i cant get memory string refs and xrefs can anyone help ?

[xaort]

App:

(it doesnt log anything to output)

void print_string_refs(const std::string& filename) {
    std::ofstream outfile(filename);

    if (!outfile.is_open()) {
        return;
    }

    csh handle;
    cs_insn* insn;
    size_t count;

    if (cs_open(CS_ARCH_X86, CS_MODE_64, &handle) != CS_ERR_OK) {
        outfile << "Failed to initialize Capstone\n";
        return;
    }

    count = cs_disasm(handle, (const uint8_t*)memory::base_address, memory::module_size, memory::base_address, 0, &insn);
    if (count > 0) {
        for (size_t j = 0; j < count; j++) {
            if (insn[j].id == X86_INS_MOV && insn[j].detail->x86.operands[1].type == X86_OP_IMM) {
                uint64_t imm = insn[j].detail->x86.operands[1].imm;
                const char* str_ref = reinterpret_cast<const char*>(imm);
                std::string str_value;
                if (str_ref && imm >= memory::base_address && imm < memory::end_address) {
                    str_value = std::string(str_ref);
                }
                outfile << std::format("String reference at instruction 0x{:X}: immediate 0x{:X} - '{}'\n", insn[j].address, imm, str_value);
            }
            if (insn[j].id == X86_INS_CALL || insn[j].id == X86_INS_JMP) {
                uint64_t target = insn[j].detail->x86.operands[0].imm;
                outfile << std::format("Cross-reference at instruction 0x{:X}: target 0x{:X}\n", insn[j].address, target);
            }
        }
        cs_free(insn, count);
    }
    else {
        outfile << "No instructions disassembled\n";
    }

    cs_close(&handle);
    outfile.close();
}

[Rot127]

Please fill out the issue template. Also, can you test your code with a single mov instruction.

You can try to enable the CS_OPT_SKIPDATA option. cs_disas maybe stops because it hits data.

[xaort]

Please fill out the issue template. Also, can you test your code with a single mov instruction.

You can try to enable the CS_OPT_SKIPDATA option. cs_disas maybe stops because it hits data.

issue template ? , also tried what you said windows dialog popped up and said error occured read

for issue template i dont think needed i sent die detector's result alr

[Rot127]

The error message from above is not related to Capstone at all.

To test if your code works, please disassemble a single mov instruction with it and check it. Unfortunately, we cannot help debugging your code, if the problem is not Capstone related.

[xaort]

// 48 8D 15 XX XX XX XX 48 89 C7
// LEA RDX, [rip+0x1234]
// MOV RDI, RAX
std::vector<uint8_t>{
    0x48, 0x8D, 0x15, 0x00, 0x00, 0x00, 0x00, // LEA RDX, [rip+0x1234]
    0x48, 0x89, 0xC7  // MOV RDI, RAX
};

result:

Instruction 0x1000: lea rdx, [rip]
Instruction 0x1007: mov rdi, rax

[Rot127]

The mov instruction from above has no immediate operand. It uses only a register. So it won't enter the if statement.

[xaort]

can you give me example code it'd really help

[Rot127]

cstool -d x32 \xbb\x00\x00\x00\x00
 0  bb 00 00 00 00                                   mov    ebx, 0
    ID: 460 (mov)
    Prefix:0x00 0x00 0x00 0x00 
    Opcode:0xbb 0x00 0x00 0x00 
    rex: 0x0
    addr_size: 4
    modrm: 0x0
    disp: 0x0
    sib: 0x0
    imm_count: 1
        imms[1]: 0x0
    op_count: 2
        operands[0].type: REG = ebx
        operands[0].size: 4
        operands[0].access: WRITE
        operands[1].type: IMM = 0x0
        operands[1].size: 4
    Registers modified: ebx

[xaort]

@Rot127 do you have discord by any chance ?

[Rot127]

do you have discord by any chance ?

No. But I close this issue for now, because it doesn't show that something is broken in Capstone. If you find later, that Capstone gives incorrect instruction details, you can of course open a new issue.