0

I am interested in using the capstone disassembler library.

https://github.com/aquynh/capstone

My motivation for using this is that I need to be able to disassemble functions at run-time while my program runs.

I have been able to integrate this into my c++ project successfully. However, I have been unable to figure out how to disassemble an entire function. I looked through all the examples in the following link.

https://github.com/aquynh/capstone/tree/master/tests

All the examples take some arbitrary length to disassemble. I do not know the size of the function that I want to disassemble before hand. All I know is the symbol name (e.g. "mkdir"). If someone can provide a link to some example that accomplishes what I need, that'd be greatly appreciated.

In case it matters, the architectures that I would like to disassemble for are x86, x86_64, arm and arm64.

Jon
  • 1,381
  • 3
  • 16
  • 41

1 Answers1

2

I take it, there just no such thing as "function length" stored anywhere in executable file. I suggest disassembling by small chunks until you encounter a sort of terminator instruction (like "ret").

arrowd
  • 33,231
  • 8
  • 79
  • 110
  • I wonder if this is how gdb and lldb does it. I know you can disassemble a function in the debugged – Jon Dec 26 '18 at 06:58
  • 3
    gdb works by finding the next symbol defined in the executable after the function (entry) and disassembling up to that. – Chris Dodd Dec 26 '18 at 07:25
  • Thanks @ChrisDodd. I might be able to utilize a similar mechanism. I'll explore this option. – Jon Dec 27 '18 at 02:11