Disassembling is the opposite process of assembling. Disassemblers try to create the assembly code from the binary machine code. For this, we are using a Python module named Capstone. Capstone is a free, multiplatform and multi-architecture disassembler engine.

After installation, we can use this module in our Python scripts.

First, we need to run a simple test script:

from capstone import *
cs = Cs(CS_ARCH_X86, CS_MODE_64)
for i in cs.disasm('\x85\xC0', 0x1000)
   print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))

The output of the script will be as follows:

0x1000:     test  eax, eax

The first line imports the module, then initiates the capstone Python class with Cs, which takes two arguments: hardware architecture ...