IDA,">Welcome to the diStorm3 binary stream disassembler project!
News
Sept 21st 2010:
Added a new field to indicate which register-classes are used in the operands of the instruction. Hence, instead of scanning the operands of an instruction to find a specific register, you can use this mask to know immediately whether that register is used in one of the operands...
Sept 10th 2010:
Added a new flow-control flag to detect CMOVxx instructions. Also added a RIP-relative flag which indicates when the instruction uses RIP-relative memory indirection in 64 bits; with the corresponding helper macro: INSTRUCTION_GET_RIP_TARGET. And wrote a new wiki page about Tip&Tricks for using diStorm3 efficiently.
Featrues
- no more parsing strings :)
diStorm disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX!
The output of new interface of diStorm is a special structure that can describe any x86 instruction, this structure can be later formatted into text for display.
diStorm is written in C, but for rapidly use, diStorm also has wrappers in Python/Ruby and can easily be used in C as well. It is also the fastest disassembler library!
The source code is very clean, readable, portable and platform independent (supports both little and big endianity). diStorm solely depends on the C library, therefore it can be used in embedded or kernel modules.
Note that diStorm3 is backward compatible with the interface of diStorm64 (however, make sure you use the newest header files).
If you have more ideas, please let me know!
Documentation
Please read the documentation before asking questions, everything you need is pretty much here! Don't forget that diStorm is open source and you can always take a look to understand how to do one thing or another, but don't do it before you really have to.
For using diStorm in C refer to the CSample and it's very important to understand the API too, SimpleInterface. However, if you want to use diStorm in Python refer to the Python example.
Since diStorm3 has a new interface you can learn more about it, starting with the Showcases to get some idea what to expect from using the decompose functionality. Then you better see how the Structure_Layout is and once you get a clue, continue to the must read DecomposeInterface.
If you feel it's enough for you and you want to jump into the water and start coding, here are a few Tips&Tricks that are going to make your life easier while using diStorm.
For advanced users who wish to use diStorm for real flow control analysis, this is your guide: Flow_Control_Support.
As always, since diStorm is a stream disassembler there are some pitfalls that you may encounter, therefore this page StreamDisassembler might give you some ideas of good practices.
If you wish to compile/build diStorm on your own, on whatever platform, refer to Build_Compilation_Environment.
For learning a bit about x86/x64 machine code, see x86_x64_Machine_Code. And if you want to get a depth knowledge of how the internals of diStorm work, refer to diStorm_Internals, though it's not up to date with diStorm3, it should give you a good idea how to start hacking your way around
发表于 2010-10-8 17:35
