【免费】Capstone反汇编引擎_Windows平台反汇编工具推荐资源-CSDN下载

共19个文件

h：17个

lib：2个

需积分: 0 130 浏览量更新于2023-06-11 收藏 4.43MB ZIP 举报

Capstone 反汇编引擎是一款强大的、开源的跨平台反汇编库，广泛应用于软件分析、逆向工程和安全研究领域。它支持多种指令集架构，包括x86（16/32/64位）、ARM（包括ARMv8）、MIPS、PPC、SPARC、SystemZ等。在Windows平台上，Capstone可以与Visual Studio 2013无缝集成，为开发者提供高效且灵活的反汇编功能。 Capstone引擎的核心特性包括： 1. **多架构支持**：Capstone支持多种处理器架构的指令解码，包括Intel x86, x86_64, ARM, ARM64, MIPS, PPC, SPARC, SystemZ, PowerPC, SuperH, M68K和TX-Z80等，覆盖了从嵌入式到服务器的广泛应用场景。 2. **高性能**：设计时考虑了性能优化，Capstone可以在不牺牲准确性的前提下，快速地将二进制代码转换为可读的汇编语言。 3. **易用的API**：Capstone提供了C, C++, Python, Java等多种编程语言的接口，使得开发者可以方便地在自己的应用程序中集成反汇编功能。 4. **多模式解码**：Capstone支持正常模式和详细模式，前者只提供基本的指令解码，而后者则包括操作数、寻址方式等更详细的信息。 5. **自定义回调机制**：用户可以通过注册回调函数来处理解码过程中的特定事件，例如识别到特定指令时执行自定义操作。 6. **兼容性**：不仅支持Windows（包括VS2013），还可在Linux、macOS、Android等操作系统上运行。在使用Capstone与VS2013配合时，你需要下载capstone_msvc12相关的库文件，包含头文件和库文件，然后在项目设置中添加对应的包含目录和库依赖。例如，你可能需要在`#include`语句中引用`capstone/capstone.h`，并链接`capstone.lib`。在实际开发中，你可以通过以下步骤使用Capstone： 1. 初始化Capstone引擎，指定要反汇编的架构和模式。 2. 将二进制代码作为字节序列传递给Capstone进行解码。 3. 遍历解码结果，获取每个指令的元数据，如指令名称、操作数、地址等。 4. 根据需要解析和处理这些信息，如分析控制流、识别函数等。 Capstone反汇编引擎是Windows平台上进行二进制分析和逆向工程的利器，它的强大功能和易用性使其成为许多专业开发者的首选工具。通过集成到VS2013，开发者可以在熟悉的开发环境中便捷地进行反汇编任务，提升工作效率。

收起资源包目录

capstone_msvc12.zip （19个子文件）

capstone_msvc12

include

platform.h 3KB

capstone

xcore.h 5KB

evm.h 4KB

platform.h 4KB

capstone.h 29KB

arm64.h 28KB

ppc.h 25KB

sparc.h 11KB

tms320c64x.h 8KB

arm.h 18KB

m680x.h 12KB

m68k.h 14KB

mips.h 17KB

x86.h 42KB

systemz.h 14KB

windowsce

intrin.h 315B

stdint.h 3KB

lib

capstone32.lib 11.58MB

capstone64.lib 11.76MB

身份认证购VIP最低享 7 折!

