• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1VERSION 1.0 CLASS
2BEGIN
3  MultiUse = -1  'True
4  Persistable = 0  'NotPersistable
5  DataBindingBehavior = 0  'vbNone
6  DataSourceBehavior  = 0  'vbNone
7  MTSTransactionMode  = 0  'NotAnMTSObject
8END
9Attribute VB_Name = "CInstruction"
10Attribute VB_GlobalNameSpace = False
11Attribute VB_Creatable = True
12Attribute VB_PredeclaredId = False
13Attribute VB_Exposed = False
14Option Explicit
15
16'Capstone Disassembly Engine bindings for VB6
17'Contributed by FireEye FLARE Team
18'Author:  David Zimmer <david.zimmer@fireeye.com>, <dzzie@yahoo.com>
19'License: Apache
20'Copyright: FireEye 2017
21
22
23'Public Type cs_insn
24'                              ' Instruction ID (basically a numeric ID for the instruction mnemonic)
25'                              ' Find the instruction id in the '[ARCH]_insn' enum in the header file
26'                              ' of corresponding architecture, such as 'arm_insn' in arm.h for ARM,
27'                              ' 'x86_insn' in x86.h for X86, etc...
28'                              ' available even when CS_OPT_DETAIL = CS_OPT_OFF
29'                              ' NOTE: in Skipdata mode, "data" instruction has 0 for this id field. UNSIGNED
30'    id As Long                '
31'    align As Long             'not sure why it needs this..but it does..
32'    address As Currency       ' Address (EIP) of this instruction available even when CS_OPT_DETAIL = CS_OPT_OFF UNSIGNED
33'    size As Integer           ' Size of this instruction available even when CS_OPT_DETAIL = CS_OPT_OFF UNSIGNED
34'    bytes(0 To 15) As Byte    ' Machine bytes of this instruction, with number of bytes indicated by @size above available even when CS_OPT_DETAIL = CS_OPT_OFF
35'    mnemonic(0 To 31) As Byte ' Ascii text of instruction mnemonic available even when CS_OPT_DETAIL = CS_OPT_OFF
36'    op_str(0 To 159) As Byte  ' Ascii text of instruction operands available even when CS_OPT_DETAIL = CS_OPT_OFF
37'
38'                              ' Pointer to cs_detail.
39'                              ' NOTE: detail pointer is only valid when both requirements below are met:
40'                              ' (1) CS_OP_DETAIL = CS_OPT_ON
41'                              ' (2) Engine is not in Skipdata mode (CS_OP_SKIPDATA option set to CS_OPT_ON)
42'                              ' NOTE 2: when in Skipdata mode, or when detail mode is OFF, even if this pointer
43'                              '  is not NULL, its content is still irrelevant.
44'    lpDetail As Long          '  points to a cs_detail structure NOTE: only available when CS_OPT_DETAIL = CS_OPT_ON
45'
46'End Type
47
48Public ID As Long
49Public address As Currency
50Public size As Long
51Private m_bytes() As Byte
52Public instruction As String
53Public operand As String
54Public lpDetails As Long
55Public parent As CDisassembler
56
57Public details As CInstDetails 'may be null
58
59Property Get bytes() As Byte()
60    bytes = Me.bytes()
61End Property
62
63Property Get byteDump(Optional padding = 15) As String
64    Dim b As String, i As Long
65    For i = 0 To UBound(m_bytes)
66        b = b & hhex(m_bytes(i)) & " "
67    Next
68    byteDump = rpad(b, padding)
69End Property
70
71Property Get text() As String
72
73    text = cur2str(address) & "    " & byteDump & "    " & instruction & " " & operand
74
75End Property
76
77Function toString() As String
78
79    Dim r() As String
80
81    push r, "CInstruction: "
82    push r, String(40, "-")
83    push r, "Id: " & Hex(ID)
84    push r, "address: " & cur2str(address)
85    push r, "size: " & Hex(size)
86    push r, "bytes: " & byteDump()
87    push r, "instruction: " & instruction
88    push r, "operand: " & operand
89    push r, "lpDetails: " & Hex(lpDetails)
90
91    If Not details Is Nothing Then
92        push r, details.toString()
93    End If
94
95    toString = Join(r, vbCrLf)
96
97End Function
98
99Friend Sub LoadInstruction(instAry As Long, index As Long, parent As CDisassembler)
100
101    Dim inst As cs_insn
102    Dim i As Long
103
104    getInstruction instAry, index, VarPtr(inst), LenB(inst)
105
106    ID = inst.ID
107    address = inst.address
108    size = inst.size
109    lpDetails = inst.lpDetail
110    Set Me.parent = parent
111
112    m_bytes() = inst.bytes
113    ReDim Preserve m_bytes(size - 1)
114
115    For i = 0 To UBound(inst.mnemonic)
116        If inst.mnemonic(i) = 0 Then Exit For
117        instruction = instruction & Chr(inst.mnemonic(i))
118    Next
119
120    For i = 0 To UBound(inst.op_str)
121        If inst.op_str(i) = 0 Then Exit For
122        operand = operand & Chr(inst.op_str(i))
123    Next
124
125    If lpDetails = 0 Then Exit Sub
126    Set details = New CInstDetails
127    details.LoadDetails lpDetails, parent
128
129End Sub
130
131
132
133
134