IDontCode
/
keystone
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f892b52f68'
${ noResults }
keystone/bindings/vb6/Form1.frm

193 lines
6.5 KiB
Raw Blame History

VERSION 5.00
Object = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}#2.0#0"; "mscomctl.ocx"
Begin VB.Form Form1
Caption = "Keystone Assembler Engine VB6 Bindings - Contributed by FireEye FLARE team"
ClientHeight = 4680
ClientLeft = 60
ClientTop = 345
ClientWidth = 10860
LinkTopic = "Form1"
ScaleHeight = 4680
ScaleWidth = 10860
StartUpPosition = 2 'CenterScreen
Begin VB.CommandButton Command1
Caption = "Copy"
Height = 375
Left = 4680
TabIndex = 1
Top = 4200
Width = 1695
End
Begin MSComctlLib.ListView lv
Height = 3975
Left = 120
TabIndex = 0
Top = 120
Width = 10695
_ExtentX = 18865
_ExtentY = 7011
View = 3
LabelEdit = 1
LabelWrap = -1 'True
HideSelection = -1 'True
FullRowSelect = -1 'True
GridLines = -1 'True
_Version = 393217
ForeColor = -2147483640
BackColor = -2147483643
BorderStyle = 1
Appearance = 1
NumItems = 3
BeginProperty ColumnHeader(1) {BDD1F052-858B-11D1-B16A-00C0F0283628}
Text = "arch"
Object.Width = 5292
EndProperty
BeginProperty ColumnHeader(2) {BDD1F052-858B-11D1-B16A-00C0F0283628}
SubItemIndex = 1
Text = "asm"
Object.Width = 5292
EndProperty
BeginProperty ColumnHeader(3) {BDD1F052-858B-11D1-B16A-00C0F0283628}
SubItemIndex = 2
Text = "bytes"
Object.Width = 14111
EndProperty
End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
'Keystone Assembly Engine bindings for VB6
'Contributed by FireEye FLARE Team
'Author: David Zimmer <david.zimmer@fireeye.com>, <dzzie@yahoo.com>
'License: Apache
'Copyright: FireEye 2017
'NOTE: the VB code was built and tested against the latest binary release: Keystone 0.9.1
' I will enabled the symbol resolver once it makes it into the stable release
Private Sub Form_Load()
Const base As Long = 0 '&H1000
initDll
If hLib <> 0 Then Me.Caption = Me.Caption & " - loaded KeyStone v" & version
'MsgBox err2str(KS_ERR_ASM_SYMBOL_MISSING)
' X86
'AddResult test_ks(KS_ARCH_X86, KS_MODE_32, "jmp 0x2000; nop; nop;", 0, base)
AddResult test_ks(KS_ARCH_X86, KS_MODE_16, "add eax, ecx", 0, base)
AddResult test_ks(KS_ARCH_X86, KS_MODE_32, "add eax, ecx", 0, base)
AddResult test_ks(KS_ARCH_X86, KS_MODE_64, "add rax, rcx", 0, base)
AddResult test_ks(KS_ARCH_X86, KS_MODE_32, "add %ecx, %eax", KS_OPT_SYNTAX_ATT, base)
AddResult test_ks(KS_ARCH_X86, KS_MODE_64, "add %rcx, %rax", KS_OPT_SYNTAX_ATT, base)
' ARM
AddResult test_ks(KS_ARCH_ARM, KS_MODE_ARM, "sub r1, r2, r5", 0, base)
AddResult test_ks(KS_ARCH_ARM, KS_MODE_ARM + KS_MODE_BIG_ENDIAN, "sub r1, r2, r5", 0, base)
AddResult test_ks(KS_ARCH_ARM, KS_MODE_THUMB, "movs r4, #0xf0", 0, base)
AddResult test_ks(KS_ARCH_ARM, KS_MODE_THUMB + KS_MODE_BIG_ENDIAN, "movs r4, #0xf0", 0, base)
' ARM64
