You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
119 lines
3.8 KiB
119 lines
3.8 KiB
VERSION 1.0 CLASS |
|
BEGIN |
|
MultiUse = -1 'True |
|
Persistable = 0 'NotPersistable |
|
DataBindingBehavior = 0 'vbNone |
|
DataSourceBehavior = 0 'vbNone |
|
MTSTransactionMode = 0 'NotAnMTSObject |
|
END |
|
Attribute VB_Name = "CInstDetails" |
|
Attribute VB_GlobalNameSpace = False |
|
Attribute VB_Creatable = True |
|
Attribute VB_PredeclaredId = False |
|
Attribute VB_Exposed = False |
|
Option Explicit |
|
'Capstone Disassembly Engine bindings for VB6 |
|
'Contributed by FireEye FLARE Team |
|
'Author: David Zimmer <david.zimmer@fireeye.com>, <dzzie@yahoo.com> |
|
'License: Apache |
|
'Copyright: FireEye 2017 |
|
|
|
'Public Type cs_detail |
|
' regs_read(0 To 15) As Byte ' list of implicit registers read by this insn UNSIGNED |
|
' regs_read_count As Byte ' number of implicit registers read by this insn UNSIGNED |
|
' regs_write(0 To 19) As Byte ' list of implicit registers modified by this insn UNSIGNED |
|
' regs_write_count As Byte ' number of implicit registers modified by this insn UNSIGNED |
|
' groups(0 To 7) As Byte ' list of group this instruction belong to UNSIGNED |
|
' groups_count As Byte ' number of groups this insn belongs to UNSIGNED |
|
' |
|
' // Architecture-specific instruction info |
|
' union { |
|
' cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode |
|
' cs_arm64 arm64; // ARM64 architecture (aka AArch64) |
|
' cs_arm arm; // ARM architecture (including Thumb/Thumb2) |
|
' cs_mips mips; // MIPS architecture |
|
' cs_ppc ppc; // PowerPC architecture |
|
' cs_sparc sparc; // Sparc architecture |
|
' cs_sysz sysz; // SystemZ architecture |
|
' cs_xcore xcore; // XCore architecture |
|
' }; |
|
'} cs_detail; |
|
|
|
Public regRead As New Collection |
|
Public regWritten As New Collection |
|
Public groups As New Collection |
|
Public parent As CDisassembler |
|
|
|
'this will be set to a class of the specific instruction info type by architecture.. |
|
Public info As Object |
|
|
|
Private m_raw() As Byte |
|
|
|
Function toString() As String |
|
|
|
On Error Resume Next |
|
|
|
Dim ret() As String |
|
Dim v, tmp |
|
|
|
push ret, "Instruction details: " |
|
push ret, String(40, "-") |
|
|
|
If DEBUG_DUMP Then |
|
push ret, "Raw: " |
|
push ret, HexDump(m_raw) |
|
End If |
|
|
|
push ret, "Registers Read: " & regRead.count & IIf(regRead.count > 0, " Values: " & col2Str(regRead), Empty) |
|
push ret, "Registers Written: " & regWritten.count & IIf(regWritten.count > 0, " Values: " & col2Str(regWritten), Empty) |
|
push ret, "Groups: " & groups.count & IIf(groups.count > 0, " Values: " & col2Str(groups), Empty) |
|
|
|
'it is expected that each CXXInst class implements a toString() method..if not we catch the error anyway.. |
|
If Not info Is Nothing Then |
|
push ret, info.toString() |
|
End If |
|
|
|
toString = Join(ret, vbCrLf) |
|
|
|
End Function |
|
|
|
Friend Sub LoadDetails(lpDetails As Long, parent As CDisassembler) |
|
|
|
Dim cd As cs_detail |
|
Dim i As Long |
|
Dim x86 As CX86Inst |
|
|
|
Set Me.parent = parent |
|
|
|
'vbdef only contains up to the groups_count field.. |
|
CopyMemory ByVal VarPtr(cd), ByVal lpDetails, LenB(cd) |
|
|
|
If DEBUG_DUMP Then |
|
ReDim m_raw(LenB(cd)) |
|
CopyMemory ByVal VarPtr(m_raw(0)), ByVal lpDetails, LenB(cd) |
|
End If |
|
|
|
For i = 1 To cd.regs_read_count |
|
regRead.Add cd.regs_read(i - 1) |
|
Next |
|
|
|
For i = 1 To cd.regs_write_count |
|
regWritten.Add cd.regs_write(i - 1) |
|
Next |
|
|
|
For i = 1 To cd.groups_count |
|
groups.Add cd.groups(i - 1) |
|
Next |
|
|
|
Const align = 5 |
|
|
|
'each arch needs its own CxxInstr class implemented here... |
|
If parent.arch = CS_ARCH_X86 Then |
|
Set x86 = New CX86Inst |
|
x86.LoadDetails lpDetails + LenB(cd) + align, parent |
|
Set info = x86 |
|
End If |
|
|
|
|
|
|
|
End Sub
|
|
|