[Capstone-users] bad opcode interruption

[Özgür D. O. <ozg...@gm...>]

Hi,

I have faced with a problem while trying to disassemble a file, Capstone
disassembling stops when there is a bad opcode. I shared the code, Capstone
and objdump outputs below, and I'll appreciate if there is any workaround
for this case.

Kind Regards,
Ozgur

The code is as shown below.
from capstone import *
md = Cs(CS_ARCH_X86, CS_MODE_64)
eop = 0x200
data = pe.get_memory_mapped_image()[eop:]
for i in md.disasm(data, 0x1000):
    print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))

The output is:
0x1000: pop     r10
0x1002: push    rax
0x1003: add     byte ptr [rdx], al
0x1005: add     byte ptr [rax], al
0x1007: add     byte ptr [rax + rax], al

However, the objdump output is:
"\x4d\x5a"    \\rex.WRB pop r10
"\x50"    \\push   rax
"\x00\x02"    \\add    BYTE PTR [rdx],al
"\x00\x00"    \\add    BYTE PTR [rax],al
"\x00\x04\x00"    \\add    BYTE PTR [rax+rax*1],al
"\x0f\x00"    \\(bad)
"\xff"    \\(bad)
"\xff\x00"    \\inc    DWORD PTR [rax]
...