So far, I’ve discussed basic binary analysis and disassembly techniques. But these basic techniques aren’t designed to handle obfuscated binaries that break standard disassembler assumptions or special-purpose analyses such as vulnerability scanning. Sometimes, even the scripting functionality offered by disassemblers isn’t enough to remedy this. In such cases, you can build your own specialized disassembly engine tailored to your needs.

In this chapter, you’ll learn how to implement a custom disassembler with Capstone, a disassembly framework that gives you full control over the entire analysis process. You’ll begin by exploring the Capstone API, using it to build a custom linear disassembler and a recursive disassembler. ...

Get Practical Binary Analysis now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.