diff options
Diffstat (limited to 'capstone/bindings/vb6/Form1.frm')
| -rw-r--r-- | capstone/bindings/vb6/Form1.frm | 275 |
1 files changed, 275 insertions, 0 deletions
diff --git a/capstone/bindings/vb6/Form1.frm b/capstone/bindings/vb6/Form1.frm new file mode 100644 index 000000000..df71dbeb8 --- /dev/null +++ b/capstone/bindings/vb6/Form1.frm @@ -0,0 +1,275 @@ +VERSION 5.00
+Object = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}#2.0#0"; "mscomctl.ocx"
+Begin VB.Form Form1
+ Caption = "VB6 Bindings for Capstone Disassembly Engine - Contributed by FireEye FLARE Team"
+ ClientHeight = 7290
+ ClientLeft = 60
+ ClientTop = 345
+ ClientWidth = 10275
+ LinkTopic = "Form1"
+ ScaleHeight = 7290
+ ScaleWidth = 10275
+ StartUpPosition = 2 'CenterScreen
+ Begin VB.CommandButton Command2
+ Caption = "Save"
+ Height = 375
+ Left = 8760
+ TabIndex = 8
+ Top = 120
+ Width = 1455
+ End
+ Begin VB.CommandButton Command1
+ Caption = " Arm 64"
+ Height = 375
+ Index = 4
+ Left = 6840
+ TabIndex = 7
+ Top = 120
+ Width = 1455
+ End
+ Begin VB.CommandButton Command1
+ Caption = "Arm"
+ Height = 375
+ Index = 3
+ Left = 5160
+ TabIndex = 6
+ Top = 120
+ Width = 1455
+ End
+ Begin VB.CommandButton Command1
+ Caption = "x86 64bit"
+ Height = 375
+ Index = 2
+ Left = 3480
+ TabIndex = 5
+ Top = 120
+ Width = 1455
+ End
+ Begin VB.CommandButton Command1
+ Caption = "x86 16bit"
+ Height = 375
+ Index = 0
+ Left = 120
+ TabIndex = 4
+ Top = 120
+ Width = 1455
+ End
+ Begin VB.CommandButton Command1
+ Caption = "x86 32bit"
+ Height = 375
+ Index = 1
+ Left = 1800
+ TabIndex = 3
+ Top = 120
+ Width = 1455
+ End
+ Begin MSComctlLib.ListView lv
+ Height = 2415
+ Left = 120
+ TabIndex = 2
+ Top = 1440
+ Width = 10095
+ _ExtentX = 17806
+ _ExtentY = 4260
+ View = 3
+ LabelEdit = 1
+ LabelWrap = -1 'True
+ HideSelection = 0 'False
+ FullRowSelect = -1 'True
+ _Version = 393217
+ ForeColor = -2147483640
+ BackColor = -2147483643
+ BorderStyle = 1
+ Appearance = 1
+ BeginProperty Font {0BE35203-8F91-11CE-9DE3-00AA004BB851}
+ Name = "Courier"
+ Size = 9.75
+ Charset = 0
+ Weight = 400
+ Underline = 0 'False
+ Italic = 0 'False
+ Strikethrough = 0 'False
+ EndProperty
+ NumItems = 1
+ BeginProperty ColumnHeader(1) {BDD1F052-858B-11D1-B16A-00C0F0283628}
+ Object.Width = 2540
+ EndProperty
+ End
+ Begin VB.ListBox List1
+ BeginProperty Font
+ Name = "Courier"
+ Size = 9.75
+ Charset = 0
+ Weight = 400
+ Underline = 0 'False
+ Italic = 0 'False
+ Strikethrough = 0 'False
+ EndProperty
+ Height = 840
+ Left = 120
+ TabIndex = 1
+ Top = 600
+ Width = 10095
+ End
+ Begin VB.TextBox Text1
+ BeginProperty Font
+ Name = "Courier"
+ Size = 9.75
+ Charset = 0
+ Weight = 400
+ Underline = 0 'False
+ Italic = 0 'False
+ Strikethrough = 0 'False
+ EndProperty
+ Height = 3375
+ Left = 120
+ MultiLine = -1 'True
+ ScrollBars = 3 'Both
+ TabIndex = 0
+ Text = "Form1.frx":0000
+ Top = 3840
+ Width = 10095
+ End
+End
+Attribute VB_Name = "Form1"
+Attribute VB_GlobalNameSpace = False
+Attribute VB_Creatable = False
+Attribute VB_PredeclaredId = True
+Attribute VB_Exposed = False
+Option Explicit
+
+'Capstone Disassembly Engine bindings for VB6
+'Contributed by FireEye FLARE Team
+'Author: David Zimmer <david.zimmer@fireeye.com>, <dzzie@yahoo.com>
