Module: Crabstone

Defined in:
lib/crabstone.rb,
lib/crabstone/arch.rb,
lib/crabstone/error.rb,
lib/crabstone/binding.rb,
lib/crabstone/version.rb,
lib/crabstone/arch/5/sh.rb,
lib/crabstone/arch/3/arm.rb,
lib/crabstone/arch/3/ppc.rb,
lib/crabstone/arch/3/x86.rb,
lib/crabstone/arch/4/arm.rb,
lib/crabstone/arch/4/evm.rb,
lib/crabstone/arch/4/ppc.rb,
lib/crabstone/arch/4/x86.rb,
lib/crabstone/arch/5/arm.rb,
lib/crabstone/arch/5/bpf.rb,
lib/crabstone/arch/5/evm.rb,
lib/crabstone/arch/5/ppc.rb,
lib/crabstone/arch/5/x86.rb,
lib/crabstone/cs_version.rb,
lib/crabstone/arch/3/mips.rb,
lib/crabstone/arch/3/sysz.rb,
lib/crabstone/arch/4/m68k.rb,
lib/crabstone/arch/4/mips.rb,
lib/crabstone/arch/4/sysz.rb,
lib/crabstone/arch/5/m68k.rb,
lib/crabstone/arch/5/mips.rb,
lib/crabstone/arch/5/sysz.rb,
lib/crabstone/arch/5/wasm.rb,
lib/crabstone/instruction.rb,
lib/crabstone/arch/3/arm64.rb,
lib/crabstone/arch/3/sparc.rb,
lib/crabstone/arch/3/xcore.rb,
lib/crabstone/arch/4/arm64.rb,
lib/crabstone/arch/4/m680x.rb,
lib/crabstone/arch/4/sparc.rb,
lib/crabstone/arch/4/xcore.rb,
lib/crabstone/arch/5/arm64.rb,
lib/crabstone/arch/5/m680x.rb,
lib/crabstone/arch/5/riscv.rb,
lib/crabstone/arch/5/sparc.rb,
lib/crabstone/arch/5/xcore.rb,
lib/crabstone/disassembler.rb,
lib/crabstone/arch/register.rb,
lib/crabstone/arch/5/mos65xx.rb,
lib/crabstone/arch/5/tricore.rb,
lib/crabstone/arch/extension.rb,
lib/crabstone/arch/5/sh_const.rb,
lib/crabstone/binding/structs.rb,
lib/crabstone/arch/3/arm_const.rb,
lib/crabstone/arch/3/constants.rb,
lib/crabstone/arch/3/ppc_const.rb,
lib/crabstone/arch/3/x86_const.rb,
lib/crabstone/arch/4/arm_const.rb,
lib/crabstone/arch/4/constants.rb,
lib/crabstone/arch/4/evm_const.rb,
lib/crabstone/arch/4/ppc_const.rb,
lib/crabstone/arch/4/x86_const.rb,
lib/crabstone/arch/5/arm_const.rb,
lib/crabstone/arch/5/bpf_const.rb,
lib/crabstone/arch/5/constants.rb,
lib/crabstone/arch/5/evm_const.rb,
lib/crabstone/arch/5/ppc_const.rb,
lib/crabstone/arch/5/x86_const.rb,
lib/crabstone/binding/3/detail.rb,
lib/crabstone/binding/4/detail.rb,
lib/crabstone/binding/5/detail.rb,
lib/crabstone/arch/3/mips_const.rb,
lib/crabstone/arch/3/sysz_const.rb,
lib/crabstone/arch/4/m68k_const.rb,
lib/crabstone/arch/4/mips_const.rb,
lib/crabstone/arch/4/sysz_const.rb,
lib/crabstone/arch/4/tms320c64x.rb,
lib/crabstone/arch/5/m68k_const.rb,
lib/crabstone/arch/5/mips_const.rb,
lib/crabstone/arch/5/sysz_const.rb,
lib/crabstone/arch/5/tms320c64x.rb,
lib/crabstone/arch/5/wasm_const.rb,
lib/crabstone/arch/3/arm64_const.rb,
lib/crabstone/arch/3/sparc_const.rb,
lib/crabstone/arch/3/xcore_const.rb,
lib/crabstone/arch/4/arm64_const.rb,
lib/crabstone/arch/4/m680x_const.rb,
lib/crabstone/arch/4/sparc_const.rb,
lib/crabstone/arch/4/xcore_const.rb,
lib/crabstone/arch/5/arm64_const.rb,
lib/crabstone/arch/5/m680x_const.rb,
lib/crabstone/arch/5/riscv_const.rb,
lib/crabstone/arch/5/sparc_const.rb,
lib/crabstone/arch/5/xcore_const.rb,
lib/crabstone/arch/5/mos65xx_const.rb,
lib/crabstone/arch/5/tricore_const.rb,
lib/crabstone/binding/3/instruction.rb,
lib/crabstone/binding/4/instruction.rb,
lib/crabstone/binding/5/instruction.rb,
lib/crabstone/arch/4/tms320c64x_const.rb,
lib/crabstone/arch/5/tms320c64x_const.rb

