Capstone
๐งฌ Reverse Engineering ยท C
Capstone is a lightweight, multi-platform, multi-architecture disassembly framework. It provides a clean, simple API to disassemble binary code into human-readable assembly for x86 (16/32/64-bit), ARM, ARM64, MIPS, PowerPC, SPARC, SystemZ, XCore, M68K, TMS320C64x, M680x, and EVM architectures. Capstone is the disassembly engine embedded in many major security tools including Ghidra, radare2/rizin, Cutter, Binary Ninja, and dozens of others. Its design emphasizes thread safety, zero external dependencies, and rich detail extraction - each disassembled instruction includes operand details, register access information, and instruction groups. Bindings are available for Python, Java, Go, Ruby, Rust, OCaml, and many other languages, making it the standard building block for custom disassembly and binary analysis tools.
Installation
pip (Python)
$ pip install capstonebrew (macOS)
$ brew install capstoneapt (Debian/Ubuntu)
$ sudo apt install libcapstone-devUse Cases
- Building custom disassembly tools for specific binary analysis workflows
- Extracting instruction-level details for automated binary analysis
- Embedding disassembly in security tools and malware analysis pipelines
- Cross-architecture disassembly in a single unified API
- Teaching and learning assembly language across multiple architectures
Tags
Details
- Category
- ๐งฌ Reverse Engineering
- Language
- C
- Repository
- capstone-engine/capstone
- Platforms
- ๐งlinux๐macos๐ชwindows
Links
Alternatives & Comparisons
Ghidra
JavaNSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Compare Capstone vs GhidraRadare2
CPortable reversing framework. Disassembly, debugging, analysis, patching, and scripting in a single CLI.
Compare Capstone vs Radare2Cutter
C++GUI for Radare2. Makes reverse engineering accessible with graphs, decompiler, and hex editor built in.
Compare Capstone vs CutterdnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
Compare Capstone vs dnSpyILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
Compare Capstone vs ILSpyx64dbg
C++Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
Compare Capstone vs x64dbgDetect It Easy
C++/QtBinary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
Compare Capstone vs Detect It Easyangr
PythonBinary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
Compare Capstone vs angrRetDec
C++Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.
Compare Capstone vs RetDecMore in Reverse Engineering
dnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
ILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
x64dbg
C++Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
Detect It Easy
C++/QtBinary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
angr
PythonBinary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
RetDec
C++Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.