+'License: Apache
+'Copyright: FireEye 2017
+
+Dim cap As CDisassembler
+Dim lastSample As Long
+
+Private Sub Command1_Click(index As Integer)
+
+ Dim code() As Byte, arch As cs_arch, mode As cs_mode
+ lastSample = index
+
+ Const x86_code32 As String = "\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00\x8d\x87\x89\x67\x00\x00\xb4\xc6"
+ Const X86_CODE16 As String = "\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00\x8d\x87\x89\x67\x00\x00\xb4\xc6"
+ Const X86_CODE64 As String = "\x55\x48\x8b\x05\xb8\x13\x00\x00"
+ Const ARM_CODE As String = "\xED\xFF\xFF\xEB\x04\xe0\x2d\xe5\x00\x00\x00\x00\xe0\x83\x22\xe5\xf1\x02\x03\x0e\x00\x00\xa0\xe3\x02\x30\xc1\xe7\x00\x00\x53\xe3\x00\x02\x01\xf1\x05\x40\xd0\xe8\xf4\x80\x00\x00"
+ Const ARM64_CODE As String = "\x09\x00\x38\xd5\xbf\x40\x00\xd5\x0c\x05\x13\xd5\x20\x50\x02\x0e\x20\xe4\x3d\x0f\x00\x18\xa0\x5f\xa2\x00\xae\x9e\x9f\x37\x03\xd5\xbf\x33\x03\xd5\xdf\x3f\x03\xd5\x21\x7c\x02\x9b\x21\x7c\x00\x53\x00\x40\x21\x4b\xe1\x0b\x40\xb9\x20\x04\x81\xda\x20\x08\x02\x8b\x10\x5b\xe8\x3c"
+
+ Select Case index
+ Case 0:
+ arch = CS_ARCH_X86
+ mode = CS_MODE_16
+ code = toBytes(X86_CODE16)
+ Case 1:
+ arch = CS_ARCH_X86
+ mode = CS_MODE_32
+ code = toBytes(x86_code32)
+ Case 2:
+ arch = CS_ARCH_X86
+ mode = CS_MODE_64
+ code = toBytes(X86_CODE64)
+
+ Case 3:
+ arch = CS_ARCH_ARM
+ mode = CS_MODE_ARM
+ code = toBytes(ARM_CODE)
+
+ Case 4:
+ arch = CS_ARCH_ARM64
+ mode = CS_MODE_ARM
+ code = toBytes(ARM64_CODE)
+ End Select
+
+
+ test code, arch, mode
+
+End Sub
+
+Private Sub test(code() As Byte, arch As cs_arch, mode As cs_mode)
+
+
+ Dim ret As Collection
+ Dim ci As CInstruction
+ Dim li As ListItem
+
+ clearForm
+ If Not cap Is Nothing Then Set cap = Nothing
+
+ Set cap = New CDisassembler
+
+ If Not cap.init(arch, mode, True) Then
+ List1.AddItem "Failed to init engine: " & cap.errMsg
+ Exit Sub
+ End If
+
+ List1.AddItem "Capstone loaded @ 0x" & Hex(cap.hLib)
+ List1.AddItem "hEngine: 0x" & Hex(cap.hCapstone)
+ List1.AddItem "Version: " & cap.version
+
+ If cap.vMajor < 3 Then
+ List1.AddItem "Sample requires Capstone v3+"
+ Exit Sub
+ End If
+
+ Set ret = cap.disasm(&H1000, code)
+
+ For Each ci In ret
+ Set li = lv.ListItems.Add(, , ci.text)
+ Set li.Tag = ci
+ Next
+
+End Sub
+
+Private Sub Command2_Click()
+
+ Dim fName() As String
+ Dim fPath As String
+ Dim t() As String
+ Dim li As ListItem
+ Dim ci As CInstruction
+
+ On Error Resume Next
+
+ If lastSample = -1 Then
+ MsgBox "Run a test first..."
+ Exit Sub
+ End If
+
+ fName = Split("16b,32b,64b,Arm,Arm64", ",")
+
+ fPath = App.path & "\vb" & fName(lastSample) & "Test.txt"
+ If FileExists(fPath) Then Kill fPath
+
+ For Each li In lv.ListItems
+ push t, li.text
+ Set ci = li.Tag
+ push t, ci.toString()
+ push t, String(60, "-")
+ Next
+
+ WriteFile fPath, Join(t, vbCrLf)
+
+ MsgBox FileLen(fPath) & " bytes saved to: " & vbCrLf & vbCrLf & fPath
+
+End Sub
+
+Private Sub lv_ItemClick(ByVal Item As MSComctlLib.ListItem)
+ Dim ci As CInstruction
+ Set ci = Item.Tag
+ Text1 = ci.toString()
+End Sub
+
+Function clearForm()
+ List1.Clear
+ lv.ListItems.Clear
+ Text1 = Empty
+End Function
+
+Private Sub Form_Load()
+ lv.ColumnHeaders(1).Width = lv.Width
+ clearForm
+ lastSample = -1
+End Sub
|