• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1VERSION 1.0 CLASS
2BEGIN
3  MultiUse = -1  'True
4  Persistable = 0  'NotPersistable
5  DataBindingBehavior = 0  'vbNone
6  DataSourceBehavior  = 0  'vbNone
7  MTSTransactionMode  = 0  'NotAnMTSObject
8END
9Attribute VB_Name = "CInstDetails"
10Attribute VB_GlobalNameSpace = False
11Attribute VB_Creatable = True
12Attribute VB_PredeclaredId = False
13Attribute VB_Exposed = False
14Option Explicit
15'Capstone Disassembly Engine bindings for VB6
16'Contributed by FireEye FLARE Team
17'Author:  David Zimmer <david.zimmer@fireeye.com>, <dzzie@yahoo.com>
18'License: Apache
19'Copyright: FireEye 2017
20
21'Public Type cs_detail
22'    regs_read(0 To 11) As      Byte ' list of implicit registers read by this insn UNSIGNED
23'    regs_read_count As         Byte ' number of implicit registers read by this insn UNSIGNED
24'    regs_write(0 To 19) As     Byte ' list of implicit registers modified by this insn UNSIGNED
25'    regs_write_count As        Byte ' number of implicit registers modified by this insn UNSIGNED
26'    groups(0 To 7) As          Byte ' list of group this instruction belong to UNSIGNED
27'    groups_count As            Byte ' number of groups this insn belongs to UNSIGNED
28'
29'    // Architecture-specific instruction info
30'    union {
31'        cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode
32'        cs_arm64 arm64; // ARM64 architecture (aka AArch64)
33'        cs_arm arm;     // ARM architecture (including Thumb/Thumb2)
34'        cs_mips mips;   // MIPS architecture
35'        cs_ppc ppc; // PowerPC architecture
36'        cs_sparc sparc; // Sparc architecture
37'        cs_sysz sysz;   // SystemZ architecture
38'        cs_xcore xcore; // XCore architecture
39'    };
40'} cs_detail;
41
42Public regRead As New Collection
43Public regWritten As New Collection
44Public groups As New Collection
45Public parent As CDisassembler
46
47'this will be set to a class of the specific instruction info type by architecture..
48Public info As Object
49
50Private m_raw() As Byte
51
52Function toString() As String
53
54    On Error Resume Next
55
56    Dim ret() As String
57    Dim v, tmp
58
59    push ret, "Instruction details: "
60    push ret, String(40, "-")
61
62    If DEBUG_DUMP Then
63        push ret, "Raw: "
64        push ret, HexDump(m_raw)
65    End If
66
67    push ret, "Registers Read: " & regRead.count & IIf(regRead.count > 0, "  Values: " & col2Str(regRead), Empty)
68    push ret, "Registers Written: " & regWritten.count & IIf(regWritten.count > 0, "  Values: " & col2Str(regWritten), Empty)
69    push ret, "Groups: " & groups.count & IIf(groups.count > 0, "  Values: " & col2Str(groups), Empty)
70
71    'it is expected that each CXXInst class implements a toString() method..if not we catch the error anyway..
72    If Not info Is Nothing Then
73        push ret, info.toString()
74    End If
75
76    toString = Join(ret, vbCrLf)
77
78End Function
79
80Friend Sub LoadDetails(lpDetails As Long, parent As CDisassembler)
81
82    Dim cd As cs_detail
83    Dim i As Long
84    Dim x86 As CX86Inst
85
86    Set Me.parent = parent
87
88    'vbdef only contains up to the groups_count field..
89    CopyMemory ByVal VarPtr(cd), ByVal lpDetails, LenB(cd)
90
91    If DEBUG_DUMP Then
92        ReDim m_raw(LenB(cd))
93        CopyMemory ByVal VarPtr(m_raw(0)), ByVal lpDetails, LenB(cd)
94    End If
95
96    For i = 1 To cd.regs_read_count
97        regRead.Add cd.regs_read(i - 1)
98    Next
99
100    For i = 1 To cd.regs_write_count
101        regWritten.Add cd.regs_write(i - 1)
102    Next
103
104    For i = 1 To cd.groups_count
105        groups.Add cd.groups(i - 1)
106    Next
107
108    Const align = 5
109
110    'each arch needs its own CxxInstr class implemented here...
111    If parent.arch = CS_ARCH_X86 Then
112        Set x86 = New CX86Inst
113        x86.LoadDetails lpDetails + LenB(cd) + align, parent
114        Set info = x86
115    End If
116
117
118
119End Sub
120