Overview

THIS FILE WAS AUTO-GENERATED – DO NOT EDIT!

Defined Under Namespace

Modules: ARM, ARM64, Arch, BPF, Binding, EVM, Extension, M680X, M68K, MIPS, MOS65XX, PPC, RISCV, Register, SH, Sparc, SysZ, TMS320C64X, TRICORE, WASM, X86, XCore Classes: Disassembler, ErrArch, ErrCsh, ErrDetail, ErrDiet, ErrHandle, ErrMem, ErrMemSetup, ErrMode, ErrOK, ErrOption, ErrSkipData, ErrVersion, ErrX86ATT, ErrX86Intel, ErrX86MASM, Error, Instruction

Constant Summary collapse

DIET_MODE =

This is a C engine build option, so we can set it here, not when we instantiate a new Disassembler. Diet mode means:

  • No op_str or mnemonic in Instruction

  • No regs_read, regs_write or groups ( even with detail on )

  • No reg_name or insn_name id2str convenience functions

  • detail mode CAN still be on - so the arch insn operands MAY be available

Binding.cs_support(SUPPORT_DIET)
VERSION = 
'5.0.0'
API_MAJOR = 
5
API_MINOR = 
0
VERSION_MAJOR = 
API_MAJOR
VERSION_MINOR = 
API_MINOR
VERSION_EXTRA = 
1
ARCH_ARM = 
0
ARCH_ARM64 = 
1
ARCH_MIPS = 
2
ARCH_X86 = 
3
ARCH_PPC = 
4
ARCH_SPARC = 
5
ARCH_SYSZ = 
6
ARCH_XCORE = 
7
ARCH_MAX = 
18
ARCH_ALL = 
0xFFFF
MODE_LITTLE_ENDIAN =

little-endian mode (default mode)

0
MODE_ARM =

ARM mode

0
MODE_16 =

16-bit mode (for X86)

(1 << 1)
MODE_32 =

32-bit mode (for X86)

(1 << 2)
MODE_64 =

64-bit mode (for X86, PPC)

(1 << 3)
MODE_THUMB =

ARM’s Thumb mode, including Thumb-2

(1 << 4)
MODE_MCLASS =

ARM’s Cortex-M series

(1 << 5)
MODE_V8 =

ARMv8 A32 encodings for ARM

(1 << 6)
MODE_MICRO =

MicroMips mode (MIPS architecture)

(1 << 4)
MODE_MIPS3 =

Mips III ISA

(1 << 5)
MODE_MIPS32R6 =

Mips32r6 ISA

(1 << 6)
MODE_MIPSGP64 =

General Purpose Registers are 64-bit wide (MIPS arch)

(1 << 7)
MODE_V9 =

Sparc V9 mode (for Sparc)

(1 << 4)
MODE_BIG_ENDIAN =

big-endian mode

(1 << 31)
MODE_MIPS32 =

Mips32 ISA

MODE_32
MODE_MIPS64 =

Mips64 ISA

MODE_64
OPT_SYNTAX =

Intel X86 asm syntax (ARCH_X86 arch)

1
OPT_DETAIL =

Break down instruction structure into details

2
OPT_MODE =

Change engine’s mode at run-time

3
OPT_MEM =

Change engine’s mode at run-time

4
OPT_SKIPDATA =

Skip data when disassembling

5
OPT_SKIPDATA_SETUP =

Setup user-defined function for SKIPDATA option

6
OPT_OFF =

Turn OFF an option - default option of OPT_DETAIL

0
OPT_ON =

Turn ON an option (OPT_DETAIL)

3
OP_INVALID =

uninitialized/invalid operand.

0
OP_REG =

Register operand.

1
OP_IMM =

Immediate operand.

2
OP_MEM =

Memory operand. Can be ORed with another operand type.

3
OP_FP =

Floating-Point operand.

4
GRP_INVALID =

uninitialized/invalid group.

