1VERSION 1.0 CLASS 2BEGIN 3 MultiUse = -1 'True 4 Persistable = 0 'NotPersistable 5 DataBindingBehavior = 0 'vbNone 6 DataSourceBehavior = 0 'vbNone 7 MTSTransactionMode = 0 'NotAnMTSObject 8END 9Attribute VB_Name = "CInstDetails" 10Attribute VB_GlobalNameSpace = False 11Attribute VB_Creatable = True 12Attribute VB_PredeclaredId = False 13Attribute VB_Exposed = False 14Option Explicit 15'Capstone Disassembly Engine bindings for VB6 16'Contributed by FireEye FLARE Team 17'Author: David Zimmer <david.zimmer@fireeye.com>, <dzzie@yahoo.com> 18'License: Apache 19'Copyright: FireEye 2017 20 21'Public Type cs_detail 22' regs_read(0 To 11) As Byte ' list of implicit registers read by this insn UNSIGNED 23' regs_read_count As Byte ' number of implicit registers read by this insn UNSIGNED 24' regs_write(0 To 19) As Byte ' list of implicit registers modified by this insn UNSIGNED 25' regs_write_count As Byte ' number of implicit registers modified by this insn UNSIGNED 26' groups(0 To 7) As Byte ' list of group this instruction belong to UNSIGNED 27' groups_count As Byte ' number of groups this insn belongs to UNSIGNED 28' 29' // Architecture-specific instruction info 30' union { 31' cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode 32' cs_arm64 arm64; // ARM64 architecture (aka AArch64) 33' cs_arm arm; // ARM architecture (including Thumb/Thumb2) 34' cs_mips mips; // MIPS architecture 35' cs_ppc ppc; // PowerPC architecture 36' cs_sparc sparc; // Sparc architecture 37' cs_sysz sysz; // SystemZ architecture 38' cs_xcore xcore; // XCore architecture 39' }; 40'} cs_detail; 41 42Public regRead As New Collection 43Public regWritten As New Collection 44Public groups As New Collection 45Public parent As CDisassembler 46 47'this will be set to a class of the specific instruction info type by architecture.. 48Public info As Object 49 50Private m_raw() As Byte 51 52Function toString() As String 53 54 On Error Resume Next 55 56 Dim ret() As String 57 Dim v, tmp 58 59 push ret, "Instruction details: " 60 push ret, String(40, "-") 61 62 If DEBUG_DUMP Then 63 push ret, "Raw: " 64 push ret, HexDump(m_raw) 65 End If 66 67 push ret, "Registers Read: " & regRead.count & IIf(regRead.count > 0, " Values: " & col2Str(regRead), Empty) 68 push ret, "Registers Written: " & regWritten.count & IIf(regWritten.count > 0, " Values: " & col2Str(regWritten), Empty) 69 push ret, "Groups: " & groups.count & IIf(groups.count > 0, " Values: " & col2Str(groups), Empty) 70 71 'it is expected that each CXXInst class implements a toString() method..if not we catch the error anyway.. 72 If Not info Is Nothing Then 73 push ret, info.toString() 74 End If 75 76 toString = Join(ret, vbCrLf) 77 78End Function 79 80Friend Sub LoadDetails(lpDetails As Long, parent As CDisassembler) 81 82 Dim cd As cs_detail 83 Dim i As Long 84 Dim x86 As CX86Inst 85 86 Set Me.parent = parent 87 88 'vbdef only contains up to the groups_count field.. 89 CopyMemory ByVal VarPtr(cd), ByVal lpDetails, LenB(cd) 90 91 If DEBUG_DUMP Then 92 ReDim m_raw(LenB(cd)) 93 CopyMemory ByVal VarPtr(m_raw(0)), ByVal lpDetails, LenB(cd) 94 End If 95 96 For i = 1 To cd.regs_read_count 97 regRead.Add cd.regs_read(i - 1) 98 Next 99 100 For i = 1 To cd.regs_write_count 101 regWritten.Add cd.regs_write(i - 1) 102 Next 103 104 For i = 1 To cd.groups_count 105 groups.Add cd.groups(i - 1) 106 Next 107 108 Const align = 5 109 110 'each arch needs its own CxxInstr class implemented here... 111 If parent.arch = CS_ARCH_X86 Then 112 Set x86 = New CX86Inst 113 x86.LoadDetails lpDetails + LenB(cd) + align, parent 114 Set info = x86 115 End If 116 117 118 119End Sub 120