Capstone

Welcome

Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.

Highlight features


Some of the reasons making Capstone unique are elaborated here.

Testimonials

“Capstone will soon be the standard disassembly engine”. – Bruce Dang.

“Capstone solves a well known issue in the reversing community by a well tested and maintained library for most common architectures using a generic API”. – Pancake.

“And, nowadays, Capstone is the best embeddable disassembler out there”. – Joxean Koret.

“The community has always needed a project like Capstone and finally we have one. Kudos!”. – Daniel Pistelli.

“I must have mentioned it at least 25 times today with our client. Not sure yet, but this engine might just be the gold standard”. – Stephen Ridley.

“Developers of Capstone provide great support. Its small size and high modularity makes it perfectly working in kernel as well!”. – Peter Hlavaty.

“Simply the best - recommended to anyone asking which disassembler to use!”. – Jurriaan Bremer.

“The most complete disassembler library available for the reverse engineering and information security communities”. – Pedro “osxreverser” Vilaça.

“The API is straightforward and easy to work with. In few occasions, the Capstone developers have provided bug fixes, new features, and support in a matter of hours!”. – Sean Heelan.

“Love at first sight! Beautiful API, support latest instructions, Capstone truly is the ultimate disassembly framework!”. – Ole André Vadla Ravnås.

“I expect Capstone to become the standard, a stepping stone for all projects everywhere”. – Ange Albertini.

See complete testimonials for Capstone here



CEnigma tool

30
Jul
2014

We are happy to announce a little web-based tool named CEnigma to disassemble input hexcode!

CEnigma offers some advantages:

  • Fast, simple & easy to use: just paste your hexstring, choose architecture/mode/syntax, then submit to get back assembly code.

  • User-friendly: accept input of all kind of formats (as long as it contains hexcode inside).

  • Provide instruction details (just hover the mouse over the assembly instructions).

  • Link to assembly manual (just click into the assembly instructions).

  • Save output for future references (choose Duration before submitting).

  • Backed by Capstone, CEnigma is always updated on all 8 architectures: Arm, Arm64, Mips, PPC, Sparc, SystemZ, XCore, X86 (+X86_64).


Find more at www.cenigma.org.


Peeking into the next release

21
May
2014

We have been working hard for the next release of Capstone, which promises a lot of important updates in various areas.

Get the latest code from our Github’s next branch to experience the cutting-edge features of the upcoming version.

Summary of the most interesting changes:

  • New architectures: Sparc & SystemZ.

  • Important bugfixes for Arm, Arm64, Mips & X86.

  • Handle 3DNow instructions of X86.

  • Support for Microsoft Visual Studio (so Windows native compilation using MSVC is possible).

  • Cross-compile for Android.

  • Support SKIPDATA mode, so Capstone can jump over unknown data and keep going at the next legitimate instruction.

  • Python binding supports Python3.

  • X86 engine is now mature & handle all the malware tricks that we are aware of. If you have any code that Capstone wrongly processes, please report so we can fix them.


Further details are available in our Changelog


On a related news, Capstone now has NodeJS binding! This great work was created & maintained by Jason Oster.


Version 2.1.2

3
Apr
2014

We are happy to announce the stable version 2.1.2 of Capstone disassembly framework!

This fixes some bugs deep inside the core. There is no update to the API interface, so bindings of older version 2.1 are compatible, thus can still be used with this release.

Find the source code & precompiled binaries in the download section. See documentation for how to compile and install Capstone.

Highlights of the changes:

  • Support cross-compilation for all iDevices (iPhone/iPad/iPod).

  • X86: do not print memory offset in negative form.

  • Fix a bug in X86 when Capstone cannot handle short instruction.

  • Print negative numbers in range [-9, -1] without prefix 0x (arm64, mips, arm).

  • Correct the SONAME setup for library versioning on Linux, *BSD & Solaris.

  • Set library versioning for dylib of OSX.

  • Remove the redundant include/diet.h


NOTE

  • This release fixes the library versioning for Mac OSX, Linux, *BSD & Solaris. This might require recompiling tools compiled with prior Capstone - but there is no need to modify tools’ source whatsoever.

  • This version made no API change, so old bindings of release 2.1 still work just fine. The only exception is Python binding package for Windows in Download section: users still need to upgrade this as this package actually includes the new core engine 2.1.2 inside.


CEbot - reverse binary code using just Twitter

24
Mar
2014

We running a CEbot, a tool help you disassemble binary code right from your Twitter account.

To use CEbot, follow these 2 simple steps:

  • Tweet your hex string with hashtag #2ce (“To-Capstone-Engine”), or send it directly to @ceb0t.

  • Wait 1 ~ 2 seconds, the reversed assembly code will be sent back, also via Twitter. Be sure to check the Notifications tab if you do not see it soon enough.


Further information is available here


Version 2.1.1

13
Mar
2014

We are glad to announce a stable version 2.1.1 of Capstone disassembly framework!

This is a stable release to fix some bugs deep in the core. There is no new update to any architectures or bindings, so programs written with version 2.1 still work without having to recompile. Besides, bindings of older version 2.1 are compatible, thus can still be used this release.

The source code & precompiled binaries are in the download section. See documentation for how to compile and install Capstone.

Highlights of the changes:

  • Fix a buffer overflow bug in Thumb mode (ARM). For this reason, all ARM users should upgrade.

  • Fix a crash issue when embedding Capstone into Mac OSX kernel by reducing the stack memory usage. This should also enable Capstone to be embedded into other systems with limited stack memory size such as Linux kernel or some firmwares.

  • Use a proper SONAME for library versioning (Linux).

  • See changelog for more details.


NOTE

  • This version made no API change, so old bindings of release 2.1 still work just fine. The only exception is Python binding package for Windows in Download section: users still need to upgrade this as this package actually includes the new core engine 2.1.1 inside.

Version 2.1!

5
Mar
2014

We are happy to announce version 2.1 of Capstone disassembly framework!

The source code & precompiled binaries are in the download section. See documentation for how to compile and install Capstone.

Highlights of some important changes:

  • Library size is around 40% smaller, but framework is faster. Especially, X86-only binary is about 3 times smaller than in version 2.0: only 780 KB now.

  • Support diet compilation option to minimize the framework, making Capstone more suitable for embedding into OS kernel or firmware. Example: X86-only engine is only 480 KB with this customization.

  • Consume less memory: around 40% less than version 2.0.

  • Python binding offers some new lighter APIs that can improve performance up to 30%.

  • Fixed some memory leaking issues of Java & Cython bindings.

  • Lots of bugfixes.

  • API version bumped to 2.1.

  • See changelog for more details.


NOTE

  • This version made an API change, so some (trivial) modifications to 2.0-based tools are needed to switch to 2.1.

  • Make sure to install the Python/Java bindings coming with this version, as the old bindings from version 2.0 are incompatible with the new core.



See the news archive for older posts.