Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help

[GROETZ, M. A C. U. A. AFRL/R. <mic...@us...>]

Okay, so I apologize in advanced if this is a stupid question. How do I see all the dissembled code - beyond the PE header? Can you provide an example?

Thank You for helping me.

-Mike

-----Original Message-----
From: Nguyen Anh Quynh [mailto:aq...@gm...] 
Sent: Friday, January 23, 2015 10:38 AM
To: Capstone disassembly framework (www.capstone-engine.org)
Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help



On Fri, Jan 23, 2015 at 11:15 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote:


	When I try to disassemble Test.exe, I get the following:
	
	0x1000: pop             r10
	0x1002: npop
	0x1003  add             byte ptr [rbx], a1
	0x1005: add             byte ptr [rbx], a1
	
	


i can see that you are trying to disasm Test.exe, but dont expect to see its code: you are actually reading from the beginning of Test.exe, where the PE header is. the actual code is way behind that. and by default, Capstone stops at the first ever illegal code, so you only see 4 assembly instructions like above.


thanks.