GC. > > > > > > > > On 03.12.2014 16:57, Jan Newger wrote: > > > >> No I haven't tried to reproduce the mem leak with C. > > > >> It already took me a considerable amount of time to come > > up with this > > > >> minimal example. > > > >> > > > >> On 12/03/2014 04:53 PM, Capstone Engine wrote: > > > >>> > > > >>> > > > >>> On Wed, Dec 3, 2014 at 10:32 PM, Jan Newger > > > <jan...@ne... <mailto:jan...@ne...> > > <mailto:jan...@ne... <mailto:jan...@ne...>> > > > >>> <mailto:jan...@ne... > > <mailto:jan...@ne...> <mailto:jan...@ne... > > <mailto:jan...@ne...>>>> > > > wrote: > > > >>> > > > >>> > > > >>> Yes, it's using the latest version. > > > >>> OS was win7 x64 running python 2.7 with 32bit > libraries. > > > >>> > > > >>> > > > >>> this is interesting. have you tried to code the same > > program in > > > C to see > > > >>> if the mem leak issue still happens? > > > >>> > > > >>> > > > >>> thanks. > > > >>> > > > >>> > > > >>> > > > >>> > > > >>> On 12/03/2014 04:31 PM, Nguyen Anh Quynh wrote: > > > >>> > > > > >>> > > > > >>> > On Wed, Dec 3, 2014 at 4:57 PM, Jan Newger > > > <jan...@ne... <mailto:jan...@ne...> > > <mailto:jan...@ne... <mailto:jan...@ne...>> > > > <mailto:jan...@ne... <mailto:jan...@ne...> > > <mailto:jan...@ne... <mailto:jan...@ne...>>> > > > >>> > <mailto:jan...@ne... > > <mailto:jan...@ne...> > > > <mailto:jan...@ne... <mailto:jan...@ne...>> > > <mailto:jan...@ne... <mailto:jan...@ne...> > > > <mailto:jan...@ne... > > <mailto:jan...@ne...>>>>> wrote: > > > >>> > > > > >>> > Hey, > > > >>> > > > > >>> > I was playing around with a few python scripts > > (using > > > >>> capstone among > > > >>> > other things) and always ran out of memory - > and I > > > have no > > > >>> freaking idea > > > >>> > why. > > > >>> > > > > >>> > > > > >>> > is this with the latest 3.0 version? > > > >>> > > > > >>> > thanks, > > > >>> > Q > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > The code is really short: > > > >>> > > > > >>> > > > > >>> > from capstone import Cs > > > >>> > from capstone import CS_ARCH_X86 > > > >>> > from capstone import CS_MODE_32 > > > >>> > from capstone import CS_GRP_JUMP > > > >>> > from capstone import CS_GRP_CALL > > > >>> > from capstone import CS_GRP_RET > > > >>> > from capstone.x86_const import X86_INS_JNE, > > X86_INS_JMP > > > >>> > > > > >>> > """ > > > >>> > 0x401000: push ecx > > > >>> > 0x401001: pop ecx > > > >>> > 0x401002: mov eax, dword ptr [esp + > > 0x18] > > > >>> > 0x401006: mov eax, dword ptr [eax] > > > >>> > 0x401008: sar eax, 0 > > > >>> > 0x40100b: xor edi, eax > > > >>> > 0x40100d: nop > > > >>> > 0x40100e: add dword ptr [esp + > 0x18], 4 > > > >>> > 0x401013: nop > > > >>> > 0x401014: dec word ptr [esp + 0x14] > > > >>> > 0x401019: shld edi, ecx, 0 > > > >>> > 0x40101d: jne 0x401000 > > > >>> > """ > > > >>> > def get_code(): > > > >>> > CODE = > > > >>> > > > > >>> > > > > > > "\x51\x59\x8B\x44\x24\x18\x8B\x00\xC1\xF8\x00\x33\xF8\x90\x83\x44\x24\x18\x04\x90\x66\xFF\x4C\x24\x14\x0F\xA4\xCF\x00\x75\xE1" > > > >>> > > > > >>> > return CODE > > > >>> > > > > >>> > def is_branch(instr): > > > >>> > for group in branch_groups: > > > >>> > if group in instr.groups: > > > >>> > return True > > > >>> > return False > > > >>> > #return False > > > >>> > > > > >>> > # Disassemble until we hit basic block end. > > > >>> > def disasm(code): > > > >>> > disasm = Cs(CS_ARCH_X86, CS_MODE_32) > > > >>> > disasm.detail = True > > > >>> > address = 0x401000 > > > >>> > for instr in disasm.disasm(code, address): > > > >>> > print "0x%x:\t%s\t%s" % (instr.address, > > > instr.mnemonic, > > > >>> > instr.op_str) > > > >>> > if is_branch(instr): > > > >>> > break > > > >>> > > > > >>> > branch_groups = [CS_GRP_JUMP, CS_GRP_CALL, > > CS_GRP_RET] > > > >>> > code = get_code() > > > >>> > while True: > > > >>> > disasm(code) > > > >>> > > > > >>> > > > > >>> > That code goes out of memory after a few > > seconds. The > > > super > > > >>> weird thing > > > >>> > is, that if I change the implementation of > > > "is_branch(instr)" > > > >>> to simply > > > >>> > return False all the time, then the program > > does not > > > go out > > > >>> of memory! > > > >>> > Does anyone have an idea what's going on? > > > >>> > > > > >>> > Best > > > >>> > Jan > > > >>> > > > > >>> > > > > >>> > > > > > > ------------------------------------------------------------------------------ > > > >>> > Download BIRT iHub F-Type - The Free > > Enterprise-Grade > > > BIRT Server > > > >>> > from Actuate! Instantly Supercharge Your > Business > > > Reports and > > > >>> Dashboards > > > >>> > with Interactivity, Sharing, Native Excel > > Exports, App > > > >>> Integration & > > > >>> > more > > > >>> > Get technology previously reserved for > > billion-dollar > > > >>> corporations, FREE > > > >>> > > > > >>> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > >>> > _______________________________________________ > > > >>> > Capstone-users mailing list > > > >>> > Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>> > > > >>> <mailto:Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>>> > > > >>> > <mailto:Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>> > > > >>> <mailto:Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>>>> > > > >>> > > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > > > ------------------------------------------------------------------------------ > > > >>> > Download BIRT iHub F-Type - The Free > Enterprise-Grade > > > BIRT Server > > > >>> > from Actuate! Instantly Supercharge Your Business > > Reports and > > > >>> Dashboards > > > >>> > with Interactivity, Sharing, Native Excel Exports, > App > > > >>> Integration & more > > > >>> > Get technology previously reserved for > billion-dollar > > > >>> corporations, FREE > > > >>> > > > > >>> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > >>> > > > > >>> > > > > >>> > > > > >>> > _______________________________________________ > > > >>> > Capstone-users mailing list > > > >>> > Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>> > > > >>> <mailto:Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>>> > > > >>> > > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > >>> > > > > >>> > > > >>> > > > >>> > > > > > > ------------------------------------------------------------------------------ > > > >>> Download BIRT iHub F-Type - The Free Enterprise-Grade > > BIRT > > > Server > > > >>> from Actuate! Instantly Supercharge Your Business > Reports > > > and Dashboards > > > >>> with Interactivity, Sharing, Native Excel Exports, App > > > Integration & > > > >>> more > > > >>> Get technology previously reserved for billion-dollar > > > corporations, FREE > > > >>> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > >>> _______________________________________________ > > > >>> Capstone-users mailing list > > > >>> Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>> > > > >>> <mailto:Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>>> > > > >>> > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > >>> > > > >>> > > > >>> > > > >>> > > > >>> > > > > > > ------------------------------------------------------------------------------ > > > >>> Download BIRT iHub F-Type - The Free Enterprise-Grade > > BIRT Server > > > >>> from Actuate! Instantly Supercharge Your Business Reports > and > > > Dashboards > > > >>> with Interactivity, Sharing, Native Excel Exports, App > > > Integration & more > > > >>> Get technology previously reserved for billion-dollar > > > corporations, FREE > > > >>> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > >>> > > > >>> > > > >>> > > > >>> _______________________________________________ > > > >>> Capstone-users mailing list > > > >>> Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>> > > > >>> > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > >>> > > > >> > > > >> > > > >> > > > > > > ------------------------------------------------------------------------------ > > > >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT > > Server > > > >> from Actuate! Instantly Supercharge Your Business Reports > and > > > Dashboards > > > >> with Interactivity, Sharing, Native Excel Exports, App > > > Integration & more > > > >> Get technology previously reserved for billion-dollar > > > corporations, FREE > > > >> > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > >> _______________________________________________ > > > >> Capstone-users mailing list > > > >> Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>> > > > >> > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > >> > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT > > Server > > > > from Actuate! Instantly Supercharge Your Business Reports > and > > > Dashboards > > > > with Interactivity, Sharing, Native Excel Exports, App > > Integration > > > & more > > > > Get technology previously reserved for billion-dollar > > > corporations, FREE > > > > > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > > _______________________________________________ > > > > Capstone-users mailing list > > > > Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>> > > > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT > Server > > > from Actuate! Instantly Supercharge Your Business Reports and > > Dashboards > > > with Interactivity, Sharing, Native Excel Exports, App > > Integration & > > > more > > > Get technology previously reserved for billion-dollar > > corporations, FREE > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > _______________________________________________ > > > Capstone-users mailing list > > > Cap...@li... > > <mailto:Cap...@li...> > > > <mailto:Cap...@li... > > <mailto:Cap...@li...>> > > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > > > from Actuate! Instantly Supercharge Your Business Reports and > > Dashboards > > > with Interactivity, Sharing, Native Excel Exports, App > > Integration & more > > > Get technology previously reserved for billion-dollar > > corporations, FREE > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > > > > > > > > > > _______________________________________________ > > > Capstone-users mailing list > > > Cap...@li... > > <mailto:Cap...@li...> > > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > > > ------------------------------------------------------------------------------ > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > > from Actuate! Instantly Supercharge Your Business Reports and > Dashboards > > with Interactivity, Sharing, Native Excel Exports, App Integration & > > more > > Get technology previously reserved for billion-dollar corporations, > FREE > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > _______________________________________________ > > Capstone-users mailing list > > Cap...@li... > > <mailto:Cap...@li...> > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > > ------------------------------------------------------------------------------ > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > > from Actuate! Instantly Supercharge Your Business Reports and > Dashboards > > with Interactivity, Sharing, Native Excel Exports, App Integration & > > more > > Get technology previously reserved for billion-dollar corporations, > FREE > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > _______________________________________________ > > Capstone-users mailing list > > Cap...@li... > > <mailto:Cap...@li...> > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > > > > > > ------------------------------------------------------------------------------ > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > > with Interactivity, Sharing, Native Excel Exports, App Integration & more > > Get technology previously reserved for billion-dollar corporations, FREE > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > > > > > > _______________________________________________ > > Capstone-users mailing list > > Cap...@li... > > https://lists.sourceforge.net/lists/listinfo/capstone-users > > > > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users > |