0
GRP_JUMP =

all jump instructions (conditional+direct+indirect jumps)

1
GRP_CALL =

all call instructions

2
GRP_RET =

all return instructions

3
GRP_INT =

all interrupt instructions (int+syscall)

4
GRP_IRET =

all interrupt return instructions

5
OPT_SYNTAX_DEFAULT =

Default assembly syntax of all platforms (OPT_SYNTAX)

0
OPT_SYNTAX_INTEL =

Intel X86 asm syntax - default syntax on X86 (OPT_SYNTAX, ARCH_X86)

1
OPT_SYNTAX_ATT =

ATT asm syntax (OPT_SYNTAX, ARCH_X86)

2
OPT_SYNTAX_NOREGNAME =

Asm syntax prints register name with only number - (OPT_SYNTAX, ARCH_PPC, ARCH_ARM)

3
ERR_OK =

No error: everything was fine

0
ERR_MEM =

Out-Of-Memory error: cs_open(), cs_disasm()

1
ERR_ARCH =

Unsupported architecture: cs_open()

2
ERR_HANDLE =

Invalid handle: cs_op_count(), cs_op_index()

3
ERR_CSH =

Invalid csh argument: cs_close(), cs_errno(), cs_option()

4
ERR_MODE =

Invalid/unsupported mode: cs_open()

5
ERR_OPTION =

Invalid/unsupported option: cs_option()

6
ERR_DETAIL =

Invalid/unsupported option: cs_option()

7
ERR_MEMSETUP = 
8
ERR_VERSION =

Unsupported version (bindings)

9
ERR_DIET =

Information irrelevant in diet engine

10
ERR_SKIPDATA =

Access irrelevant data for “data” instruction in SKIPDATA mode

11
ERR_X86_ATT =

X86 AT&T syntax is unsupported (opt-out at compile time)

12
ERR_X86_INTEL =

X86 Intel syntax is unsupported (opt-out at compile time)

13
SUPPORT_DIET = 
ARCH_ALL + 1
SUPPORT_X86_REDUCE = 
ARCH_ALL + 2
ARCH_M68K = 
8
ARCH_TMS320C64X = 
9
ARCH_M680X = 
10
ARCH_EVM = 
11
MODE_MIPS2 =

Mips II ISA

(1 << 7)
MODE_QPX =

Quad Processing eXtensions mode (PPC)

(1 << 4)
MODE_M68K_000 =

M68K 68000 mode

(1 << 1)
MODE_M68K_010 =

M68K 68010 mode

(1 << 2)
MODE_M68K_020 =

M68K 68020 mode

(1 << 3)
MODE_M68K_030 =

M68K 68030 mode

(1 << 4)
MODE_M68K_040 =

M68K 68040 mode

(1 << 5)
MODE_M68K_060 =

M68K 68060 mode

(1 << 6)
MODE_M680X_6301 =

M680X HD6301/3 mode

(1 << 1)
MODE_M680X_6309 =

M680X HD6309 mode

(1 << 2)
MODE_M680X_6800 =

M680X M6800/2 mode

(1 << 3)
MODE_M680X_6801 =

M680X M6801/3 mode

(1 << 4)
MODE_M680X_6805 =

M680X M6805 mode

(1 << 5)
MODE_M680X_6808 =

M680X M68HC08 mode

(1 << 6)
MODE_M680X_6809 =

M680X M6809 mode

(1 << 7)
MODE_M680X_6811 =

M680X M68HC11 mode

(1 << 8)
MODE_M680X_CPU12 =

M680X CPU12 mode

(1 << 9)
MODE_M680X_HCS08 =

M680X HCS08 mode

(1 << 10)
OPT_MNEMONIC =

Customize instruction mnemonic

7
OPT_UNSIGNED =

Print immediate in unsigned form

8
GRP_PRIVILEGE =

all privileged instructions

6
AC_INVALID =

Invalid/unitialized access type.

0
AC_READ =

Operand that is read from.

(1 << 0)
AC_WRITE =

Operand that is written to.

