A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
 #6542  by Brock
 Thu May 26, 2011 1:21 am
Disassembler written in Delphi for x86 platform written by Rllibby who frequents the experts exchange website. It's a port from the libdisasm project.

http://www.programmersheaven.com/downlo ... pView.aspx

// Unit : DISASM32.PAS (requires DISASM32.RES}
// Date : 02.29.2004
// Conversion : Russell Libby
// Description : This is a Delphi conversion of the libdisasm project, which
// is a sub portion of the "bastard" project:
// http://bastard.sourceforge.net/libdisasm.html
// The libdisasm project is distributed under an "Artistic
// License", and I give full credit to the original authors.
// Special thanks also goes out to "mammon_" ;-)
// ---------------------------------------------------------------------------
 #6543  by Brock
 Thu May 26, 2011 1:32 am
My personal favorite disasm written by Madshi in Delphi. This is a very complete disasm engine and is nearly 200 kb in source size. It isn't for the faint of heart ;)

 #19944  by xp5evr
 Thu Jul 04, 2013 1:54 pm
I've seen zdisasm (available for example here: .h, .c) used in some malware, has anyone here used it? As you can see in the header it only exposes one (mispelled) function, used for getting instruction length. This seems like it could be useful if all you need to do is something simple like inline hooking and don't want a lot of overhead (but are still too lazy to implement it yourself). Has anyone here used it?

Currently I use libudis86 even for simple tasks such as getting instruction length when inline hooking.
 #21743  by voroojax
 Fri Dec 20, 2013 9:51 am

Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.

[*]Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86 (more details).
[*]Clean/simple/lightweight/intuitive architecture-neutral API.
[*]Provide details on disassembled instruction (called “decomposer” by others).
[*]Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
[*]Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.
[*]Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).
[*]Thread-safe by design.
[*]Distributed under the open source BSD license.
 #30132  by tangptr
 Mon Mar 20, 2017 11:53 am
I may use the LDE64 for searching specialized address, or calculating the size need to patch when doing inline hook, et cetera.
LDE64 is designed by beatrix(I guess...)