{"id":3808,"library":"smda","title":"SMDA: Static Malware Disassembly Analysis Library","description":"SMDA is a minimalist recursive disassembler library optimized for accurate Control Flow Graph (CFG) recovery, particularly from memory dumps. Built upon Capstone, it currently supports x86/x64 Intel machine code. It processes arbitrary memory dumps (ideally with known base address) to output a structured collection of functions, basic blocks, and instructions, including their respective edges. The library is actively maintained, with the current stable version being 2.5.3.","status":"active","version":"2.5.3","language":"en","source_language":"en","source_url":"https://github.com/danielplohmann/smda","tags":["disassembler","malware-analysis","security","reverse-engineering","capstone","cfg","binary-analysis","memory-forensics"],"install":[{"cmd":"pip install smda","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core disassembly engine.","package":"capstone","optional":false},{"reason":"Required for .NET CIL parsing.","package":"dncil","optional":false},{"reason":"Required for .NET file parsing.","package":"dnfile","optional":false},{"reason":"Binary parsing capabilities; version >= 0.16.0.","package":"lief","optional":false},{"reason":"Optional, for inferring references to the Windows API (via ApiScout), specifically a Python 3 compatible fork.","package":"pdbparse","optional":true}],"imports":[{"symbol":"Disassembler","correct":"from smda.Disassembler import Disassembler"},{"symbol":"SmdaReport","correct":"from smda.common.SmdaReport import SmdaReport"}],"quickstart":{"code":"import os\nfrom smda.Disassembler import Disassembler\nfrom smda.common.SmdaReport import SmdaReport\n\n# Create a dummy file for demonstration purposes\ndummy_file_path = \"dummy_binary.bin\"\n# A very simple x64 'ret' instruction (0xc3) as binary content\n# In a real scenario, this would be a full executable or memory dump\ndummy_binary_content = b\"\\xc3\"\n\ntry:\n    with open(dummy_file_path, \"wb\") as f:\n        f.write(dummy_binary_content)\n\n    # Initialize the disassembler\n    disassembler = Disassembler()\n\n    # Disassemble the dummy file\n    # For a real binary, replace dummy_file_path with an actual path, e.g., \"/bin/ls\"\n    # For a memory dump, use disassembleBuffer(buffer, base_address)\n    report: SmdaReport = disassembler.disassembleFile(dummy_file_path)\n\n    print(f\"\\nDisassembly Report for '{dummy_file_path}':\")\n    if report.functions:\n        print(f\"Detected {len(report.functions)} function(s).\")\n        for fn in report.getFunctions():\n            print(f\"Function at 0x{fn.offset:08x}:\")\n            for ins in fn.getInstructions():\n                print(f\"  0x{ins.offset:08x}: {ins.mnemonic} {ins.operands}\")\n            print(\"-\" * 20)\n    else:\n        print(\"No functions detected.\")\n\n    # The report can be converted to a dictionary for JSON serialization\n    # json_report = report.toDict()\n    # print(json_report) # Uncomment to see the full JSON representation\n\nfinally:\n    # Clean up the dummy file\n    if os.path.exists(dummy_file_path):\n        os.remove(dummy_file_path)\n","lang":"python","description":"This quickstart demonstrates how to use `smda` to disassemble a file. It creates a simple dummy binary, disassembles it, and then prints the detected functions and their instructions. The resulting `SmdaReport` object provides programmatic access to the disassembly results, which can also be converted to a dictionary for JSON output."},"warnings":[{"fix":"Update imports to `from smda.Disassembler import Disassembler` and `from smda.common.SmdaReport import SmdaReport`. Adjust code to interact with the `SmdaReport` object and call `.toDict()` explicitly if JSON is needed.","message":"Version 1.2.0 introduced significant API changes. The `config.py` module was restructured to `smda/SmdaConfig.py`, and the primary disassembly method now returns an `SmdaReport` object instead of a direct JSON output. Direct interaction with results should be done via the `SmdaReport` object, which offers a `toDict()` method for JSON serialization.","severity":"breaking","affected_versions":"<1.2.0"},{"fix":"Ensure your project runs on Python 3.8 or a newer version.","message":"While PyPI classifiers for older versions might indicate Python 2.7 compatibility, the GitHub README states that SMDA code should be fully compatible with Python 3.8+. It is strongly recommended to use Python 3.8 or newer for stable and supported functionality, as Python 2.7 is end-of-life and may lead to unexpected issues with recent `smda` versions.","severity":"gotcha","affected_versions":"All versions with Python 2.7 listed in classifiers, especially newer ones."},{"fix":"Check `smda` release notes for specific LIEF version recommendations. If issues arise, try aligning your LIEF installation with the version mentioned in the `smda` release closest to your `smda` version, or consider using a fresh virtual environment to ensure dependency isolation and correct versions.","message":"SMDA has a strict dependency on specific LIEF API versions, as noted by past adjustments (e.g., v1.10.0 adjusted to LIEF 0.12.3 API). Although `setup.py` currently specifies `lief>=0.16.0`, ensure that your installed LIEF version is compatible with your `smda` version to avoid unexpected parsing errors or crashes due to API mismatches.","severity":"gotcha","affected_versions":"All versions, particularly when upgrading SMDA or LIEF independently."}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}