3.0

November 19, 2014

Release 3.0 is a stable version with major changes on the core & bindings.


API changes

  • New API csdisasmiter & cs_malloc. See online doc at http://capstone-engine.org/iteration.html
  • Renamed API csdisasmex to cs_disasm (csdisasmex is still supported, but marked obsolete to be removed in future)
  • Support SKIPDATA mode, so Capstone can jump over unknown data and keep going from the next legitimate instruction.
  • More details provided in cs_detail struct for all architectures.
  • API version was bumped to 3.0.


Bindings support

  • Python binding supports Python3 (besides Python2).
  • Support Ocaml binding.


Architectures

  • New architectures: Sparc, SystemZ & XCore.
  • Important bugfixes for Arm, Arm64, Mips, PowerPC & X86.
  • Support more instructions for Arm, Arm64, Mips, PowerPC & X86.
  • Always expose absolute addresses rather than relative addresses (Arm, Arm64, Mips, PPC, Sparc, X86).
  • Use common instruction operand types REG, IMM, MEM & FP across all architectures (to enable cross-architecture analysis).
  • Use common instruction group types across all architectures (to enable cross-architecture analysis).


X86

  • X86 engine is mature & handles all the malware tricks (that we are aware of).
  • Added a lot of new instructions (such as AVX512, 3DNow, etc).
  • Add prefixed symbols X86PREFIXREP/REPNE/LOCK/CS/DS/SS/FS/GS/ES/OPSIZE/ADDRSIZE (x86.h).
  • Print immediate in positive form & hexadecimal for AND/OR/XOR instructions.
  • More friendly disassembly for JMP16i (in the form segment:offset)


Mips

  • Engine added supports for new hardware modes: Mips32R6 (CSMODEMIPS32R6) & *MipsGP64 (*CSMODEMIPSGP64).
  • Removed the ABI-only mode CSMODEN64.
  • New modes CSMODEMIPS32 & CSMODEMIPS64 (instead of CSMODE32 & CSMODE64).


ARM

  • Support new mode CSMODEV8 for Armv8 A32 encodings.
  • Print immediate in positive form & hexadecimal for AND/ORR/EOR/BIC instructions


ARM64

  • Print immediate in hexadecimal for AND/ORR/EOR/TST instructions.


PowerPC

  • Do not print a dot in front of absolute address.


Others