You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm working on a project that requires me to identify the offset and size of particular operands in the original binary. I need to know the size, in bytes, of the operand in the original binary. Currently, this is only for x86, and I thought that the size attribute on cs_x86_op would be what I needed:
// Instruction operand
typedef struct cs_x86_op {
...
// size of this operand (in bytes).
uint8_t size;
...
} cs_x86_op;
Unfortunately, the size attribute seems to only return 8 or 4 with no regard for the actual size of the operand, as found by using objdump and then counting bytes by hand.
1282: 48 89 c7 mov %rax,%rdi
1285: e8 16 fe ff ff callq 10a0 /// <--- operand is less that 8 bytes wide
128a: 90 nop
Is there any way at all to reliably get the size of the operands in bytes? If not, can this feature be added easily? I'm willing to add it myself if necessary, but I'm not familiar with the capstone codebase. If @kabeor, @aquynh or someone could take a moment to tell me if this is possible, or give me a suggestion for how it could be implemented, that would be great.
The text was updated successfully, but these errors were encountered:
we could add it eventually with the new auto-sync feature (see: #1949).
But this would take quite some time, because the priority currently is to get the update feature done (and not extent Capstone).
But I will add entry documentation about the design of the updater and Capstone itself in the next weeks. So you could add the feature yourself.
I'm working on a project that requires me to identify the offset and size of particular operands in the original binary. I need to know the size, in bytes, of the operand in the original binary. Currently, this is only for x86, and I thought that the
size
attribute oncs_x86_op
would be what I needed:Unfortunately, the size attribute seems to only return 8 or 4 with no regard for the actual size of the operand, as found by using
objdump
and then counting bytes by hand.output:
objdump:
Is there any way at all to reliably get the size of the operands in bytes? If not, can this feature be added easily? I'm willing to add it myself if necessary, but I'm not familiar with the capstone codebase. If @kabeor, @aquynh or someone could take a moment to tell me if this is possible, or give me a suggestion for how it could be implemented, that would be great.
The text was updated successfully, but these errors were encountered: