[Dailydave] Capstone disassembly framework: looking for Beta-testers
Nguyen Anh Quynh
aquynh at gmail.com
Thu Nov 21 09:40:36 EST 2013
On Thu, Nov 21, 2013 at 9:32 PM, Albert López <newbiesworld at hotmail.com>wrote:
>
> Mmmm, I haven't played a lot with Radare, but I think that it already has
> all (or almost all) your "unique features" ;)
>
> http://radare.org/ <http://radare.org/y/>
>
> Moreover, they have a great documentation:
> http://radare.org/y/?p=documentation
>
> Just in case you don't know the tool :)
>
>
cool, your observation is really interesting! yes, i am well aware of
Radare, which is an excellent tool in my opinion. however, with all due
respect, there are some differences that i want to elaborate here:
- first of all, Radare is not really a "lightweight" disasm framework. in
fact it is more like a tool set that includes a lot of small libs and tools
inside. you can do, but i think it is not very trivial to use Radare as
disasm framework, which is not its main task.
- on supporting hardware architectures (X86 + ARM + ARM-64 + Mips): Radare
relies on a bunch of disasm engines, but most of them are really outdated,
with no support for newer instructions & CPU extensions. that is true on
all above archs, with no exception i guess. on the other hand, we believe
Capstone has better support for these archs. (of course Radare works for a
lot other archs, but that is not what we focus on so far)
- on decomposition functionality, as said above, Radare doesn't seem to do
that itself, but relies on other frameworks (correct me if i am wrong
here). and even Radare can do that, i doubt that it supports all above
archs.
- on instruction semantics, i am not sure if Radare give us the list of
implicit registers read/written for disasm instructions, or if it can do
that for all above archs. somebody can enlighten me here, if i am wrong.
- on API, i am quite confident that Capstone API is as
simple/clean/lightweight/intuitive as anything else, or even more. this is
the key when we designed the API. lets see if this is true when the
framework is released - soon after testing phase.
- on bindings: i am not sure if Radare has a list of bindings like
Capstone, which includes Python, Ruby, Ocaml, Java, C# & Go. and these
bindings are all manually written to be lightweight and efficient, as we
dont like bloated SWIG.
- Radare also support all OS platforms, so no difference here. however,
Capstone is extremely lightweight and simple: it requires absolutely Zero
prerequisite packages, and can compiled all in under 7 seconds on my
laptop. somebody can confirm if Radare is this simple, or not?
- on the license, i doubt that Radare is BSD. the most important disasm lib
it uses seems to be libopcodes coming from GNU binutils, which is under
GPL. for this reason, i doubt that you can commercialize (close source)
your products based on Radare disasm lib (if there is such a thing).
- on documentation, we are working on that, as it is not released yet (in
testing phase right now). but the doc will be good, no worry here.
combining all of above reasons, i still believe what Capstone offers is
unique. when i started to look into this area, i could not find anything
with all of above features, so i had to design and implement Capstone.
long enough, but again, i never mean to criticize Radare here. in contrast,
i like the mighty Radare project, have a lot of respects for the community,
and very much want it to be successful.
in fact, two projects dont even mean to compete, as Capstone can be used as
disasm framework for Radare, if their developers think Capstone is good
enough.
cheers,
Quynh
------------------------------
>
> gpg --keyserver pgp.mit.edu --search-keys EEE5A447
> http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447&op=vindex
>
>
>
> ------------------------------
> From: aquynh at gmail.com
>
> Date: Wed, 20 Nov 2013 14:08:12 +0800
> To: full-disclosure at lists.grok.org.uk; bugtraq at securityfocus.com;
> dailydave at lists.immunityinc.com
> Subject: [Dailydave] Capstone disassembly framework: looking for
> Beta-testers
>
>
> Hi,
>
> I am going to release a disassembly framework named Capstone, which has
> some unique features:
>
> - Support all important hardware architectures: X86 (16/32/64bit) + ARM
> (including Thumb & Thumb2) + ARM-64 (aka ARMv8) + Mips.
>
> - Simple lightweight intuitive architecture-neutral API that works in the
> same way across all archs.
>
> - Implemented in pure C language, with native lightweight bindings for
> Python, Ruby, OCaml, C#, Java & GO vailable.
>
> - Provide details on disassembled instruction (called "decomposer" by
> others).
>
> - Offer some semantics of the disassembled instruction, such as list of
> all implicit registers read/written, or if the instruction belongs to a
> group of instructions (like ARM Neon, or Intel SSE4.2 group).
>
> - Native support for Windows, Mac OSX & Linux.
>
> - BSD license.
>
>
> So if you can help to beta-test Capstone before it is public (soon),
> please contact me via this email or via website at:
>
> http://www.capstone-engine.org
>
>
> Thanks,
> Quynh
>
>
>
> _______________________________________________ Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20131121/2bc5dc63/attachment.html>
More information about the Dailydave
mailing list