<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Nov 21, 2013 at 9:32 PM, Albert López <span dir="ltr"><<a href="mailto:newbiesworld@hotmail.com" target="_blank">newbiesworld@hotmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><div dir="ltr"><font face="Calibri"><br></font>Mmmm, I haven't played a lot with Radare, but I think that it already has all (or almost all) your "unique features" ;)<div><br></div><div><a href="http://radare.org/y/" target="_blank">http://radare.org/</a></div>
<div><br></div><div>Moreover, they have a great documentation:</div><div><a href="http://radare.org/y/?p=documentation" target="_blank">http://radare.org/y/?p=documentation</a><br><br><div>Just in case you don't know the tool :)</div>
<div><font face="Courier New" size="1"><br></font></div></div></div></div></blockquote><div><br></div><div>cool, your observation is really interesting! yes, i am well aware of Radare, which is an excellent tool in my opinion. however, with all due respect, there are some differences that i want to elaborate here:<br>
<br></div><div>- first of all, Radare is not really a "lightweight" disasm framework. in fact it is more like a tool set that includes a lot of small libs and tools inside. you can do, but i think it is not very trivial to use Radare as disasm framework, which is not its main task.<br>
<br></div><div>- on supporting hardware architectures (X86 + ARM
+ ARM-64 + Mips): Radare relies on a bunch of disasm engines, but most of them are really outdated, with no support for newer instructions & CPU extensions. that is true on all above archs, with no exception i guess. on the other hand, we believe Capstone has better support for these archs. (of course Radare works for a lot other archs, but that is not what we focus on so far)<br>
<br></div><div>- on decomposition functionality, as said above, Radare doesn't seem to do that itself, but relies on other frameworks (correct me if i am wrong here). and even Radare can do that, i doubt that it supports all above archs.<br>
<br></div><div>- on instruction semantics, i am not sure if Radare give us the list of implicit registers read/written for disasm instructions, or if it can do that for all above archs. somebody can enlighten me here, if i am wrong.<br>
<br></div><div>- on API, i am quite confident that Capstone API is as simple/clean/lightweight/intuitive as anything else, or even more. this is the key when we designed the API. lets see if this is true when the framework is released - soon after testing phase.<br>
<br></div><div>- on bindings: i am not sure if Radare has a list of bindings like Capstone, which includes Python, Ruby, Ocaml, Java, C# & Go. and these bindings are all manually written to be lightweight and efficient, as we dont like bloated SWIG.<br>
<br></div><div>- Radare also support all OS platforms, so no difference here. however, Capstone is extremely lightweight and simple: it requires absolutely Zero prerequisite packages, and can compiled all in under 7 seconds on my laptop. somebody can confirm if Radare is this simple, or not?<br>
<br></div><div>- on the license, i doubt that Radare is BSD. the most important disasm lib it uses seems to be libopcodes coming from GNU binutils, which is under GPL. for this reason, i doubt that you can commercialize (close source) your products based on Radare disasm lib (if there is such a thing).<br>
<br></div><div>- on documentation, we are working on that, as it is not released yet (in testing phase right now). but the doc will be good, no worry here.<br><br></div><div>combining all of above reasons, i still believe what Capstone offers is unique. when i started to look into this area, i could not find anything with all of above features, so i had to design and implement Capstone.<br>
<br></div><div>long enough, but again, i never mean to criticize Radare here. in contrast, i like the mighty Radare project, have a lot of respects for the community, and very much want it to be successful. <br><br>in fact, two projects dont even mean to compete, as Capstone can be used as disasm framework for Radare, if their developers think Capstone is good enough.<br>
<br></div><div>cheers,<br>Quynh<br><br><br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div dir="ltr"><div><div><font face="Courier New" size="1"></font></div>
<div></div><div><hr></div><div><font face="Courier New" size="1"><br></font></div><div><font face="Courier New" size="1">gpg --keyserver <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a> --search-keys EEE5A447</font></div>
<div><font face="Courier New" size="1"><a href="http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447&op=vindex" target="_blank">http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447&op=vindex</a></font></div><div>
<br></div><br><br><div><hr>From: <a href="mailto:aquynh@gmail.com" target="_blank">aquynh@gmail.com</a><div class="im"><br>Date: Wed, 20 Nov 2013 14:08:12 +0800<br></div>To: <a href="mailto:full-disclosure@lists.grok.org.uk" target="_blank">full-disclosure@lists.grok.org.uk</a>; <a href="mailto:bugtraq@securityfocus.com" target="_blank">bugtraq@securityfocus.com</a>; <a href="mailto:dailydave@lists.immunityinc.com" target="_blank">dailydave@lists.immunityinc.com</a><br>
Subject: [Dailydave] Capstone disassembly framework: looking for Beta-testers<div><div class="h5"><br><br><div dir="ltr"><div><div dir="ltr">Hi,<br><br>I am going to release a disassembly framework named Capstone, which has some unique features:<br>
<br>- Support all important hardware architectures: X86 (16/32/64bit) + ARM (including Thumb & Thumb2) + ARM-64 (aka ARMv8) + Mips.<br>
<br>- Simple lightweight intuitive architecture-neutral API that works in the same way across all archs.<br><br>- Implemented in pure C language, with native lightweight bindings for Python, Ruby, OCaml, C#, Java & GO vailable.<br>
<br>- Provide details on disassembled instruction (called "decomposer" by others).<br><br>- Offer some semantics of the disassembled instruction, such as list of all implicit registers read/written, or if the instruction belongs to a group of instructions (like ARM Neon, or Intel SSE4.2 group).<br>
<br>- Native support for Windows, Mac OSX & Linux.<br><br>- BSD license.<br><br><br>So if you can help to beta-test Capstone before it is public (soon), please contact me via this email or via website at:<br><br> <a href="http://www.capstone-engine.org" target="_blank">http://www.capstone-engine.org</a><br>
<br><br>Thanks,<br>Quynh<br><br></div>
</div><br></div>
<br></div></div>_______________________________________________
Dailydave mailing list
<a href="mailto:Dailydave@lists.immunityinc.com" target="_blank">Dailydave@lists.immunityinc.com</a>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a></div></div> </div></div>
</blockquote></div><br></div></div>