Capstone概述

• Capstone
  • logo
    • 
  • 一句话描述
    • 终极反汇编器
      • The Ultimate Disassembler
    • 更好的下一代反汇编引擎
      • Next Generation Disassembler Engine
    • 一个轻量级的支持多平台和多架构的反汇编框架
      • a lightweight multi-platform, multi-architecture disassembly framework
  • 特点
    • lightweight=轻量级
      • 简洁的API
        • Clean/simple/lightweight/intuitive architecture-neutral API
        • 多种语言接口Bindings=提供了多种语言的编程接口
          • Clojure, F#, Common Lisp, Visual Basic, PHP, PowerShell, Haskell, Perl, Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml, Lua, Rust, Delphi, Free Pascal
    • multi-platform=支持多平台=跨平台
      • Windows & *nix (with Mac macOS, iOS, Android, Linux, *BSD & Solaris confirmed)
    • multi-architecture 支持多种架构
      • Arm, Arm64 (Armv8), BPF, Ethereum Virtual Machine, M68K, M680X, Mips, MOS65XX, PowerPC, RISCV, Sparc, SystemZ, TMS320C64X, Web Assembly, XCore & X86 (include X86_64)
  • Capstone的强大之处
    • 反汇编 + 分析
    • 编译成中间文本形式代码，便于调试
  • 用途=应用领域
    • 安全领域
      • 二进制分析 binary analysis
      • 逆向 reversing
  • 谁用到了Capstone
    • 著名的开源逆向工具Radare2
    • 商业逆向工具IDA Pro的第三方插件
    • IntelliJ IDEA
    • Qemu
    • Binwalk
    • Camal：Coseinc恶意软件自动分析
    • Pyew：Python恶意静态分析工具
    • Cuckoo
    • 另：Kali Linux中已集成
    • 等
  • 主页
    • 官网
      • The Ultimate Disassembly Framework – Capstone – The Ultimate Disassembler
        • http://www.capstone-engine.org
    • GitHub
      • aquynh/capstone: Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
        • https://github.com/aquynh/capstone