tmfink
commented
2 years ago Thanks for the PR! What is the purpose of disasm_iter() here? What issues were you running into?
Closed dnsserver closed 2 years ago
tmfink
commented
2 years ago Thanks for the PR! What is the purpose of disasm_iter() here? What issues were you running into?
dnsserver
commented
2 years ago I didn't run into any issues. I needed to do recursive disassembly for obfuscated instructions.
tmfink
commented
2 years ago I didn't run into any issues. I needed to do recursive disassembly for obfuscated instructions.
Sorry I wasn't clear with my question. What did this crate not allow you to do before that this new function disasm_iter() allows you to do?
dnsserver
commented
2 years ago Oh, recursive disassembly is good for use cases where data and code are mixed or when x86 instructions are obfuscated. This is what this issue is about: https://github.com/capstone-rust/capstone-rs/issues/1 Pretty much allows me to disassemble chunks of bytes at a time, specifying offset where to start disassembling (following jumps), and have control when to stop. This is much easier done with capstone then trying to manually feed the chunks of data to disasm_all function IMHO.
I needed the recursive disasm functionality. I haven't done extensive testing although I've been using this code for some time now.