Next Generation Disassembly Framework

Explore the groundbreaking Capstone disassembly framework in this 52-minute Black Hat conference talk by Quynh Nguyen Anh. Dive into the world of multi-architecture machine code analysis, reversing, and exploit development. Learn about the limitations of existing disassembly frameworks and discover how Capstone addresses these issues with its innovative features. Gain insights into the engine's architecture, implementation challenges, and its support for multiple architectures and platforms. Understand the advantages of Capstone's clean API, thread-safe design, and special support for firmware and OS kernel embedding. Explore cutting-edge binary analysis frameworks built on Capstone and their potential applications in reversing, exploitation development, and malware detection. Discover the future possibilities of this open-source disassembly engine and its impact on the security community.

Intro
Story behind Capstone
Binary analysis & software exploit
Disassemble machine code
X86 instruction encoding
Building disassembly frameworks is tedious
Demanding for a good disassembly framework
Available frameworks (2013)
Capstone's goals
Problems
Capstone status at 7-month old
Ambitions & ideas
Introduction on LLVM
LLVM's Machine Code (MC) layer
Advantages
Decide where to make the cut
extend LLVM's MC
Robustness of Capstone
Tricky X86 instructions