(1 << 1)
OPT_SYNTAX_MASM =

MASM syntax (OPT_SYNTAX, ARCH_X86)

4
ERR_X86_MASM =

X86 Intel syntax is unsupported (opt-out at compile time)

14
ARCH_MOS65XX = 
12
ARCH_WASM = 
13
ARCH_BPF = 
14
ARCH_RISCV = 
15
ARCH_SH = 
16
ARCH_TRICORE = 
17
MODE_SPE =

Signal Processing Engine mode (PPC)

(1 << 5)
MODE_BOOKE =

Book-E mode (PPC)

(1 << 6)
MODE_PS =

Paired-singles mode (PPC)

(1 << 7)
MODE_BPF_CLASSIC =

Classic BPF mode (default)

0
MODE_BPF_EXTENDED =

Extended BPF mode

(1 << 0)
MODE_RISCV32 =

RISCV32 mode

(1 << 0)
MODE_RISCV64 =

RISCV64 mode

(1 << 1)
MODE_RISCVC =

RISCV compressed mode

(1 << 2)
MODE_MOS65XX_6502 =

MOS65XXX MOS 6502

(1 << 1)
MODE_MOS65XX_65C02 =

MOS65XXX WDC 65c02

(1 << 2)
MODE_MOS65XX_W65C02 =

MOS65XXX WDC W65c02

(1 << 3)
MODE_MOS65XX_65816 =

MOS65XXX WDC 65816, 8-bit m/x

(1 << 4)
MODE_MOS65XX_65816_LONG_M =

MOS65XXX WDC 65816, 16-bit m, 8-bit x

(1 << 5)
MODE_MOS65XX_65816_LONG_X =

MOS65XXX WDC 65816, 8-bit m, 16-bit x

(1 << 6)
MODE_MOS65XX_65816_LONG_MX = 
MODE_MOS65XX_65816_LONG_M | MODE_MOS65XX_65816_LONG_X
MODE_SH2 =

SH2

1 << 1
MODE_SH2A =

SH2A

1 << 2
MODE_SH3 =

SH3

1 << 3
MODE_SH4 =

SH4

1 << 4
MODE_SH4A =

SH4A

1 << 5
MODE_SHFPU =

w/ FPU

1 << 6
MODE_SHDSP =

w/ DSP

1 << 7
MODE_TRICORE_110 =

Tricore 1.1

1 << 1
MODE_TRICORE_120 =

Tricore 1.2

1 << 2
MODE_TRICORE_130 =

Tricore 1.3

1 << 3
MODE_TRICORE_131 =

Tricore 1.3.1

1 << 4
MODE_TRICORE_160 =

Tricore 1.6

1 << 5
MODE_TRICORE_161 =

Tricore 1.6.1

1 << 6
MODE_TRICORE_162 =

Tricore 1.6.2

1 << 7
OPT_INVALID =

No option specified

0
OPT_NO_BRANCH_OFFSET =

ARM, prints branch immediates without offset.

9
GRP_BRANCH_RELATIVE =

all relative branching instructions

7
OPT_SYNTAX_MOTOROLA =

MOS65XX use $ as hex prefix

5

Class Method Summary collapse

Class Method Details

.cs_major_versionInteger

Get the major version of capstone library.

Returns:

  • (Integer)

    Returns the major version of Capstone.



27
28
29
 
# File 'lib/crabstone/cs_version.rb', line 27

def cs_major_version
  cs_version.first
end

.cs_version(Integer, Integer)

Returns:

  • ((Integer, Integer)) 


32
33
34
35
36
37
38
39
 
# File 'lib/crabstone/cs_version.rb', line 32

def cs_version
  return @cs_version if defined?(@cs_version)

  maj = FFI::MemoryPointer.new(:int)
  min = FFI::MemoryPointer.new(:int)
  Binding.cs_version(maj, min)
  @cs_version = [maj.read_int, min.read_int]
end

.version_compatitable!Object

Checks the cs_major is less or equal to Crabstone::VERSION.



42
43
44
45
46
47
 
# File 'lib/crabstone/cs_version.rb', line 42

def version_compatitable!
  @version_compatitable ||=
    cs_major_version <= VERSION.split('.').first.to_i && cs_major_version >= 3
  maj, min = cs_version
  raise "FATAL: Crabstone v#{VERSION} doesn't support binding Capstone v#{maj}.#{min}" unless @version_compatitable
end

.version_require(path_tpl) ⇒ Boolean

Since some constants/structures are different in different Capstone versions, some scripts in Crabstone use this method to require the version-sensitive Ruby scripts.

Examples:

version_require 'crabstone/binding/%v/structs'
# equivalent to "require 'crabstone/binding/4/structs'" if Capstone is version 4.

Parameters:

  • path_tpl (String)

Returns:

  • (Boolean) 


17
18
19
20
21
 
# File 'lib/crabstone/cs_version.rb', line 17

def version_require(path_tpl)
  version_compatitable!
  path = path_tpl.gsub('%v', cs_major_version.to_s)
  require path
end