Capstone Disassembler Library Binding for Delphi . Capstone Disassembler Library
Included is the wrapper class TCapstone in Capstone.pas, very flexible and with many features, creation, comparison, conversion etc .. .
The example below is incomplete.
uses
System.SysUtils, System.IOUtils, Capstone, CapstoneApi;
procedure DisAsmBinaryData(const ADatas: TBytes);
var
disasm: TCapstone;
aInst: TCpuIstruz;
aInsts: TListCpuIstruz;
sLine: string;
begin
disasm := TCapstone.Create;
try
disasm.Mode := CS_MODE_32;
if disasm.Open <> CS_ERR_OK then
begin
WriteLn('Error!');
Exit;
end;
disasm.DisAsmBlock(0, PByte(ADatas), Length(ADatas), aInsts);
for aInst in aInsts do
begin
sLine := Format('%.8x %s', [aInst.address, aInst.ToString]);
if aInst.IsJcc then
sLine := Format('%s ; [Jcc Group Dest: %x]', [sLine, aInst.BranchDestination])
else if aInst.IsCall then
sLine := Format('%s ; [Call Group Dest: %x]', [sLine, aInst.BranchDestination])
else if aInst.Isjmp then
sLine := Format('%s ; [Jmp Group Dest: %x]', [sLine, aInst.BranchDestination])
else if aInst.IsRet then
sLine := Format('%s ; [Ret Group Dest: %x]', [sLine, aInst.BranchDestination]);
WriteLn(sLine);
end;
finally
disasm.Free;
end;
end;
var
sFile: string;
aData: TBytes;
begin
if ParamCount = 0 then
begin
WriteLn('Demo.exe <sFile>');
Halt(1);
end;
sFile := ParamStr(1);
if not FileExists(sFile) then
begin
WriteLn(Format('File %s not found', [sFile]));
Halt(1);
end;
try
aData := TFile.ReadAllBytes(sFile);
DisAsmBinaryData(aData);
except
on E: Exception do
WriteLn(Format('Error Decompiler: %s', [E.Message]));
end;
end.