AddResult test_ks(KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN, "ldr w1, [sp, #0x8]", 0, base)
' Hexagon
AddResult test_ks(KS_ARCH_HEXAGON, KS_MODE_BIG_ENDIAN, "v23.w=vavg(v11.w,v2.w):rnd", 0, base)
' Mips
AddResult test_ks(KS_ARCH_MIPS, KS_MODE_MIPS32, "and $9, $6, $7", 0)
AddResult test_ks(KS_ARCH_MIPS, KS_MODE_MIPS32 + KS_MODE_BIG_ENDIAN, "and $9, $6, $7", 0, base)
AddResult test_ks(KS_ARCH_MIPS, KS_MODE_MIPS64, "and $9, $6, $7", 0)
AddResult test_ks(KS_ARCH_MIPS, KS_MODE_MIPS64 + KS_MODE_BIG_ENDIAN, "and $9, $6, $7", 0, base)
' PowerPC
AddResult test_ks(KS_ARCH_PPC, KS_MODE_PPC32 + KS_MODE_BIG_ENDIAN, "add 1, 2, 3", 0, base)
AddResult test_ks(KS_ARCH_PPC, KS_MODE_PPC64, "add 1, 2, 3", 0)
AddResult test_ks(KS_ARCH_PPC, KS_MODE_PPC64 + KS_MODE_BIG_ENDIAN, "add 1, 2, 3", 0, base)
' Sparc
AddResult test_ks(KS_ARCH_SPARC, KS_MODE_SPARC32 + KS_MODE_LITTLE_ENDIAN, "add %g1, %g2, %g3", 0, base)
AddResult test_ks(KS_ARCH_SPARC, KS_MODE_SPARC32 + KS_MODE_BIG_ENDIAN, "add %g1, %g2, %g3", 0, base)
' SystemZ
AddResult test_ks(KS_ARCH_SYSTEMZ, KS_MODE_BIG_ENDIAN, "a %r0, 4095(%r15,%r1)", 0, base)
' symbol resolver test (will enable once in stable release binaries not tested yet)
'AddResult test_ks(KS_ARCH_X86, KS_MODE_32, "jmp _l1; nop", 0, , base, True)
End Sub
Public Function test_ks(arch As ks_arch, mode As ks_mode, assembly As String, Optional syntax As ks_opt_type = 0, Optional base As Long = 0, Optional withResolver As Boolean = False) As CAsmResult
Dim r As New CAsmResult
Dim buf As Long, size As Long, count As Long, b() As Byte
Dim hKeystone As Long
Dim address As Currency
Set test_ks = r
If hLib = 0 Then initDll r
If hLib = 0 Then Exit Function
r.arch = arch
r.mode = mode
r.syntax = syntax
r.source = assembly
If ks_arch_supported(arch) = 0 Then
r.errMsg = "specified architecture not supported"
Exit Function
End If
r.lastErr = ks_open(arch, mode, hKeystone)
If r.lastErr <> KS_ERR_OK Then
r.errMsg = err2str(r.lastErr)
Exit Function
End If
'If withResolver Then setResolver hKeystone, AddressOf vbSymResolver
If syntax <> 0 Then Call ks_option(hKeystone, KS_OPT_SYNTAX, syntax)
address = lng2Cur(base)
r.lastErr = ks_asm(hKeystone, assembly, address, buf, size, count)
If r.lastErr = KS_ERR_OK Then
ReDim b(size - 1)
CopyMemory ByVal VarPtr(b(0)), ByVal buf, size
ks_free buf
r.result = b()
r.count = count
r.size = size
End If
ks_close hKeystone
End Function
Function AddResult(r As CAsmResult)
Dim li As ListItem
Set li = lv.ListItems.Add(, , ks_arch2str(r.arch))
li.SubItems(1) = r.source
If r.hadErr Then
li.SubItems(2) = "Error: " & r.errMsg
Else
li.SubItems(2) = b2Str(r.result)
End If
Set li.Tag = r
End Function
Private Sub Command1_Click()
Clipboard.Clear
Clipboard.SetText GetAllElements(lv)
End Sub
Reference in new issue View Git Blame Copy Permalink