Function
_toNative()
InsnType
Native instruction struct.
Convert JavaScript object to native struct.
Source
Object.defineProperty(CsInsn.prototype, "_toNative", {
"value" : function () {
if (this._nativeInsn) {
return this._nativeInsn;
}
// Convert arch number to string
var archStr = exports.ARCH.toString(this.arch);
var insn = new InsnType();
insn.id.set(this.id);
insn.address.set(this.address);
insn.size.set(this.bytes.length);
new Buffer(this.bytes).copy(insn.bytes);
insn.mnemonic.writeCString(0, this.mnemonic);
insn.op_str.writeCString(0, this.op_str);
if (this.detail) {
insn.detail = ref.alloc(DetailType);
var detail = insn.detail.deref();
detail.regs_read.buffer.fill(0);
detail.regs_write.buffer.fill(0);
detail.groups.buffer.fill(0);
new Buffer(this.detail.regs_read).copy(detail.regs_read.buffer);
new Buffer(this.detail.regs_write).copy(detail.regs_write.buffer);
new Buffer(this.detail.groups).copy(detail.groups.buffer);
detail.regs_read_count.set(this.detail.regs_read.length);
detail.regs_write_count.set(this.detail.regs_write.length);
detail.groups_count.set(this.detail.groups.length);
detail.arch[archStr]._load(this.detail[archStr]);
}
Object.defineProperty(this, "_nativeInsn", {
"get" : function () {
return insn;
}
});
return insn;
}
});
Function
INSN_OFFSET(insns, pos)
Number
Instruction offset.
| Arg Name |
Type |
Description |
| insns |
CsInsn[] |
Array of instructions. |
| pos |
Number |
Position. |
Calculate the offset of a disassembled instruction in its buffer,
given its position in its array of disassembled insn
NOTE: this macro works with position >= 1, not index
Source
exports.INSN_OFFSET = function (insns, pos) {
return insns[pos - 1].address - insns[0].address;
};
Function
version()
Number[]
Three-element array containing: [ combined, major, minor ]
Retrieve version number from the Capstone library.
var version = capstone.version();
console.log(
"combined: 0x%s, version: %s",
version[0].toString(16), version.slice(1).join(".")
);
//> combined: 0x201, version: 2.1
Source
exports.version = function () {
var major = ref.alloc("int");
var minor = ref.alloc("int");
var combined = capstone.cs_version(major, minor);
return [ combined, major.deref(), minor.deref() ];
};
Function
version_bind()
Number[]
Three-element array containing: [ combined, major, minor ]
Retrieve version number from the JavaScript bindings.
var version = capstone.version();
console.log(
"combined: 0x%s, version: %s",
version[0].toString(16), version.slice(1).join(".")
);
//> combined: 0x201, version: 2.1
Source
exports.version_bind = function () {
return [ VERSION[0] << 8 | VERSION[1], VERSION[0], VERSION[1] ];
};
Function
support(query)
Boolean
True if Capstone supports the given arch or support.
| Arg Name |
Type |
Description |
| query |
ARCH, SUPPORT |
Architecture or Support query. |
Query Capstone for supported architectures.
console.log(capstone.support(capstone.ARCH_ALL)); //> true
console.log(capstone.support(capstone.SUPPORT_DIET)); //> false
Source
exports.support = capstone.cs_support;
Function
strerror(code)
String
Error description
| Arg Name |
Type |
Description |
| code |
ERR |
Error code |
Return a string describing the given error code.
console.log(capstone.strerror(capstone.ERR_DETAIL));
Source
exports.strerror = capstone.cs_strerror;
Function
close()
Free allocated memory for this Capstone instance. This must be called when
the Capstone instance is no longer needed. DO NOT let the Capstone instance
get garbage collected until this method has been called.
Source
exports.Cs.prototype.close = function () {
var errno = capstone.cs_close(this.csh);
if (errno) {
throw "cs_close returned " + errno + ": " + exports.strerror(errno);
}
};
Function
errno()
ERR
Error code
Report last error when a Capstone API function fails.
Source
exports.Cs.prototype.errno = function () {
return capstone.cs_errno(this.csh.deref());
};
Function
disasm(buffer, addr, [max=0])
CsInsn[]
Array of instructions.
| Arg Name |
Type |
Description |
| buffer |
Buffer |
Binary to disassemble. |
| addr |
Number |
Starting address for the given buffer. |
| [max=0] |
Number |
Max number of instructions to disassemble. |
Disassemble the binary contained in a Buffer.
Source
exports.Cs.prototype.disasm = function (buffer, addr, max) {
var insn = ref.alloc(new ArrayType(InsnType));
var count = capstone.cs_disasm(
this.csh.deref(),
buffer,
buffer.length,
addr,
max || 0,
insn
);
if (!count) {
var errno = this.errno();
throw "cs_disasm returned " + errno + ": " + exports.strerror(errno);
}
// Get instruction array, and fix length
var insns = insn.deref();
insns.length = count;
// Create a JavaScript view of the instruction array
var instructions = [];
for (var i = 0; i < count; i++) {
instructions.push(new CsInsn(insns[i], this.arch));
}
// Free the native instruction array
capstone.cs_free(insns.buffer, count);
return instructions;
};
Function
disasm_lite(buffer, addr, [max=0])
Array[]
Instruction arrays: [ address, size, mnemonic, op_str ]
| Arg Name |
Type |
Description |
| buffer |
Buffer |
Binary to disassemble. |
| addr |
Number |
Starting address for the given buffer. |
| [max=0] |
Number |
Max number of instructions to disassemble. |
Disassemble the binary contained in a Buffer, with a lightweight API.
Source
exports.Cs.prototype.disasm_lite = function (buffer, addr, max) {
var insn = ref.alloc(new ArrayType(InsnType));
var count = capstone.cs_disasm(
this.csh.deref(),
buffer,
buffer.length,
addr,
max || 0,
insn
);
if (!count) {
var errno = this.errno();
throw "cs_disasm_lite returned " + errno + ": " +
exports.strerror(errno);
}
// Get instruction array, and fix length
var insns = insn.deref();
insns.length = count;
// Create a JavaScript view of the instruction array
var instructions = [];
for (var i = 0; i < count; i++) {
instructions.push([
insns[i].address,
insns[i].size,
insns[i].mnemonic.buffer.readCString(0),
insns[i].op_str.buffer.readCString(0)
]);
}
// Free the native instruction array
capstone.cs_free(insns.buffer, count);
return instructions;
};
Function
disasm_iter(buffer, addr, insn)
Boolean
True if successfully disassembled one instruction.
| Arg Name |
Type |
Description |
| buffer |
Buffer |
Binary to disassemble. |
| addr |
Number |
Starting address for the given buffer. |
| insn |
CsInsn |
Disassembled instruction detail. |
Disassemble the binary contained in a Buffer, with the iterator API.
Source
exports.Cs.prototype.disasm_iter = function () { //(iter, callback) {
// TODO
// `iter` is a dictionary that the iterator will update
// `callback` is called for each iteration, receiving the CsInsn
// Will need to interally allocate a cs_insn buffer for this method
};
Function
reg_name(id)
String
Register name, or null on error
| Arg Name |
Type |
Description |
| id |
Number |
Register ID |
Return register name as a string for given register ID.
Source
exports.Cs.prototype.reg_name = function (id) {
return capstone.cs_reg_name(this.csh.deref(), id);
};
Function
insn_name(id)
String
Instruction name, or null on error
| Arg Name |
Type |
Description |
| id |
Number |
Instruction ID |
Return instruction name as a string for given instruction ID.
Source
exports.Cs.prototype.insn_name = function (id) {
return capstone.cs_insn_name(this.csh.deref(), id);
};
Function
insn_group(insn, id)
Boolean
True if the instruction belongs to the given group.
| Arg Name |
Type |
Description |
| insn |
CsInsn |
Instruction |
| id |
Number |
Group ID |
Check if a disassembled instruction belongs to a particular group.
NOTE: this API is only valid when detail option is ON (OFF by default)
Source
exports.Cs.prototype.insn_group = function (insn, id) {
return capstone.cs_insn_group(this.csh.deref(), insn._toNative(), id);
};
Function
reg_read(insn, id)
Boolean
True if the instruction reads the given register.
| Arg Name |
Type |
Description |
| insn |
CsInsn |
Instruction |
| id |
Number |
Register ID |
Check if a disassembled instruction IMPLICITLY reads a particular register.
NOTE: this API is only valid when detail option is ON (OFF by default)
Source
exports.Cs.prototype.reg_read = function (insn, id) {
return capstone.cs_reg_read(this.csh.deref(), insn._toNative(), id);
};
Function
reg_write(insn, id)
Boolean
True if the instruction writes the given register.
| Arg Name |
Type |
Description |
| insn |
CsInsn |
Instruction |
| id |
Number |
Register ID |
Check if a disassembled instruction IMPLICITLY writes a particular register.
NOTE: this API is only valid when detail option is ON (OFF by default)
Source
exports.Cs.prototype.reg_write = function (insn, id) {
return capstone.cs_reg_write(this.csh.deref(), insn._toNative(), id);
};
Function
op_count(insn, op_type)
Number
Number of operands, or -1 on failure.
| Arg Name |
Type |
Description |
| insn |
CsInsn |
Instruction |
| op_type |
Number |
Operand type to be found. |
Count the number of operands with a particular type for an instruction.
NOTE: this API is only valid when detail option is ON (OFF by default)
Source
exports.Cs.prototype.op_count = function (insn, op_type) {
return capstone.cs_op_count(this.csh.deref(), insn._toNative(), op_type);
};
Function
op_index(insn, op_type, position)
Number
Number of operands, or -1 on failure.
| Arg Name |
Type |
Description |
| insn |
CsInsn |
Instruction |
| op_type |
Number |
Operand type to be found. |
| position |
Number |
Position of the operand to be found. |
Retrieve position of the operand of given type in disassembled instruction.
position must be in range: [1, n] where n == Cs.op_count(insn, op_type)
NOTE: this API is only valid when detail option is ON (OFF by default)
Source
exports.Cs.prototype.op_index = function (insn, op_type, position) {
return capstone.cs_op_index(
this.csh.deref(),
insn._toNative(),
op_type,
position
);
};
Function
REL_ADDR(insn)
Number
Instruction address
| Arg Name |
Type |
Description |
| insn |
CsInsn |
Instruction |
Calculate relative address for X86_64, for the given CsInsn structure.
Source
exports.REL_ADDR = function (insn) {
return insn.address + insn.size + insn.detail.arch.x86.disp;
};