explaingit

capstone-engine/capstone

8,712CAudience · developerComplexity · 3/5LicenseSetup · moderate

TLDR

C disassembly library that reads raw bytes from a binary and returns human-readable CPU instructions and register-level metadata, supporting over a dozen processor architectures.

Mindmap

mindmap
  root((Capstone))
    What it does
      Binary disassembly
      Register tracing
      Multi-arch support
    Architectures
      x86 and x64
      ARM and ARM64
      RISC-V
      MIPS
    Language bindings
      Python
      Go
      Rust
      Java
    Use cases
      Security research
      Malware analysis
      Firmware embedding
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Build a malware analysis tool that disassembles a suspicious binary and traces which registers each instruction reads and writes.

USE CASE 2

Write a Python script that reads a compiled executable, identifies every instruction, and maps data flow through the program.

USE CASE 3

Embed a disassembler inside a firmware image or OS kernel to inspect machine code at runtime with no external dependencies.

Tech stack

CPythonGoRustJava

Getting it running

Difficulty · moderate Time to first run · 30min

Active development is on the `next` branch, not `master`, clone from `next` to get current features and fixes.

Use freely for any purpose, including commercial use, with attribution, the BSD license requires keeping the copyright notice and license text intact.

In plain English

Capstone is a library that reads compiled binary code and tells you what CPU instructions it contains. This process is called disassembly: you feed it raw bytes from an executable file or memory, and it gives back human-readable instruction names, operands, and detailed metadata about each operation. It is written in C and built for use by security researchers, malware analysts, and developers who need to inspect programs at the machine instruction level. The library supports a very wide range of processor types, including ARM, ARM64, x86 (32-bit and 64-bit), MIPS, PowerPC, SPARC, RISC-V, LoongArch, M68K, and about a dozen more. This breadth means the same API works regardless of what kind of binary you are analyzing. Beyond just naming each instruction, Capstone can also tell you which CPU registers an instruction reads from and writes to, which is useful when tracing how data flows through a program. The core is written in C to keep it fast and portable. Bindings are available for a long list of other languages including Python, Ruby, Go, Rust, Java, C#, Node.js, Haskell, and others, either bundled in the main repository or contributed by the community. It runs on all major operating systems, including Windows, macOS, Linux, iOS, Android, and several BSD variants. It is also designed to be embedded inside firmware or OS kernels where a full runtime environment may not be available. Note that the master branch visible here is deprecated. Active development happens on the next branch of the same repository, and that is where you should start if you are setting it up for the first time. The project is released under the BSD open-source license.

Copy-paste prompts

Prompt 1
Show me Python code using the capstone library to disassemble an x86-64 byte sequence and print each instruction's mnemonic and operands.
Prompt 2
How do I use Capstone to analyze an ARM64 binary and find all instructions that write to a specific register?
Prompt 3
Walk me through embedding Capstone in a C project to disassemble in-memory code at runtime without linking against a shared library.
Prompt 4
What Capstone API calls tell me which CPU registers are read and written by each instruction in a RISC-V binary?
Open on GitHub → Explain another repo

← capstone-engine on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.