1 VERSION 1.0 CLASS 2 BEGIN 3 MultiUse = -1 'True 4 Persistable = 0 'NotPersistable 5 DataBindingBehavior = 0 'vbNone 6 DataSourceBehavior = 0 'vbNone 7 MTSTransactionMode = 0 'NotAnMTSObject 8 END 9 Attribute VB_Name = "CInstDetails" 10 Attribute VB_GlobalNameSpace = False 11 Attribute VB_Creatable = True 12 Attribute VB_PredeclaredId = False 13 Attribute VB_Exposed = False 14 Option Explicit 15 'Capstone Disassembly Engine bindings for VB6 16 'Contributed by FireEye FLARE Team 17 'Author: David Zimmer <david.zimmer (a] fireeye.com>, <dzzie (a] yahoo.com> 18 'License: Apache 19 'Copyright: FireEye 2017 20 21 'Public Type cs_detail 22 ' regs_read(0 To 11) As Byte ' list of implicit registers read by this insn UNSIGNED 23 ' regs_read_count As Byte ' number of implicit registers read by this insn UNSIGNED 24 ' regs_write(0 To 19) As Byte ' list of implicit registers modified by this insn UNSIGNED 25 ' regs_write_count As Byte ' number of implicit registers modified by this insn UNSIGNED 26 ' groups(0 To 7) As Byte ' list of group this instruction belong to UNSIGNED 27 ' groups_count As Byte ' number of groups this insn belongs to UNSIGNED 28 ' 29 ' // Architecture-specific instruction info 30 ' union { 31 ' cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode 32 ' cs_arm64 arm64; // ARM64 architecture (aka AArch64) 33 ' cs_arm arm; // ARM architecture (including Thumb/Thumb2) 34 ' cs_mips mips; // MIPS architecture 35 ' cs_ppc ppc; // PowerPC architecture 36 ' cs_sparc sparc; // Sparc architecture 37 ' cs_sysz sysz; // SystemZ architecture 38 ' cs_xcore xcore; // XCore architecture 39 ' }; 40 '} cs_detail; 41 42 Public regRead As New Collection 43 Public regWritten As New Collection 44 Public groups As New Collection 45 Public parent As CDisassembler 46 47 'this will be set to a class of the specific instruction info type by architecture.. 48 Public info As Object 49 50 Private m_raw() As Byte 51 52 Function toString() As String 53 54 On Error Resume Next 55 56 Dim ret() As String 57 Dim v, tmp 58 59 push ret, "Instruction details: " 60 push ret, String(40, "-") 61 62 If DEBUG_DUMP Then 63 push ret, "Raw: " 64 push ret, HexDump(m_raw) 65 End If 66 67 push ret, "Registers Read: " & regRead.count & IIf(regRead.count > 0, " Values: " & col2Str(regRead), Empty) 68 push ret, "Registers Written: " & regWritten.count & IIf(regWritten.count > 0, " Values: " & col2Str(regWritten), Empty) 69 push ret, "Groups: " & groups.count & IIf(groups.count > 0, " Values: " & col2Str(groups), Empty) 70 71 'it is expected that each CXXInst class implements a toString() method..if not we catch the error anyway.. 72 If Not info Is Nothing Then 73 push ret, info.toString() 74 End If 75 76 toString = Join(ret, vbCrLf) 77 78 End Function 79 80 Friend Sub LoadDetails(lpDetails As Long, parent As CDisassembler) 81 82 Dim cd As cs_detail 83 Dim i As Long 84 Dim x86 As CX86Inst 85 86 Set Me.parent = parent 87 88 'vbdef only contains up to the groups_count field.. 89 CopyMemory ByVal VarPtr(cd), ByVal lpDetails, LenB(cd) 90 91 If DEBUG_DUMP Then 92 ReDim m_raw(LenB(cd)) 93 CopyMemory ByVal VarPtr(m_raw(0)), ByVal lpDetails, LenB(cd) 94 End If 95 96 For i = 1 To cd.regs_read_count 97 regRead.Add cd.regs_read(i - 1) 98 Next 99 100 For i = 1 To cd.regs_write_count 101 regWritten.Add cd.regs_write(i - 1) 102 Next 103 104 For i = 1 To cd.groups_count 105 groups.Add cd.groups(i - 1) 106 Next 107 108 Const align = 5 109 110 'each arch needs its own CxxInstr class implemented here... 111 If parent.arch = CS_ARCH_X86 Then 112 Set x86 = New CX86Inst 113 x86.LoadDetails lpDetails + LenB(cd) + align, parent 114 Set info = x86 115 End If 116 117 118 119 End Sub 120
