capstone

History

beatcracker d14da45e8f Update PowerShell bindings (#1239 ) * Remove trailing whitespace * ~2x speedup by removing array appending More info: https://powershell.org/2013/09/16/powershell-performance-the-operator-and-when-to-avoid-it/ * Import inline C# conditionally Avoids errors when importing module using "-Force" * Throw exception on missing DLL + use idiomatic PowerShell * Throw exception on errors + use idiomatic PowerShell * Throw exception on errors + use idiomatic PowerShell * Use idiomatic PowerShell * Fix DLL path escaping * Add native PowerShell formatting Instruction address will display as "0xdeadbeef" in console output, but the actual value will be stored as appropriate integer type. This allows to use "Address" property directly in code that relies on Get-Capstone disasselbly w/o type conversion. The original module author was using hex-strings, because when you add things in PowerShell like this: $Integer + '0xFF' , PowerShell will cast everything to the type of the first operand. And it's smart enough to cast hex-string to integer. Example: https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Trace-Execution.ps1#L195 But this is unreliable and moreover, PowerShell has peculiar quirks when casting hex-strings: https://github.com/PowerShell/PowerShell/issues/3313 * Move Capstone init to separate function * Add Get-CaptoneVersion function Which resturns "version" object. Also add back erroneously deleted "return" to Get-CapstoneDisassembly -Version and convert it to advanced function. * Fix help text * Replace double quotes with single quotes where appropriate * No need to assign $null to switch params * Make return usage more obvious * No need for double quotes in version banner * Add space after comma * ~3x speedup by removing New-Object usage. Requires PS 3.0 * Cosmetic fixes * Remove PS 2.0 compatibility code * Fix PSScriptAnalyzer warnings * Don't load module if inline C# doesn't compile * Return actual instruction bytes * Fix version function * Use lowercase for accelerators * Remove "Mandatory = $False" since it's default * Add spaces around "=" and ";" * Use lowercase for built-in variables * Tabs -> Spaces * Update help * Use standard manifest * UTF-8, no BOM * Remove remaining New-Object invocations * Bump module version (semver anyone?) * Restore PSv2 compatibility Use [pscustomobject]/New-Object based on reported PS version. * Tabs -> Spaces * Update authors	2018-09-11 12:50:55 +08:00
..
Capstone	Update PowerShell bindings (#1239 )	2018-09-11 12:50:55 +08:00
README.md	+Get-CapstoneDisassembly	2016-11-10 22:36:07 +01:00

beatcracker d14da45e8f Update PowerShell bindings (#1239 )

* Remove trailing whitespace

* ~2x speedup by removing array appending

More info: https://powershell.org/2013/09/16/powershell-performance-the-operator-and-when-to-avoid-it/

* Import inline C# conditionally

Avoids errors when importing module using "-Force"

* Throw exception on missing DLL

+ use idiomatic PowerShell

* Throw exception on errors

+ use idiomatic PowerShell

* Throw exception on errors

+ use idiomatic PowerShell

* Use idiomatic PowerShell

* Fix DLL path escaping

* Add native PowerShell formatting

Instruction address will display as "0xdeadbeef" in console output, but the actual value will be stored as appropriate integer type.

This allows to use "Address" property directly in code that relies on Get-Capstone disasselbly w/o type conversion.

The original module author was using hex-strings, because when you add things in PowerShell like this:  $Integer + '0xFF' , PowerShell will cast everything to the type of the first operand. And it's smart enough to cast hex-string to integer.

Example: https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Trace-Execution.ps1#L195

But this is unreliable and moreover, PowerShell has peculiar quirks when casting hex-strings: https://github.com/PowerShell/PowerShell/issues/3313

* Move Capstone init to separate function

* Add Get-CaptoneVersion function

Which resturns "version" object. Also add back erroneously deleted "return" to Get-CapstoneDisassembly -Version and convert it to advanced function.

* Fix help text

* Replace double quotes with single quotes where appropriate

* No need to assign $null to switch params

* Make return usage more obvious

* No need for double quotes in version banner

* Add space after comma

* ~3x speedup by removing New-Object usage. Requires PS 3.0

* Cosmetic fixes

* Remove PS 2.0 compatibility code

* Fix PSScriptAnalyzer warnings

* Don't load module if inline C# doesn't compile

* Return actual instruction bytes

* Fix version function

* Use lowercase for accelerators

* Remove "Mandatory = $False" since it's default

* Add spaces around "=" and ";"

* Use lowercase for built-in variables

* Tabs -> Spaces

* Update help

* Use standard manifest

* UTF-8, no BOM

* Remove remaining New-Object invocations

* Bump module version (semver anyone?)

* Restore PSv2 compatibility

Use [pscustomobject]/New-Object based on reported PS version.

* Tabs -> Spaces

* Update authors

2018-09-11 12:50:55 +08:00

Capstone

Update PowerShell bindings (#1239 )

2018-09-11 12:50:55 +08:00

README.md

+Get-CapstoneDisassembly

2016-11-10 22:36:07 +01:00

README.md

This documentation explains how to install & use the PowerShell binding for Capstone.

Install

Compile the relevant version (x86/x64) of capstone.dll and place it in ./Capstone/Lib/Capstone/.

Alternatively, pre-compiled DLL’s can be obtained from the Capstone homepage at http://capstone-engine.org/download

Usage

To use the PowerShell binding, the entire Capstone folder should be added to one of the PowerShell module directories:

# Global PSModulePath path
%Windir%\System32\WindowsPowerShell\v1.0\Modules

# User PSModulePath path
%UserProfile%\Documents\WindowsPowerShell\Modules

Once this is done the module can be initialized by typing “Import-Module Capstone” in a new PowerShell terminal. Further information on the usage of the binding can be obtained with the following command:

Get-Help Get-CapstoneDisassembly -Full

README.md Unescape Escape

Install

Usage

README.md