Full Disclosure mailing list archives
Re: [Dailydave] Capstone disassembly framework: looking for Beta-testers
From: Nguyen Anh Quynh <aquynh () gmail com>
Date: Thu, 21 Nov 2013 22:40:36 +0800
On Thu, Nov 21, 2013 at 9:32 PM, Albert López <newbiesworld () hotmail com>wrote:
Mmmm, I haven't played a lot with Radare, but I think that it already has all (or almost all) your "unique features" ;) http://radare.org/ <http://radare.org/y/> Moreover, they have a great documentation: http://radare.org/y/?p=documentation Just in case you don't know the tool :)
cool, your observation is really interesting! yes, i am well aware of Radare, which is an excellent tool in my opinion. however, with all due respect, there are some differences that i want to elaborate here: - first of all, Radare is not really a "lightweight" disasm framework. in fact it is more like a tool set that includes a lot of small libs and tools inside. you can do, but i think it is not very trivial to use Radare as disasm framework, which is not its main task. - on supporting hardware architectures (X86 + ARM + ARM-64 + Mips): Radare relies on a bunch of disasm engines, but most of them are really outdated, with no support for newer instructions & CPU extensions. that is true on all above archs, with no exception i guess. on the other hand, we believe Capstone has better support for these archs. (of course Radare works for a lot other archs, but that is not what we focus on so far) - on decomposition functionality, as said above, Radare doesn't seem to do that itself, but relies on other frameworks (correct me if i am wrong here). and even Radare can do that, i doubt that it supports all above archs. - on instruction semantics, i am not sure if Radare give us the list of implicit registers read/written for disasm instructions, or if it can do that for all above archs. somebody can enlighten me here, if i am wrong. - on API, i am quite confident that Capstone API is as simple/clean/lightweight/intuitive as anything else, or even more. this is the key when we designed the API. lets see if this is true when the framework is released - soon after testing phase. - on bindings: i am not sure if Radare has a list of bindings like Capstone, which includes Python, Ruby, Ocaml, Java, C# & Go. and these bindings are all manually written to be lightweight and efficient, as we dont like bloated SWIG. - Radare also support all OS platforms, so no difference here. however, Capstone is extremely lightweight and simple: it requires absolutely Zero prerequisite packages, and can compiled all in under 7 seconds on my laptop. somebody can confirm if Radare is this simple, or not? - on the license, i doubt that Radare is BSD. the most important disasm lib it uses seems to be libopcodes coming from GNU binutils, which is under GPL. for this reason, i doubt that you can commercialize (close source) your products based on Radare disasm lib (if there is such a thing). - on documentation, we are working on that, as it is not released yet (in testing phase right now). but the doc will be good, no worry here. combining all of above reasons, i still believe what Capstone offers is unique. when i started to look into this area, i could not find anything with all of above features, so i had to design and implement Capstone. long enough, but again, i never mean to criticize Radare here. in contrast, i like the mighty Radare project, have a lot of respects for the community, and very much want it to be successful. in fact, two projects dont even mean to compete, as Capstone can be used as disasm framework for Radare, if their developers think Capstone is good enough. cheers, Quynh ------------------------------
gpg --keyserver pgp.mit.edu --search-keys EEE5A447 http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447&op=vindex ------------------------------ From: aquynh () gmail com Date: Wed, 20 Nov 2013 14:08:12 +0800 To: full-disclosure () lists grok org uk; bugtraq () securityfocus com; dailydave () lists immunityinc com Subject: [Dailydave] Capstone disassembly framework: looking for Beta-testers Hi, I am going to release a disassembly framework named Capstone, which has some unique features: - Support all important hardware architectures: X86 (16/32/64bit) + ARM (including Thumb & Thumb2) + ARM-64 (aka ARMv8) + Mips. - Simple lightweight intuitive architecture-neutral API that works in the same way across all archs. - Implemented in pure C language, with native lightweight bindings for Python, Ruby, OCaml, C#, Java & GO vailable. - Provide details on disassembled instruction (called "decomposer" by others). - Offer some semantics of the disassembled instruction, such as list of all implicit registers read/written, or if the instruction belongs to a group of instructions (like ARM Neon, or Intel SSE4.2 group). - Native support for Windows, Mac OSX & Linux. - BSD license. So if you can help to beta-test Capstone before it is public (soon), please contact me via this email or via website at: http://www.capstone-engine.org Thanks, Quynh _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Capstone disassembly framework: looking for Beta-testers Nguyen Anh Quynh (Nov 19)
- Re: [Dailydave] Capstone disassembly framework: looking for Beta-testers Albert López (Nov 21)
- Re: [Dailydave] Capstone disassembly framework: looking for Beta-testers Nguyen Anh Quynh (Nov 21)
- Re: [Dailydave] Capstone disassembly framework: looking for Beta-testers Nguyen Anh Quynh (Nov 21)
- Re: [Dailydave] Capstone disassembly framework: looking for Beta-testers Nguyen Anh Quynh (Nov 21)
- Re: [Dailydave] Capstone disassembly framework: looking for Beta-testers Albert López (Nov 21)