Capstone

Release 5.0 is a stable release version, with detailed changelog at https://github.com/capstone-engine/capstone/releases/tag/5.0

Release 4.0.2 is a stable release version, with minor bugfixes in the core & some bindings.

Core

• Windows kernel-mode driver support
• Fix installation path on FreeBSD and DragonFly

Cstool

• Add armv8, ppc32 & thumbv8 modes
• Print instruction ID

X86

• Support CS_OPT_UNSIGNED for ATT syntax
• Fix operand size for some instructions
• Fix LOCK prefixes
• Recognize xacquire/xrelease prefix
• Fix call/jmp access mode of mem operand
• Add ENDBR32, ENDBR64 to reduce mode
• Other minor fixes

Arm

• Update writeback for STR_POST_REG

ARM64

• Support CS_OPT_UNSIGNED
• Fix register access flags for memory instructions
• Fix UMOV vess

M68K

• Store correct register value in op.reg_pair

PowerPC

• BDZLA is absolute branch

SystemZ

• Fix truncated 64bit imm operand
• Fix base/index printing

Python binding

• Fix skipdata struct being destroyed
• Add repr for capstone.CsInsn

Java binding

• Fix Java bindings to use pointers instead of longs

Ocaml binding

• Fix x86_op record

Release 4.0.1 is a stable release version, with minor bugfixes in the core & Python binding.

Core

• Fix some issues for packaging (Debian, Gentoo, etc).
• Better support for building with Mingw.
• cstool has new option -s to turn on skipdata mode.
• cstool -v now report build settings of the core.
• Add suite/capstone_get_setup.c so users can integrate with their own code to retrieve Capstone settings at build time.

Arm

• Fix 4.0 regression: the tbh [r0, r1, lsl #1] instruction sets the operand.shift.value back again.
• Remove ARM_REG_PC group for BX instruction.

X86

• endbr32 and endbr64 instructions are now properly decoded in both CS_MODE_32 and CS_MODE_64.

M680X

• Fix some issues reported by clang-analyzer.

Python binding

• Fix skipdata setup.
• Add getter/setter for skipdata_mnem & skipdata_callback.

Release 4.0 is a stable release version, with important fixes in the core & several bindings against v3.0.5.

Core

• New APIs: cs_regs_access()
• Add new options for cs_option(): CS_OPT_MNEMONIC & CS_OPT_UNSIGNED & CS_OPT_SYNTAX_MASM.
• Various updates & bugfixes for all architectures.
• Add 4 new architectures: EVM, M68K, M680X & TMS320C64x.
• Add new group types: CS_GRP_PRIVILEGE & CS_GRP_BRANCH_RELATIVE.
• Add new error types: CS_ERR_X86_MASM.

X86

• Add XOP code condition type in x86_xop_cc.
• Add some info on encoding to cs_x86 in cs_x86_encoding.
• Add register flags update in cs_x86.{eflags, fpu_flags}
• Change cs_x86.disp type from int32_t to int64_t.
• Add new groups: X86_GRP_VM & X86_GRP_FPU.
• Lots of new instructions (AVX)

Arm64

• Add instruction ARM64_INS_NEGS & ARM64_INS_NGCS.

Mips

• Add mode CS_MODE_MIPS2.

PowerPC

• Change cs_ppc_op.imm type from int32_t to int64_t.
• Add new groups: PPC_GRP_ICBT, PPC_GRP_P8ALTIVEC, PPC_GRP_P8VECTOR & PPC_GRP_QPX.
• Lots of new instructions (QPX among them)

Sparc

• Change cs_sparc_op.imm type from int32_t to int64_t.

Bindings

• New bindings: PowerShell & VB6

Release 3.0.5 is a stable release version, with important fixes in the core & several bindings against v3.0.5-rc3.

Library

• Fix the include path for Android builds when building cstool.
• Add posibility to disable universal build for Mac OS.
• cstool: Separate instruction bytes by spaces.
• Fix code path of pkg-config in Cmake.
• Update XCode project for XCode 9.1.
• Add Cortex-M support to cstool.
• Cmake forces to be build using MT with MSVC.
• Better support for Mac OS kernel.

