1*9a0e4156SSadaf EbrahimiThis directory contains cstool of Capstone Engine. 2*9a0e4156SSadaf Ebrahimi 3*9a0e4156SSadaf EbrahimiCstool is a command-line tool to disassemble assembly hex-string. 4*9a0e4156SSadaf EbrahimiFor example, to decode a hexcode string for Intel 32bit, run: 5*9a0e4156SSadaf Ebrahimi 6*9a0e4156SSadaf Ebrahimi $ cstool x32 "90 91" 7*9a0e4156SSadaf Ebrahimi 8*9a0e4156SSadaf Ebrahimi 0 90 nop 9*9a0e4156SSadaf Ebrahimi 1 91 xchg eax, ecx 10*9a0e4156SSadaf Ebrahimi 11*9a0e4156SSadaf EbrahimiCstool disassembles the input and prints out the assembly instructions. 12*9a0e4156SSadaf EbrahimiOn each line, the first column is the instruction offset, the second 13*9a0e4156SSadaf Ebrahimicolumn is opcodes, and the rest is the instruction itself. 14*9a0e4156SSadaf Ebrahimi 15*9a0e4156SSadaf EbrahimiCstool is flexible enough to accept all kind of hexcode format. The following 16*9a0e4156SSadaf Ebrahimiinputs have the same output with the example above. 17*9a0e4156SSadaf Ebrahimi 18*9a0e4156SSadaf Ebrahimi $ cstool x32 "0x90 0x91" 19*9a0e4156SSadaf Ebrahimi $ cstool x32 "\x90\x91" 20*9a0e4156SSadaf Ebrahimi $ cstool x32 "90,91" 21*9a0e4156SSadaf Ebrahimi $ cstool x32 "90;91" 22*9a0e4156SSadaf Ebrahimi $ cstool x32 "90+91" 23*9a0e4156SSadaf Ebrahimi $ cstool x32 "90:91" 24*9a0e4156SSadaf Ebrahimi 25*9a0e4156SSadaf EbrahimiTo print out instruction details, run Cstool with -d option, like below. 26*9a0e4156SSadaf Ebrahimi 27*9a0e4156SSadaf Ebrahimi $ cstool -d x32 "01 d8" 28*9a0e4156SSadaf Ebrahimi 0 01d8 add eax, ebx 29*9a0e4156SSadaf Ebrahimi Prefix:0x00 0x00 0x00 0x00 30*9a0e4156SSadaf Ebrahimi Opcode:0x01 0x00 0x00 0x00 31*9a0e4156SSadaf Ebrahimi rex: 0x0 32*9a0e4156SSadaf Ebrahimi addr_size: 4 33*9a0e4156SSadaf Ebrahimi modrm: 0xd8 34*9a0e4156SSadaf Ebrahimi disp: 0x0 35*9a0e4156SSadaf Ebrahimi sib: 0x0 36*9a0e4156SSadaf Ebrahimi op_count: 2 37*9a0e4156SSadaf Ebrahimi operands[0].type: REG = eax 38*9a0e4156SSadaf Ebrahimi operands[0].size: 4 39*9a0e4156SSadaf Ebrahimi operands[0].access: READ | WRITE 40*9a0e4156SSadaf Ebrahimi operands[1].type: REG = ebx 41*9a0e4156SSadaf Ebrahimi operands[1].size: 4 42*9a0e4156SSadaf Ebrahimi operands[1].access: READ 43*9a0e4156SSadaf Ebrahimi Registers read: eax ebx 44*9a0e4156SSadaf Ebrahimi Registers modified: eflags eax 45*9a0e4156SSadaf Ebrahimi EFLAGS: MOD_AF MOD_CF MOD_SF MOD_ZF MOD_PF MOD_OF 46*9a0e4156SSadaf Ebrahimi 47*9a0e4156SSadaf EbrahimiTo see all the supported options, run ./cstool 48