среда, 18 декабря 2013 г.

Capstone

I play a bit today with this disasm library with BSD license and I should note that it is now virtually unusable
  1. size of libcapstone.so is 6.5Mb and even if you remove arch/Mips, arch/AArch64 and arch/ARM from Makefile size of libcapstone.so is still 3.5Mb. Just to compare - size of libudis86.a on the same machine is only 452Kb
  2. with udis86 you can easy remove tables with mnemonics (for example they are useless in code analyzers) but this is hard to do with capstone - every arch/mapping.c file contains mix of register names, mnemonic tabs and insn_map structures
  3. X86GenDisassemblerTables.inc has size 37Mb ! Authors claim "That is the price to pay for good performance". Perhaps, but 37Mb - it's too much IMHO
  4. It seems also that it is very hard to build a library that will fill cs_x86 structure and does not contain references to xprintf or other CRT functions (for example if you plan to use this library in kernel mode driver)

2 комментария:

  1. I've actually worked on a MSVC port of it, and also pushed for changes to make it usable in a kernel environment. Right now I have it working on a driver just fine. I agree the size is still huge, and there's some work to be done to modularize it better (for example, I don't need string representation of instructions).

    But the performance and stability is light-years ahead of other projects.

    ОтветитьУдалить
  2. All your comments are addressed in the most recent version -- which is as small as < 300KB and also has instruction modularization, avoidance of the CRT, kernel support, MSVC, etc.

    ОтветитьУдалить