Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help

[GROETZ, M. A C. U. A. AFRL/R. <mic...@us...>]

I guess I'm also confused by what you mean when you refer to illegal code. Seems like no matter what exe I try to disassemble,  I get about 4 lines assembly instructions.

Thanks.



-----Original Message-----
From: Nguyen Anh Quynh [mailto:aq...@gm...] 
Sent: Friday, January 23, 2015 10:38 AM
To: Capstone disassembly framework (www.capstone-engine.org)
Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help



On Fri, Jan 23, 2015 at 11:15 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote:


	When I try to disassemble Test.exe, I get the following:
	
	0x1000: pop             r10
	0x1002: npop
	0x1003  add             byte ptr [rbx], a1
	0x1005: add             byte ptr [rbx], a1
	
	


i can see that you are trying to disasm Test.exe, but dont expect to see its code: you are actually reading from the beginning of Test.exe, where the PE header is. the actual code is way behind that. and by default, Capstone stops at the first ever illegal code, so you only see 4 assembly instructions like above.


thanks.