The mnemonic to use for representing skipped data
The optional callback to use for handling bytes that cannot be interpreted as an instruction.
// Custom data that can be referred to in a callback delegate struct CallbackData{ int bytesToSkip; } auto myData = CallbackData(1); size_t myCallback(in ubyte[] code, size_t offset) { return myData.bytesToSkip++; // Always skip one more byte when encountering data } cs.skipData = true; // Enable skipdata mode cs.setupSkipdata("db", &myCallback); // Use custom callback, and "db" as custom mnemonic for data
Customises behaviour in SKIPDATA mode of operation
By default, disassembling will stop when it encounters a broken instruction. Most of the time, the reason is that this is data mixed inside the input.
When in SKIPDATA mode, some (unknown) amount of data until the next interpretable instruction will be skipped. Capstone considers the skipped data a special instruction with ID 0x00 and a mnemonic that defaults to ".byte". The operand string is a hex-code of the sequence of bytes it skipped.
By default, for each iteration, Capstone skips 1 byte on X86 architecture, 2 bytes on Thumb mode on Arm architecture, and 4 bytes for the rest. The reason while Capstone skips 1 byte on X86 is that X86 puts no restriction on instruction alignment, but other architectures enforce some requirements on this aspect.
To customise how many bytes to skip when encountering data, a Callback delegate can optonally be setup to return the corresponding number.