30元优惠券

资源推荐

资源预览

资源评论

#ifndef CAPSTONE_X86_H #define CAPSTONE_X86_H /* Capstone Disassembly Engine */ /* By Nguyen Anh Quynh <[email protected]>, 2013-2015 */ #ifdef __cplusplus extern "C" { #endif #include "platform.h" /// Calculate relative address for X86-64, given cs_insn structure #define X86_REL_ADDR(insn) (((insn).detail->x86.operands[0].type == X86_OP_IMM) \ ? (uint64_t)((insn).detail->x86.operands[0].imm) \ : (((insn).address + (insn).size) + (uint64_t)(insn).detail->x86.disp)) /// X86 registers typedef enum x86_reg { X86_REG_INVALID = 0, X86_REG_AH, X86_REG_AL, X86_REG_AX, X86_REG_BH, X86_REG_BL, X86_REG_BP, X86_REG_BPL, X86_REG_BX, X86_REG_CH, X86_REG_CL, X86_REG_CS, X86_REG_CX, X86_REG_DH, X86_REG_DI, X86_REG_DIL, X86_REG_DL, X86_REG_DS, X86_REG_DX, X86_REG_EAX, X86_REG_EBP, X86_REG_EBX, X86_REG_ECX, X86_REG_EDI, X86_REG_EDX, X86_REG_EFLAGS, X86_REG_EIP, X86_REG_EIZ, X86_REG_ES, X86_REG_ESI, X86_REG_ESP, X86_REG_FPSW, X86_REG_FS, X86_REG_GS, X86_REG_IP, X86_REG_RAX, X86_REG_RBP, X86_REG_RBX, X86_REG_RCX, X86_REG_RDI, X86_REG_RDX, X86_REG_RIP, X86_REG_RIZ, X86_REG_RSI, X86_REG_RSP, X86_REG_SI, X86_REG_SIL, X86_REG_SP, X86_REG_SPL, X86_REG_SS, X86_REG_CR0, X86_REG_CR1, X86_REG_CR2, X86_REG_CR3, X86_REG_CR4, X86_REG_CR5, X86_REG_CR6, X86_REG_CR7, X86_REG_CR8, X86_REG_CR9, X86_REG_CR10, X86_REG_CR11, X86_REG_CR12, X86_REG_CR13, X86_REG_CR14, X86_REG_CR15, X86_REG_DR0, X86_REG_DR1, X86_REG_DR2, X86_REG_DR3, X86_REG_DR4, X86_REG_DR5, X86_REG_DR6, X86_REG_DR7, X86_REG_DR8, X86_REG_DR9, X86_REG_DR10, X86_REG_DR11, X86_REG_DR12, X86_REG_DR13, X86_REG_DR14, X86_REG_DR15, X86_REG_FP0, X86_REG_FP1, X86_REG_FP2, X86_REG_FP3, X86_REG_FP4, X86_REG_FP5, X86_REG_FP6, X86_REG_FP7, X86_REG_K0, X86_REG_K1, X86_REG_K2, X86_REG_K3, X86_REG_K4, X86_REG_K5, X86_REG_K6, X86_REG_K7, X86_REG_MM0, X86_REG_MM1, X86_REG_MM2, X86_REG_MM3, X86_REG_MM4, X86_REG_MM5, X86_REG_MM6, X86_REG_MM7, X86_REG_R8, X86_REG_R9, X86_REG_R10, X86_REG_R11, X86_REG_R12, X86_REG_R13, X86_REG_R14, X86_REG_R15, X86_REG_ST0, X86_REG_ST1, X86_REG_ST2, X86_REG_ST3, X86_REG_ST4, X86_REG_ST5, X86_REG_ST6, X86_REG_ST7, X86_REG_XMM0, X86_REG_XMM1, X86_REG_XMM2, X86_REG_XMM3, X86_REG_XMM4, X86_REG_XMM5, X86_REG_XMM6, X86_REG_XMM7, X86_REG_XMM8, X86_REG_XMM9, X86_REG_XMM10, X86_REG_XMM11, X86_REG_XMM12, X86_REG_XMM13, X86_REG_XMM14, X86_REG_XMM15, X86_REG_XMM16, X86_REG_XMM17, X86_REG_XMM18, X86_REG_XMM19, X86_REG_XMM20, X86_REG_XMM21, X86_REG_XMM22, X86_REG_XMM23, X86_REG_XMM24, X86_REG_XMM25, X86_REG_XMM26, X86_REG_XMM27, X86_REG_XMM28, X86_REG_XMM29, X86_REG_XMM30, X86_REG_XMM31, X86_REG_YMM0, X86_REG_YMM1, X86_REG_YMM2, X86_REG_YMM3, X86_REG_YMM4, X86_REG_YMM5, X86_REG_YMM6, X86_REG_YMM7, X86_REG_YMM8, X86_REG_YMM9, X86_REG_YMM10, X86_REG_YMM11, X86_REG_YMM12, X86_REG_YMM13, X86_REG_YMM14, X86_REG_YMM15, X86_REG_YMM16, X86_REG_YMM17, X86_REG_YMM18, X86_REG_YMM19, X86_REG_YMM20, X86_REG_YMM21, X86_REG_YMM22, X86_REG_YMM23, X86_REG_YMM24, X86_REG_YMM25, X86_REG_YMM26, X86_REG_YMM27, X86_REG_YMM28, X86_REG_YMM29, X86_REG_YMM30, X86_REG_YMM31, X86_REG_ZMM0, X86_REG_ZMM1, X86_REG_ZMM2, X86_REG_ZMM3, X86_REG_ZMM4, X86_REG_ZMM5, X86_REG_ZMM6, X86_REG_ZMM7, X86_REG_ZMM8, X86_REG_ZMM9, X86_REG_ZMM10, X86_REG_ZMM11, X86_REG_ZMM12, X86_REG_ZMM13, X86_REG_ZMM14, X86_REG_ZMM15, X86_REG_ZMM16, X86_REG_ZMM17, X86_REG_ZMM18, X86_REG_ZMM19, X86_REG_ZMM20, X86_REG_ZMM21, X86_REG_ZMM22, X86_REG_ZMM23, X86_REG_ZMM24, X86_REG_ZMM25, X86_REG_ZMM26, X86_REG_ZMM27, X86_REG_ZMM28, X86_REG_ZMM29, X86_REG_ZMM30, X86_REG_ZMM31, X86_REG_R8B, X86_REG_R9B, X86_REG_R10B, X86_REG_R11B, X86_REG_R12B, X86_REG_R13B, X86_REG_R14B, X86_REG_R15B, X86_REG_R8D, X86_REG_R9D, X86_REG_R10D, X86_REG_R11D, X86_REG_R12D, X86_REG_R13D, X86_REG_R14D, X86_REG_R15D, X86_REG_R8W, X86_REG_R9W, X86_REG_R10W, X86_REG_R11W, X86_REG_R12W, X86_REG_R13W, X86_REG_R14W, X86_REG_R15W, X86_REG_ENDING // <-- mark the end of the list of registers } x86_reg; // Sub-flags of EFLAGS #define X86_EFLAGS_MODIFY_AF (1ULL << 0) #define X86_EFLAGS_MODIFY_CF (1ULL << 1) #define X86_EFLAGS_MODIFY_SF (1ULL << 2) #define X86_EFLAGS_MODIFY_ZF (1ULL << 3) #define X86_EFLAGS_MODIFY_PF (1ULL << 4) #define X86_EFLAGS_MODIFY_OF (1ULL << 5) #define X86_EFLAGS_MODIFY_TF (1ULL << 6) #define X86_EFLAGS_MODIFY_IF (1ULL << 7) #define X86_EFLAGS_MODIFY_DF (1ULL << 8) #define X86_EFLAGS_MODIFY_NT (1ULL << 9) #define X86_EFLAGS_MODIFY_RF (1ULL << 10) #define X86_EFLAGS_PRIOR_OF (1ULL << 11) #define X86_EFLAGS_PRIOR_SF (1ULL << 12) #define X86_EFLAGS_PRIOR_ZF (1ULL << 13) #define X86_EFLAGS_PRIOR_AF (1ULL << 14) #define X86_EFLAGS_PRIOR_PF (1ULL << 15) #define X86_EFLAGS_PRIOR_CF (1ULL << 16) #define X86_EFLAGS_PRIOR_TF (1ULL << 17) #define X86_EFLAGS_PRIOR_IF (1ULL << 18) #define X86_EFLAGS_PRIOR_DF (1ULL << 19) #define X86_EFLAGS_PRIOR_NT (1ULL << 20) #define X86_EFLAGS_RESET_OF (1ULL << 21) #define X86_EFLAGS_RESET_CF (1ULL << 22) #define X86_EFLAGS_RESET_DF (1ULL << 23) #define X86_EFLAGS_RESET_IF (1ULL << 24) #define X86_EFLAGS_RESET_SF (1ULL << 25) #define X86_EFLAGS_RESET_AF (1ULL << 26) #define X86_EFLAGS_RESET_TF (1ULL << 27) #define X86_EFLAGS_RESET_NT (1ULL << 28) #define X86_EFLAGS_RESET_PF (1ULL << 29) #define X86_EFLAGS_SET_CF (1ULL << 30) #define X86_EFLAGS_SET_DF (1ULL << 31) #define X86_EFLAGS_SET_IF (1ULL << 