Closed xuhancn closed 5 months ago
10110111
commented
2 years ago EDB uses Capstone for disassembly. Unfortunately, there're a lot of open issues there, about a dozen of which were opened by me ~5 years ago and still unresolved (or forgotten).
Maybe it was not the best choice of an engine...
xuhancn
commented
2 years ago Whether consider to replace disassembler engine to Zydis? https://github.com/zyantific/zydis
eteran
commented
2 years ago @xuhancn worth invvestigating if it's a superior choice. At the time, capstone was "the best" by mist accounts, but what we really need is a solid library that is not only easy to work with, but is well maintained as the architectures evolve over time.
xuhancn
commented
2 years ago I strong suggest to use zydis, due to my ex-employer use it in million users production. But it looks only support x86.
eteran
commented
5 months ago Using capstone 4.0.1 seems to have this fixed!
in ObjDump: 0000000007f01e90:
7f01e90: f3 0f 1e fa endbr64 <-- this instruction.
in edb-debugger: 00007f6c:952e1e90 f3 db 0xf3 00007f6c:952e1e91 0f db 0x0f 00007f6c:952e1e92 1e db 0x1e 00007f6c:952e1e93 fa cli
I don't know, what disassember core was used here. It should be fixed to support CET instruction.