X86

• Fix some issues in handling EVEX & VEX3 instructions.
• Fix immediate operand for AND instruction in ATT mode.
• Fix ATT syntax when imm operand is 0.
• Better handle XACQUIRE/XRELEASE.
• Fix imm operand of RETF.

Arm

• Fix an integer overlow bug.

Arm64

• Bug fix for incorrect operand type in certain load/store instructions.

Mips

• Mode CS_MODE_MIPS32R6 automatically sets CS_MODE_32

PowerPC

• Fix endian check.

Sparc

• Fix an integer overlow bug.

SystemZ

• Fix an integer overlow bug.

Python binding

• Raise error on accessing irrelevant data fields if skipdata & detail modes are enable.

Release 3.0.5-RC2 is a release candidate version, with important fixes in the core & several bindings.

Library

• Fix build for Visual Studio 2012
• Fix X86_REL_ADDR macro
• Add CS_VERSION_MAJOR, CS_VERSION_MINOR, CS_VERSION_EXTRA
• Better support for embedding Capstone into Windows kernel drivers
• Support to embedded Capstone into MacOS kernel
• Support MacOS 10.11 and up
• Better support for Cygwin
• Support build packages for FreeBSD & DragonflyBSD
• Add a command-line tool “cstool”
• Properly handle switching to Endian mode at run-time for Arm, Arm64, Mips & Sparc

X86

• Some random 16-bit code can be handled wrongly.
• Remove abundant operand type X86_OP_FP
• Fix instructions MOVQ, LOOP, LOOPE, LOOPNE, CALL/JMP rel16, REPNE LODSD, MOV *AX, MOFFS, FAR JMP/CALL
• Add X86_REG_EFLAGS for STC and STD
• Fix instruction attributes for SYSEXIT, MOVW, ROL, LGS, SLDT
• Rename registers ST0-ST7 to be consistent with asm output

Arm

• Properly handle IT instruction
• Fix LDRSB
• Fix writeback for LDR
• Fix Thumb BigEndian setup

Arm

• Fix arith extender
• Fix writeback for LDR
• Rename enum arm64_mrs_reg to arm64_sysreg

PowerPC

• Print 0 offset for memory operand

Sparc

• Fix POPC instruction

Python binding

• Better PyPy support
• Add __version__
• Better support for Python 3
• Fix CS_SKIPDATA_CALLBACK prototype
• Cast skipdata function inside binding to simplify the API

Java binding

• Better handle input with invalid code

PowerShell binding

• New binding

Release 3.0.4 is a stable version with important fixes in the core & Python bindings.

Library

• Improve cross-compile for Android using Android NDK.
• Support cross-compile for AArch64 Android (with Linux GCC).
• Removed osxkernel_inttypes.h that is incompatible with BSD license.
• Make it possible to compile with CC having a space inside (like “ccache gcc”).

X86

• Fix a null pointer dereference bug on handling code with special prefixes.
• Properly handle AL/AX/EAX operand for OUT instruction in AT&T syntax.
• Print immediate operand in positive form in some algorithm instructions.
• Properly decode some SSE instructions.

Arm

• Fixed a memory corruption bug on IT instruction.

Mips

• Fixed instruction ID of SUBU instruction.
• Fixed a memory corruption bug.

PowerPC

• Fixed some memory corruption bugs.

XCore

• Fixed a memory corruption bug when instruction has a memory operand.

Python binding

• Support Virtualenv.
• setup.py supports option –user if not in a virtualenv to allow for local usage.
• Properly handle the destruction of Cs object in the case the shared library was already unloaded.

Release 3.0.3 is a stable version with important fixes in the core & Python bindings.

Library

• Released binaries for Windows are now compatible with Windows XP.
• Support to embed into Mac OS X kernel extensions.
• Now it is possible to compile Capstone with older C compilers, such as GCC 4.8 on Ubuntu 12.04.
• Add test_iter to MSVC project.

