blob: a6b0208aaf9552861a1679f755d4dea34141285a [file] [log] [blame]
This directory contains cstool of Capstone Engine.
Cstool is a command-line tool to disassemble assembly hex-string.
For example, to decode a hexcode string for Intel 32bit, run:
$ cstool x32 "90 91"
0 90 nop
1 91 xchg eax, ecx
Cstool disassembles the input and prints out the assembly instructions.
On each line, the first column is the instruction offset, the second
column is opcodes, and the rest is the instruction itself.
Cstool is flexible enough to accept all kind of hexcode format. The following
inputs have the same output with the example above.
$ cstool x32 "0x90 0x91"
$ cstool x32 "\x90\x91"
$ cstool x32 "90,91"
$ cstool x32 "90;91"
$ cstool x32 "90+91"
$ cstool x32 "90:91"
To print out instruction details, run Cstool with -d option, like below.
$ cstool -d x32 "01 d8"
0 01d8 add eax, ebx
Prefix:0x00 0x00 0x00 0x00
Opcode:0x01 0x00 0x00 0x00
rex: 0x0
addr_size: 4
modrm: 0xd8
disp: 0x0
sib: 0x0
op_count: 2
operands[0].type: REG = eax
operands[0].size: 4
operands[0].access: READ | WRITE
operands[1].type: REG = ebx
operands[1].size: 4
operands[1].access: READ
Registers read: eax ebx
Registers modified: eflags eax
EFLAGS: MOD_AF MOD_CF MOD_SF MOD_ZF MOD_PF MOD_OF
To see all the supported options, run ./cstool