You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
120 lines
3.7 KiB
120 lines
3.7 KiB
VERSION 1.0 CLASS
|
|
BEGIN
|
|
MultiUse = -1 'True
|
|
Persistable = 0 'NotPersistable
|
|
DataBindingBehavior = 0 'vbNone
|
|
DataSourceBehavior = 0 'vbNone
|
|
MTSTransactionMode = 0 'NotAnMTSObject
|
|
END
|
|
Attribute VB_Name = "CInstDetails"
|
|
Attribute VB_GlobalNameSpace = False
|
|
Attribute VB_Creatable = True
|
|
Attribute VB_PredeclaredId = False
|
|
Attribute VB_Exposed = False
|
|
Option Explicit
|
|
'Capstone Disassembly Engine bindings for VB6
|
|
'Contributed by FireEye FLARE Team
|
|
'Author: David Zimmer <david.zimmer@fireeye.com>, <dzzie@yahoo.com>
|
|
'License: Apache
|
|
'Copyright: FireEye 2017
|
|
|
|
'Public Type cs_detail
|
|
' regs_read(0 To 15) As Byte ' list of implicit registers read by this insn UNSIGNED
|
|
' regs_read_count As Byte ' number of implicit registers read by this insn UNSIGNED
|
|
' regs_write(0 To 19) As Byte ' list of implicit registers modified by this insn UNSIGNED
|
|
' regs_write_count As Byte ' number of implicit registers modified by this insn UNSIGNED
|
|
' groups(0 To 7) As Byte ' list of group this instruction belong to UNSIGNED
|
|
' groups_count As Byte ' number of groups this insn belongs to UNSIGNED
|
|
'
|
|
' // Architecture-specific instruction info
|
|
' union {
|
|
' cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode
|
|
' cs_arm64 arm64; // ARM64 architecture (aka AArch64)
|
|
' cs_arm arm; // ARM architecture (including Thumb/Thumb2)
|
|
' cs_mips mips; // MIPS architecture
|
|
' cs_ppc ppc; // PowerPC architecture
|
|
' cs_sparc sparc; // Sparc architecture
|
|
' cs_sysz sysz; // SystemZ architecture
|
|
' cs_xcore xcore; // XCore architecture
|
|
' };
|
|
'} cs_detail;
|
|
|
|
Public regRead As New Collection
|
|
Public regWritten As New Collection
|
|
Public groups As New Collection
|
|
Public parent As CDisassembler
|
|
|
|
'this will be set to a class of the specific instruction info type by architecture..
|
|
Public info As Object
|
|
|
|
Private m_raw() As Byte
|
|
|
|
Function toString() As String
|
|
|
|
On Error Resume Next
|
|
|
|
Dim ret() As String
|
|
Dim v, tmp
|
|
|
|
push ret, "Instruction details: "
|
|
push ret, String(40, "-")
|
|
|
|
If DEBUG_DUMP Then
|
|
push ret, "Raw: "
|
|
push ret, HexDump(m_raw)
|
|
End If
|
|
|
|
push ret, "Registers Read: " & regRead.count & IIf(regRead.count > 0, " Values: " & col2Str(regRead), Empty)
|
|
push ret, "Registers Written: " & regWritten.count & IIf(regWritten.count > 0, " Values: " & col2Str(regWritten), Empty)
|
|
push ret, "Groups: " & groups.count & IIf(groups.count > 0, " Values: " & col2Str(groups), Empty)
|
|
|
|
'it is expected that each CXXInst class implements a toString() method..if not we catch the error anyway..
|
|
If Not info Is Nothing Then
|
|
push ret, info.toString()
|
|
End If
|
|
|
|
toString = Join(ret, vbCrLf)
|
|
|
|
End Function
|
|
|
|
Friend Sub LoadDetails(lpDetails As Long, parent As CDisassembler)
|
|
|
|
Dim cd As cs_detail
|
|
Dim i As Long
|
|
Dim x86 As CX86Inst
|
|
|
|
Set Me.parent = parent
|
|
|
|
'vbdef only contains up to the groups_count field..
|
|
CopyMemory ByVal VarPtr(cd), ByVal lpDetails, LenB(cd)
|
|
|
|
If DEBUG_DUMP Then
|
|
ReDim m_raw(LenB(cd))
|
|
CopyMemory ByVal VarPtr(m_raw(0)), ByVal lpDetails, LenB(cd)
|
|
End If
|
|
|
|
For i = 1 To cd.regs_read_count
|
|
regRead.Add cd.regs_read(i - 1)
|
|
Next
|
|
|
|
For i = 1 To cd.regs_write_count
|
|
regWritten.Add cd.regs_write(i - 1)
|
|
Next
|
|
|
|
For i = 1 To cd.groups_count
|
|
groups.Add cd.groups(i - 1)
|
|
Next
|
|
|
|
Const align = 5
|
|
|
|
'each arch needs its own CxxInstr class implemented here...
|
|
If parent.arch = CS_ARCH_X86 Then
|
|
Set x86 = New CX86Inst
|
|
x86.LoadDetails lpDetails + LenB(cd) + align, parent
|
|
Set info = x86
|
|
End If
|
|
|
|
|
|
|
|
End Sub
|