32) #define X86_EFLAGS_TEST_OF (1ULL << 33) #define X86_EFLAGS_TEST_SF (1ULL << 34) #define X86_EFLAGS_TEST_ZF (1ULL << 35) #define X86_EFLAGS_TEST_PF (1ULL << 36) #define X86_EFLAGS_TEST_CF (1ULL << 37) #define X86_EFLAGS_TEST_NT (1ULL << 38) #define X86_EFLAGS_TEST_DF (1ULL << 39) #define X86_EFLAGS_UNDEFINED_OF (1ULL << 40) #define X86_EFLAGS_UNDEFINED_SF (1ULL << 41) #define X86_EFLAGS_UNDEFINED_ZF (1ULL << 42) #define X86_EFLAGS_UNDEFINED_PF (1ULL << 43) #define X86_EFLAGS_UNDEFINED_AF (1ULL << 44) #define X86_EFLAGS_UNDEFINED_CF (1ULL << 45) #define X86_EFLAGS_RESET_RF (1ULL << 46) #define X86_EFLAGS_TEST_RF (1ULL << 47) #define X86_EFLAGS_TEST_IF (1ULL << 48) #define X86_EFLAGS_TEST_TF (1ULL << 49) #define X86_EFLAGS_TEST_AF (1ULL << 50) #define X86_EFLAGS_RESET_ZF (1ULL << 51) #define X86_EFLAGS_SET_OF (1ULL << 52) #define X86_EFLAGS_SET_SF (1ULL << 53) #define X86_EFLAGS_SET_ZF (1ULL << 54) #define X86_EFLAGS_SET_AF (1ULL << 55) #define X86_EFLAGS_SET_PF (1ULL << 56) #define X86_EFLAGS_RESET_0F (1ULL << 57) #define X86_EFLAGS_RESET_AC (1ULL << 58) #define X86_FPU_FLAGS_MODIFY_C0 (1ULL << 0) #define X86_FPU_FLAGS_MODIFY_C1 (1ULL << 1) #define X86_FPU_FLAGS_MODIFY_C2 (1ULL << 2) #define X86_FPU_FLAGS_MODIFY_C3 (1ULL << 3) #define X86_FPU_FLAGS_RESET_C0 (1ULL << 4) #define X86_FPU_FLAGS_RESET_C1 (1ULL << 5) #define X86_FPU_FLAGS_RESET_C2 (1ULL << 6) #define X86_FPU_FLAGS_RESET_C3 (1ULL << 7) #define X86_FPU_FLAGS_SET_C0 (1ULL << 8) #define X86_FPU_FLAGS_SET_C1 (1ULL << 9) #define X86_FPU_FLAGS_SET_C2 (1ULL << 10) #define X86_FPU_FLAGS_SET_C3 (1ULL << 11) #define X86_FPU_FLAGS_UNDEFINED_C0 (1ULL << 12) #define X86_FPU_FLAGS_UNDEFINED_C1 (1ULL << 13) #define X86_FPU_FLAGS_UNDEFINED_C2 (1ULL << 14) #define X86_FPU_FLAGS_UNDEFINED_C3 (1ULL << 15) #define X86_FPU_FLAGS_TEST_C0 (1ULL << 16) #define X86_FPU_FLAGS_TEST_C1 (1ULL << 17) #define X86_FPU_FLAGS_TEST_C2 (1ULL << 18) #define X86_FPU_FLAGS_TEST_C3 (1ULL << 19) /// Operand type for instruction's operands typedef enum x86_op_type { X86_OP_INVALID = 0, ///< = CS_OP_INVALID (Uninitialized). X86_OP_REG, ///< = CS_OP_REG (Register operand). X86_OP_IMM, ///< = CS_OP_IMM (Immediate operand). X86_OP_MEM, ///< = CS_OP_MEM (Memory operand). } x86_op_type; /// XOP Code Condition type typedef enum x86_xop_cc { X86_XOP_CC_INVALID = 0, ///< Uninitialized. X86_XOP_CC_LT, X86_XOP_CC_LE, X86_XOP_CC_GT, X86_XOP_CC_GE, X86_XOP_CC_EQ, X86_XOP_CC_NEQ, X86_XOP_CC_FALSE, X86_XOP_CC_TRUE, } x86_xop_cc; /// AVX broadcast type typedef enum x86_avx_bcast { X86_AVX_BCAST_INVALID = 0, ///< Uninitialized. X86_AVX_BCAST_2, ///< AVX512 broadcast type {1to2} X86_AVX_BCAST_4, ///< AVX