Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How is there any discrepancy in accuracy? Isn’t it just a matter of following the spec?


The spec is very large, not particularly well written, and is not “total” (in the sense that AMD64 and IA32e and other x86-64 flavors are all subtly different). There are a lot of ways to get it wrong; even XED (the reference decoder from Intel) has bugs.

If I remember correct, the Intel SDM alone is over 3000 pages long.


lol, no. For one Capstone has a lot of bugs (it uses some old version of LLVM as its base) but the whole question of how to decode things is complicated because there are a lot of pitfalls and inconsistencies that different disassemblers handle differently. And what the hardware does is a different question entirely: it may not match the spec, or even other processors with the same ISA.


It just updated to the nearly latest LLVM, so that argument is void: https://github.com/capstone-engine/capstone/blob/next/docs/c...


I'll believe it when I see it. If I can go a few years without wasting time during a CTF because of an incorrect decode I'll change my tune.


This has been my experience as well. I’ve had to rip Capstone out of more research projects than I care to admit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: