Menu
▾
▴
Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help
|
From: GROETZ, M. A C. U. A. AFRL/R. <mic...@us...> - 2015-01-28 18:17:20
|
Just download the latest Netbeans 8.0.2 and it comes with Java 1.8. Create a new project. Add Test86.java to the project. Under project properties -> libraries add capstone.jar. Add capstone.dll to your project directory main folder (where build.xml is). Run the project, that's it. Netbeans is pretty easy to figure out if you are not familiar with it. I'm using Win 7 x64. On a side note, if anyone has C code that calculates the size of the PE header and can pass it on I would greatly appreciate it. Thanks, Mike -----Original Message----- From: Nguyen Anh Quynh [mailto:aq...@gm...] Sent: Friday, January 23, 2015 7:29 PM To: Capstone disassembly framework (www.capstone-engine.org); mac...@gm... Subject: Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help On Fri, Jan 23, 2015 at 11:43 PM, Peter Mackay <mac...@gm...> wrote: Hello, Sorry for butting in. I've never used the Java wrapper so I may be off-base here, but is it possible you're getting nulls for the mnemonic and operands because you're not enabling detail? cs.setDetail(true); // maybe something like this. Peter, i think you mistake the Detail mode with X86-Reduce mode (http://capstone-engine.org/x86reduce.html), because even if Detail mode is OFF (which is default mode), you always have Mnemonics & operands. only when engine is built in X86-Reduce mode, you have NULL mnemonics & operands. anyway, Peter got a good point, but this situation is unlikely to happen with Groetz for some reasons: 1. by default, Capstone do not enable X86-Reduce mode. you must know how to compile the engine to have that. 2. his C code works without any issue, so X86-Reduce mode must be disable. 3. The engine available in binary at http://capstone-engine.org/download/3.0/capstone-3.0-win64.zip is a full engine (with X86-Reduce mode OFF), and Groetz also used that but his problem is not solved. Groetz, can you tell in detail every steps you did (from download, compile, install Capstone, to how you install Java, compile TestX86.java & run it), so i can try to reproduce the problem on Windows? thanks. Q On 23 January 2015 at 15:37, Nguyen Anh Quynh <aq...@gm...> wrote: > > > On Fri, Jan 23, 2015 at 11:15 PM, GROETZ, MICHAEL A CTR USAF AFMC > AFRL/RYWA <mic...@us...> wrote: >> >> When I try to disassemble Test.exe, I get the following: >> >> 0x1000: pop r10 >> 0x1002: npop >> 0x1003 add byte ptr [rbx], a1 >> 0x1005: add byte ptr [rbx], a1 >> > > i can see that you are trying to disasm Test.exe, but dont expect to > see its > code: you are actually reading from the beginning of Test.exe, where > the PE header is. the actual code is way behind that. and by default, > Capstone stops at the first ever illegal code, so you only see 4 > assembly instructions like above. > > thanks. > > > ---------------------------------------------------------------------- > -------- New Year. New Location. New Benefits. New Data Center in > Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users > ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Capstone-users mailing list Cap...@li... https://lists.sourceforge.net/lists/listinfo/capstone-users |
