It's just a wrapper around LLVM. So any project would be forced to ship also the corresponding LLVM version, if it's not present on the system - e.g. for Windows or embedded applications. A bit too much for a simple disassembler. So it's not a direct replacement for Capstone.
Full disclosure, I'm one of the nyxstone developers - so I might be biased.
In comparison to capstone, nyxstone lacks the features of instruction decomposition and providing read/written registers.
In addition, nyxstone directly interfaces with LLVM and thus is expected to be a lot slower than capstone, which uses
instruction tables generated by a modified LLVM.
I want to note here that Nyxstone is intended more as a replacement for Keystone than Capstone. We added the disassembler
mainly because we could. Compared to Keystone, nyxstone allows precise definition of target triple and ISA extensions,
allows definition of external labels, supports structured output with instruction details (address, bytes, assembly),
rejects partial and invalid inputs and rejects instructions not supported by the specific core
(for example UMAAL is supported by Cortex-M4, but not by Cortex-M3), and is more up to date.
Nyxstone does not require patches in the LLVM source tree, and thus is (I'd argue) more maintainable and easier to keep
up to date.
Capstone doesn't vendor LLVM either. It just contains some pieces of the LLVM-ish infrastructure that were converted from C++ to the pure C and are pretty lean, without any external dependency.
yeah I agree, and while everyone is suggesting tools which are really good but I designed mine to get rid of the flags and CLI interface. Good for tech people that keeps remembering flags, I'm not :(
My tool can do exactly the same (viewing internal structure, exporting objects, and see the uncompressed raw content for stream) with a graphical interface and without all this kind of flags (which one of the reasons I started to design this project with egui), but thanks for posting yours too.
argh, that's too bad, feel free to open an issue, what's happening in the console? It's panicking, isn't it? Feel free to contact me via email if you prefer
Nice! My tool should be runnable in the browser thanks to wasm compatibility with Rust + egui :) Btw I've just tried it, and it's a little bit buggy in Safari with a 504kb PDF (lots of objects though). Apart from that, is there a way to export the raw stream? Is there any reason of do you print all the raw streams as a text?
I don’t remember much about the work - it was just a quick and dirty app to help me debug PDF for my ReportMill work (10 years ago). I remember thinking there probably weren’t more than 100 people on the planet who would even care about it.
:D Well, I'm sure that half of reverse engineering community needs to thank you, and Zynamics for the important contribution for tools of static analysis. I just take the occasion to thank you for being an inspiration with such awesome tools like in BinNavi, BinDiff, and ultimately PDF dissector. When I was reading that it got discontinued, I just had that idea and started to reason about something focused on analysis, and applying some approaches we've already seen for the binary analysis tools.
Thanks for the list, the idea behind my tool was to try to code something that might fit an analyst that would take a fast look at the PDF. I'm also trying to figure out some fast heuristics to mark/highlight some peculiar stuff on the file itself.
Now regarding the tools you mentioned, I haven't checked out all of them, but part of them are interesting (and more mature, speaking of testing and compatibility). However some (at least the ones I was trying) are very basic, and they don't allow the "Save object as.." or uncompress it. I like the feature of displaying the PDF for preview :)
