Assembler Disassembler Engines

Forum for discussion about user-mode development.
User avatar
Posts: 213
Joined: Wed Apr 28, 2010 3:13 am
Location: Valparaiso, Florida USA

Thu May 26, 2011 1:21 am

Disassembler written in Delphi for x86 platform written by Rllibby who frequents the experts exchange website. It's a port from the libdisasm project. ... pView.aspx

// Unit : DISASM32.PAS (requires DISASM32.RES}
// Date : 02.29.2004
// Conversion : Russell Libby
// Description : This is a Delphi conversion of the libdisasm project, which
// is a sub portion of the "bastard" project:
// The libdisasm project is distributed under an "Artistic
// License", and I give full credit to the original authors.
// Special thanks also goes out to "mammon_" ;-)
// ---------------------------------------------------------------------------
Accept nothing less than STATUS_SUCCESS
User avatar
Posts: 213
Joined: Wed Apr 28, 2010 3:13 am
Location: Valparaiso, Florida USA

Thu May 26, 2011 1:32 am

My personal favorite disasm written by Madshi in Delphi. This is a very complete disasm engine and is nearly 200 kb in source size. It isn't for the faint of heart ;)
Accept nothing less than STATUS_SUCCESS
User avatar
Posts: 67
Joined: Sun Aug 14, 2011 1:07 pm

Sun Aug 14, 2011 1:16 pm

patched udis86 - added ssse3, sse4, aes instructions and fixed some known bugs
Check Wincheck
Posts: 5
Joined: Thu Jul 04, 2013 1:45 pm

Thu Jul 04, 2013 1:54 pm

I've seen zdisasm (available for example here: .h, .c) used in some malware, has anyone here used it? As you can see in the header it only exposes one (mispelled) function, used for getting instruction length. This seems like it could be useful if all you need to do is something simple like inline hooking and don't want a lot of overhead (but are still too lazy to implement it yourself). Has anyone here used it?

Currently I use libudis86 even for simple tasks such as getting instruction length when inline hooking.
Posts: 15
Joined: Thu Feb 17, 2011 10:19 pm

Fri Dec 20, 2013 9:51 am


Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.

[*]Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86 (more details).
[*]Clean/simple/lightweight/intuitive architecture-neutral API.
[*]Provide details on disassembled instruction (called “decomposer” by others).
[*]Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
[*]Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.
[*]Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).
[*]Thread-safe by design.
[*]Distributed under the open source BSD license.
Posts: 1
Joined: Tue Sep 29, 2015 1:03 pm

Thu Oct 22, 2015 1:39 pm

Yup, capstone is cool. With all those bindings for languages like python and ruby.
There's also a nice example base, and showcase on their site:
Also, radare2 is built on top of it.
User avatar
Posts: 29
Joined: Mon Nov 14, 2016 11:14 am
Location: People Republic of China

Mon Mar 20, 2017 11:53 am

I may use the LDE64 for searching specialized address, or calculating the size need to patch when doing inline hook, et cetera.
LDE64 is designed by beatrix(I guess...)
Post Reply