Skip to content

feat: add ARM disassembler operation #2156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
thomasxm wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: add ARM disassembler operation #2156

thomasxm wants to merge 1 commit into from
+8,544 −0

Conversation

@thomasxm
Copy link

@thomasxm thomasxm commented Jan 10, 2026

Summary

  • Adds new "Disassemble ARM" operation for ARM architecture disassembly
  • Uses Capstone disassembly framework with vendored capstone.min.js (includes upstream bug fix)
  • Supports ARM (32-bit), Thumb, and ARM64 (AArch64) architectures

Details

Supported Architectures

Architecture Modes
ARM (32-bit) ARM, Thumb, Thumb + Cortex-M, ARMv8
ARM64 (AArch64) Default

Features

  • Little Endian and Big Endian support
  • Configurable starting address for position-independent analysis
  • Toggle instruction hex bytes display
  • Toggle instruction position display

Why Capstone?

Capstone is the industry standard disassembly framework used by:

  • Radare2, Binary Ninja, IDA Pro plugins
  • Frida, Unicorn Engine, QEMU
  • Angr, Pwntools, ROPgadget

This ensures accurate disassembly for security research and binary analysis.

Test plan

11 automated tests covering ARM32, ARM64, and Thumb modes

Manual test vectors

ARM32:
Input: 0100a0e3 001081e0 001041e0
Output:
mov r0, #1
add r1, r1, r0
sub r1, r1, r0

ARM64:
Input: fd7bbfa9 fd030091 c0035fd6
Output:
stp x29, x30, [sp, #-0x10]!
mov x29, sp
ret

Thumb:
Input: 80b5 0844 80bd
Output:
push {r7, lr}
add r0, r1
pop {r7, pc}

Files changed

File Change
package.json Add @alexaltea/capstone-js dependency
src/core/operations/DisassembleARM.mjs New operation
src/core/vendor/capstone.min.js Vendored Capstone with bug fix
src/core/config/Categories.json Add to "Other" category
tests/operations/tests/DisassembleARM.mjs Test suite
tests/operations/index.mjs Register tests
Screenshot 2026-01-10 at 12 23 35

@thomasxm
feat: add ARM disassembler operation
5270e40 
Add new Disassemble ARM operation using Capstone.js disassembly framework.

Features:
- ARM32 (ARM mode, Thumb mode, Thumb + Cortex-M, ARMv8)
- ARM64 (AArch64)
- Little/Big Endian support
- Configurable start address
- Optional hex and position display

Includes vendored capstone.min.js with fix for cs_disasm parameter bug.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thomasxm