X86

• All shifted instructions (SHL, SHR, SAL, SAR, RCL, RCR, ROL & ROR) now support $1 as first operand in AT&T syntax (so we have rcll $1, %edx instead of rcll %edx).
• CMPXCHG16B is a valid instruction with LOCK prefix.
• Fixed a segfault on the input of 0xF3.

Arm

• BLX instruction modifies PC & LR registers.

Sparc

• Improved displacement decoding for sparc banching instructions.

Python binding

• Fix for Cython so it can properly initialize.
• X86Op.avx_zero_mask now has c_bool type, but not c_uint8 type.
• Properly support compile with Cygwin & install binding (setup.py).

Release 3.0.2 is a stable version with important fixes in the core & Python bindings.

Library

• On *nix, only export symbols that are part of the API (instead of all the internal symbols).

X86

• Do not consider 0xF2 as REPNE prefix if it is a part of instruction encoding.
• Fix implicit registers read/written & instruction groups of some instructions.
• More flexible on the order of prefixes, so better handle some tricky instructions.
• REPNE prefix can go with STOS & MOVS instructions.
• Fix a compilation bug for X86_REDUCE mode.
• Fix operand size of instructions with operand PTR [].

Arm

• Fix a bug where arm_op_mem.disp is wrongly calculated (in DETAIL mode).
• Fix a bug on handling the If-Then block.

Mips

• Sanity check for the input size for MIPS64 mode.

MSVC

• Compile capstone.dll with static runtime MSVCR built in.

Python binding

• Fix a compiling issue of Cython binding with gcc 4.9.

Release 3.0.1 is a stable version with important fixes in the core & Python bindings.

X86

• Properly handle LOCK, REP, REPE & REPNE prefixes.
• Handle undocumented immediates for SSE’s (V)CMPPS/PD/SS/SD instructions.
• Print LJUMP/LCALL without * as prefix for Intel syntax.
• Handle REX prefix properly for segment/MMX related instructions (x86_64).
• Instruction with length > 15 is consider invalid.
• Handle some tricky encodings for instructions MOVSXD, FXCH, FCOM, FCOMP, FSTP, FSTPNCE, NOP.
• Handle some tricky code for some x86_64 instructions with REX prefix.
• Add missing operands in detail mode for PUSH, POP, IN/OUT reg, reg.
• MOV32ms & MOV32sm should reference word rather than dword.

Arm64

• BL & BLR instructions do not read SP register.
• Print absolute (rather than relative) address for instructions B, BL, CBNZ, ADR.

Arm

• Instructions ADC & SBC do not update flags.
• BL & BLX do not read SP, but PC register.
• Alias LDR instruction with operands [sp], 4 to POP.
• Print immediate operand of MVN instruction in positive hexadecimal form.

PowerPC

• Fix some compilation bugs when DIET mode is enable.
• Populate SLWI/SRWI instruction details with SH operand.

Python binding

• Fix a Cython bug when CsInsn.bytes returns a shorten array of bytes.
• Fixed a memory leak for Cython disasm functions when we immaturely quit the enumeration of disassembled instructions.
• Fix a NULL memory access issue when SKIPDATA & Detail modes are enable at the same time.
• Fix a memory leaking bug when when we stop enumeration over the disassembled instructions prematurely.
• Export generic operand types & groups (CS_OP_xxx & CS_GRP_xxx).

Release 3.0 is a stable version with major changes on the core & bindings.

API changes

• New API cs_disasm_iter & cs_malloc. See online doc at http://capstone-engine.org/iteration.html
• Renamed API cs_disasm_ex to cs_disasm (cs_disasm_ex is still supported, but marked obsolete to be removed in future)
• Support SKIPDATA mode, so Capstone can jump over unknown data and keep going from the next legitimate instruction.
• More details provided in cs_detail struct for all architectures.
• API version was bumped to 3.0.

Bindings support

• Python binding supports Python3 (besides Python2).
• Support Ocaml binding.

