Menu
▾
▴
Re: [Capstone-users] disassembling functions using cs_disasm
|
From: Jay O. <ja...@ko...> - 2017-05-28 21:21:51
|
See the documentation: http://www.capstone-engine.org/lang_c.html The arguments you need to pass are a pointer to the code and the size of the code buffer. Since your buffer is just a zeroed array, you're getting the expected behavior. The fourth arg is the disassembly location. It's not a pointer, just an integer. But you can use a pointer to disassemble code in memory. You want to use something like this: cs_disasm(handle, printf, 256, (uint64_t) printf, 0, &insn); Where the `256` is just a guess of the function size. On Sun, May 28, 2017 at 12:42 PM, JonathonS <the...@gm...> wrote: > Hi, I've been trying use capstone to disassemble functions in memory (e.g. > printf, fread, etc.). Ideally, I'd like to see the function > prologue/epilogue as well as function body. > > I've been using this code here (https://toastedcornflakes. > github.io/articles/fuzzing_capstone_with_afl.html) as a starting point > but I haven't figured out how accomplish what I want. I am a bit confused > on what to provide cs_disasm. > > Here is what I a have: > > #include "capstone.h" > > int main(int argc, char** argv) { > csh handle; > cs_insn *insn; > size_t count; > uint8_t buf[128] = {0}; > > if (cs_open(CS_ARCH_ARM, CS_MODE_ARM, &handle) == CS_ERR_OK) { > count = cs_disasm(handle, buf, sizeof(buf), (uint64_t) printf, 0, &insn); > > // TODO: Print instructions > > cs_free(insn, count); > } > cs_close(&handle); > return 0;} > > However, when I run this code and when I print the instructions, I keep > getting > > andeq r0,r0,r0 > > which I guess is the equivalent of 0/no-op on ARM. This seems incorrect. > > Thanks in advance for any help! > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Capstone-users mailing list > Cap...@li... > https://lists.sourceforge.net/lists/listinfo/capstone-users > > |
