search

volatilityfoundation / volatility3

Volatility 3.0 development
http://volatilityfoundation.org/
Other
2.72k stars 461 forks source link

Capstone >= 6.0.0 breaks current APIs #1336

Closed Abyss-W4tcher closed 2 weeks ago

Abyss-W4tcher commented 2 weeks ago

Capstone new 6.0.0 release operated changes to their APIs, making some Volatility3 calls obsolete and breaking the framework at launch :

https://github.com/volatilityfoundation/volatility3/blob/efa49595177e1932aadd209be403f008085dfd75/volatility3/cli/text_renderer.py#L126

CS_ARCH_ARM64 is now CS_ARCH_AARCH64

I think the easiest way to fix this, is by restraining capstone version more accurately : capstone>=3.0.5,<6.0.0. However, this might introduce conflicts for system-wide PIP setups, where other Python tools bumped to 6.0.0.

ikelos commented 2 weeks ago

Yeah, that seems reasonable. Otherwise we'll need to write an adaptor that converts old to new (or vice versa) that we can then plug in depending on the version the user has... 5:\ Annoying, but possible to cope with. For now I think restricting the version in the requirements files would work (and adding a FIXME... somewhere, so we remember to write the adaptor).

ikelos commented 2 weeks ago

Hopefully #1339 sorts it all? If so we'll go with that for now. Thanks for spotting it so quickly!

Abyss-W4tcher commented 2 weeks ago

Yep, looks good for me !