Architectures

• New architectures: Sparc, SystemZ & XCore.
• Important bugfixes for Arm, Arm64, Mips, PowerPC & X86.
• Support more instructions for Arm, Arm64, Mips, PowerPC & X86.
• Always expose absolute addresses rather than relative addresses (Arm, Arm64, Mips, PPC, Sparc, X86).
• Use common instruction operand types REG, IMM, MEM & FP across all architectures (to enable cross-architecture analysis).
• Use common instruction group types across all architectures (to enable cross-architecture analysis).

X86

• X86 engine is mature & handles all the malware tricks (that we are aware of).
• Added a lot of new instructions (such as AVX512, 3DNow, etc).
• Add prefixed symbols X86_PREFIX_REP/REPNE/LOCK/CS/DS/SS/FS/GS/ES/OPSIZE/ADDRSIZE (x86.h).
• Print immediate in positive form & hexadecimal for AND/OR/XOR instructions.
• More friendly disassembly for JMP16i (in the form segment:offset)

Mips

• Engine added supports for new hardware modes: Mips32R6 (CS_MODE_MIPS32R6) & *MipsGP64 (*CS_MODE_MIPSGP64).
• Removed the ABI-only mode CS_MODE_N64.
• New modes CS_MODE_MIPS32 & CS_MODE_MIPS64 (instead of CS_MODE_32 & CS_MODE_64).

ARM

• Support new mode CS_MODE_V8 for Armv8 A32 encodings.
• Print immediate in positive form & hexadecimal for AND/ORR/EOR/BIC instructions

ARM64

• Print immediate in hexadecimal for AND/ORR/EOR/TST instructions.

PowerPC

• Do not print a dot in front of absolute address.

Others

• Support for Microsoft Visual Studio (so Windows native compilation using MSVC is possible).

• Support CMake compilation.

• Cross-compile for Android.

• Build libraries/tests using XCode project

• Much faster, while consuming less memory for all architectures.

Release 2.1.2 is a stable version with some minor bugfixes and improvements in the core.

Core changes

• Support cross-compilation for all iDevices (iPhone/iPad/iPod).

• X86: do not print memory offset in negative form.

• Fix a bug in X86 when Capstone cannot handle short instruction.

• Print negative numbers in range [-9, -1] without prefix 0x (arm64, mips, arm).

• Correct the SONAME setup for library versioning on Linux, *BSD & Solaris.

• Set library versioning for dylib of OSX.

• Remove the redundant include/diet.h

NOTE

• This release fixes the library versioning for Mac OSX, Linux, *BSD & Solaris. This might require recompiling tools compiled with prior Capstone - but there is no need to modify tools’ source whatsoever.

• This version made no API change, so old bindings of release 2.1 still work just fine. The only exception is Python binding package for Windows in Download section: users still need to upgrade this since this package actually includes the new core engine 2.1.2 inside.

Release 2.1.1 is a bugfix version which fixes some security & stable issues.

Core changes

• Fix a buffer overflow bug in Thumb mode (ARM). For this reason, all ARM users should upgrade.

• Fix a crash issue when embedding Capstone into Mac OSX kernel by reducing the stack memory usage. This should also enable Capstone to be embedded into other systems with limited stack memory size such as Linux kernel or some firmwares.

• Use a proper SONAME for library versioning (Linux).

NOTE

• This version made no API change, so old bindings of release 2.1 still work just fine. The only exception is Python binding package for Windows in Download section: users still need to upgrade this since this package actually includes the new core engine 2.1.1 inside.

Release 2.1 brings a lot of important changes: see here on how to modify 2.0-based code to work with 2.1 API.

API changes:

• API version has been bumped to 2.1.

• Change prototype of cs_close() to be able to invalidate closed handle. See http://capstone-engine.org/version_2.1_API.html for more information.

• Extend cs_support() to handle more query types, not only about supported architectures. This change is backward compatible, however, so existent code do not need to be modified to support this.

• New query type CS_SUPPORT_DIET for cs_support() to ask about diet status of the engine.

