distorm3 - distorm3 - binary stream disassembler library

diStorm is a lightweight, easy-to-use and fast decomposer library. It disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX!



    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install distorm3 rpm package:
      # dnf --enablerepo=forensics install distorm3


    2016-06-04 - Lawrence R. Rogers <lrr@cert.org> 3.3.4-1 * Release 3.3.4-1 Version 3.3.4.

    2015-11-18 - Lawrence R. Rogers <lrr@cert.org> 3.1-1 * Release 3.1-1 This is distorm3 version 3.1 that has been installed to solve this problem: https://code.google.com/p/volatility/issues/detail?id=342 Distorm3 version 3.3 is available but it has a problem in Volatility.

    2015-01-03 - Lawrence R. Rogers <lrr@cert.org> 3.0-1 * Release 3.0-1 See the changes here: https://code.google.com/p/distorm/source/list

    2012-09-30 - Lawrence R. Rogers <lrr@cert.org> 3-2 * Release 3-2 Fixed a text formatting problem with the MOVZX instruction, thanks to Jun Koi for reporting. Finally I got to fix the problem with the Python binding. I also had to fix a few other problems. I am testing everything and will upload a new version by tomorrow. Thanks for your patience.

    2012-07-29 - Lawrence R. Rogers <lrr@cert.org> 3-1 * Release 3-1 diStorm version 3.3 is now released. The structure of a decoded instruction now contains new fields that let one know how the instruction affected the CPU flags (modified, tested, undefined). For more info see the last three fields of the DInst structure inside DecomposeInterface. Compacted the DB of instructions much more, with another level of shared data among similar instructions... The Python bindings now support the control flow features that diStorm3 itself support, thanks to Vext01.

    2012-04-09 - Lawrence R. Rogers <lrr@cert.org> 2-1 * Release 2-1 A major release of diStorm3.2 is now available. Fixed many instructions, either operand accuracy problems or typos in mnemonics. Fixed a few bugs introduced in July 2011. Added new instructions such as: INVPCID, TZCNT, RDxSBASE, WRxSBASE, CVTPS2PH, CVTPH2PS and more. Added a new compiler directive DISTORM_LIGHT to compile only distorm_decompose (no text formatting) to make diStorm smaller in size (should save around 20kb), thanks to Marius Negrutiu of BullGuard. Fixed the Java wrapper to support latest version.

    2011-07-02 - Lawrence R. Rogers <lrr@cert.org> 1.0-1 * Release 1.0-1 Initial release