• New error code CS_ERR_DIET to report errors about newly added diet mode.

• New error code CS_ERR_VERSION to report issue of incompatible versions between bindings & core engine.

Core changes

• On memory usage, Capstone uses about 40% less memory, while still faster than version 2.0.

• All architectures are much smaller: binaries size reduce at least 30%. Especially, X86-only binary reduces from 1.9MB to just 720KB.

• Support diet mode, in which engine size is further reduced (by around 40%) for embedding purpose. The price to pay is that we have to sacrifice some non-critical data fields. See http://capstone-engine.org/diet.html for more details.

Architectures

• Update all 5 architectures to fix bugs.

• PowerPC:

  • New instructions: FMR & MSYNC.

• Mips:

  • New instruction: DLSA

• X86:

  • Properly handle AVX-512 instructions.

  • New instructions: PSETPM, SALC, INT1, GETSEC.

  • Fix some memory leaking issues in case of prefixed instructions such as LOCK, REP, REPNE.

Python binding

• Verify the core version at initialization time. Refuse to run if its version is different from the core’s version.

• New API disasm_lite() added to Cs class. This light API only returns tuples of (address, size, mnemonic, op_str), rather than list of CsInsn objects. This improves performance by around 30% in some benchmarks.

• New API version_bind() returns binding’s version, which might differ from the core’s API version if binding is out-of-date.

• New API debug() returns information on Cython support, diet status, archs compiled in & versions of core & binding.

• Fixed some memory leaking bugs for Cython binding.

• Fix a bug crashing Cython code when accessing @regs_read/regs_write/groups.

• Support diet mode.

Java binding

• Fix some memory leaking bugs.

• New API version() returns combined API version.

• Support diet mode.

• Better support for detail option.

Miscellaneous

• make.sh now can uninstall the core engine. This is done with:

  $ sudo ./make.sh uninstall

Release 2.0 deprecates verison 1.0 and brings a lot of crucial changes: see here on how to modify 1.0-based code to work with 2.0 API.

API changes:

• API version has been bumped to 2.0 (see cs_version() API)

• New API cs_strerror(errno) returns a string describing error code given in its only argument.

• cs_version() now returns combined version encoding both major & minor versions.

• New option CS_OPT_MODE allows to change engine’s mode at run-time with cs_option() API.

• New option CS_OPT_MEM allows to specify user-defined functions for dynamically memory management used internally by Capstone. This is useful to embed Capstone into special environments such as kernel or firware.

• New API cs_support() can be used to check if this lib supports a particular architecture (this is necessary since we now allow to choose which architectures to compile in).

• The detail option is OFF by default now. To get detail information, it should be explicitly turned ON. The details then can be accessed using cs_insn.detail pointer (to newly added structure cs_detail)

Core changes

• On memory usage, Capstone uses much less memory, but a lot faster now.

• User now can choose which architectures to be supported by modifying config.mk file before compiling/installing.

Architectures

• Arm

  • Support Big-Endian mode (besides Little-Endian mode).

  • Support friendly register, so instead of output sub r12,r11,0x14, we have sub ip,fp,0x14.

• Arm64: support Big-Endian mode (besides Little-Endian mode).

• Mips: support friendly register, so instead of output srl $2,$1,0x1f, we have srl $v0,$at,0x1f.

• PowerPC: newly added.

• X86: bug fixes.

Python binding

• Python binding is vastly improved in performance: around 3 ~ 4 times faster than in 1.0.

• Cython support has been added, which can further speed up over the default pure Python binding (up to 60% in some benchmarks)

• Function cs_disasm_quick() & Cs.disasm() now use generator (rather than a list) to return succesfully disassembled instructions. This improves the performance and reduces memory usage.

Java binding

• Better performance & bug fixes.

Miscellaneous

• Fixed some installation issues with Gentoo Linux.

• Capstone now can easily compile/install on all *nix, including Linux, OSX, {Net, Free, Open}BSD & Solaris.

• First public release.