rk3588-game
/
android13
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
android13/external/capstone/bindings/vb6/Form1.frm

276 lines
8.4 KiB
Plaintext
Raw Blame History

VERSION 5.00
Object = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}#2.0#0"; "mscomctl.ocx"
Begin VB.Form Form1
Caption = "VB6 Bindings for Capstone Disassembly Engine - Contributed by FireEye FLARE Team"
ClientHeight = 7290
ClientLeft = 60
ClientTop = 345
ClientWidth = 10275
LinkTopic = "Form1"
ScaleHeight = 7290
ScaleWidth = 10275
StartUpPosition = 2 'CenterScreen
Begin VB.CommandButton Command2
Caption = "Save"
Height = 375
Left = 8760
TabIndex = 8
Top = 120
Width = 1455
End
Begin VB.CommandButton Command1
Caption = " Arm 64"
Height = 375
Index = 4
Left = 6840
TabIndex = 7
Top = 120
Width = 1455
End
Begin VB.CommandButton Command1
Caption = "Arm"
Height = 375
Index = 3
Left = 5160
TabIndex = 6
Top = 120
Width = 1455
End
Begin VB.CommandButton Command1
Caption = "x86 64bit"
Height = 375
Index = 2
Left = 3480
TabIndex = 5
Top = 120
Width = 1455
End
Begin VB.CommandButton Command1
Caption = "x86 16bit"
Height = 375
Index = 0
Left = 120
TabIndex = 4
Top = 120
Width = 1455
End
Begin VB.CommandButton Command1
Caption = "x86 32bit"
Height = 375
Index = 1
Left = 1800
TabIndex = 3
Top = 120
Width = 1455
End
Begin MSComctlLib.ListView lv
Height = 2415
Left = 120
TabIndex = 2
Top = 1440
Width = 10095
_ExtentX = 17806
_ExtentY = 4260
View = 3
LabelEdit = 1
LabelWrap = -1 'True
HideSelection = 0 'False
FullRowSelect = -1 'True
_Version = 393217
ForeColor = -2147483640
BackColor = -2147483643
BorderStyle = 1
Appearance = 1
BeginProperty Font {0BE35203-8F91-11CE-9DE3-00AA004BB851}
Name = "Courier"
Size = 9.75
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
NumItems = 1
BeginProperty ColumnHeader(1) {BDD1F052-858B-11D1-B16A-00C0F0283628}
Object.Width = 2540
EndProperty
End
Begin VB.ListBox List1
BeginProperty Font
Name = "Courier"
Size = 9.75
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
Height = 840
Left = 120
TabIndex = 1
Top = 600
Width = 10095
End
Begin VB.TextBox Text1
BeginProperty Font
Name = "Courier"
Size = 9.75
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
Height = 3375
Left = 120
MultiLine = -1 'True
ScrollBars = 3 'Both
TabIndex = 0
Text = "Form1.frx":0000
Top = 3840
Width = 10095
End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
'Capstone Disassembly Engine bindings for VB6
'Contributed by FireEye FLARE Team
'Author: David Zimmer <david.zimmer@fireeye.com>, <dzzie@yahoo.com>
'License: Apache
'Copyright: FireEye 2017
Dim cap As CDisassembler
Dim lastSample As Long
Private Sub Command1_Click(index As Integer)
Dim code() As Byte, arch As cs_arch, mode As cs_mode
lastSample = index
Const x86_code32 As String = "\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00\x8d\x87\x89\x67\x00\x00\xb4\xc6"
Const X86_CODE16 As String = "\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00\x8d\x87\x89\x67\x00\x00\xb4\xc6"
Const X86_CODE64 As String = "\x55\x48\x8b\x05\xb8\x13\x00\x00"
Const ARM_CODE As String = "\xED\xFF\xFF\xEB\x04\xe0\x2d\xe5\x00\x00\x00\x00\xe0\x83\x22\xe5\xf1\x02\x03\x0e\x00\x00\xa0\xe3\x02\x30\xc1\xe7\x00\x00\x53\xe3\x00\x02\x01\xf1\x05\x40\xd0\xe8\xf4\x80\x00\x00"
Const ARM64_CODE As String = "\x09\x00\x38\xd5\xbf\x40\x00\xd5\x0c\x05\x13\xd5\x20\x50\x02\x0e\x20\xe4\x3d\x0f\x00\x18\xa0\x5f\xa2\x00\xae\x9e\x9f\x37\x03\xd5\xbf\x33\x03\xd5\xdf\x3f\x03\xd5\x21\x7c\x02\x9b\x21\x7c\x00\x53\x00\x40\x21\x4b\xe1\x0b\x40\xb9\x20\x04\x81\xda\x20\x08\x02\x8b\x10\x5b\xe8\x3c"
Select Case index
Case 0:
arch = CS_ARCH_X86
mode = CS_MODE_16
code = toBytes(X86_CODE16)
Case 1:
arch = CS_ARCH_X86
mode = CS_MODE_32
code = toBytes(x86_code32)
Case 2:
arch = CS_ARCH_X86
mode = CS_MODE_64
code = toBytes(X86_CODE64)
Case 3:
arch = CS_ARCH_ARM
mode = CS_MODE_ARM
code = toBytes(ARM_CODE)
Case 4:
arch = CS_ARCH_ARM64
mode = CS_MODE_ARM
code = toBytes(ARM64_CODE)
End Select
test code, arch, mode
End Sub
Private Sub test(code() As Byte, arch As cs_arch, mode As cs_mode)
Dim ret As Collection
Dim ci As CInstruction
Dim li As ListItem
clearForm
If Not cap Is Nothing Then Set cap = Nothing
Set cap = New CDisassembler
If Not cap.init(arch, mode, True) Then
List1.AddItem "Failed to init engine: " & cap.errMsg
Exit Sub
End If
List1.AddItem "Capstone loaded @ 0x" & Hex(cap.hLib)
List1.AddItem "hEngine: 0x" & Hex(cap.hCapstone)
List1.AddItem "Version: " & cap.version
If cap.vMajor < 3 Then
List1.AddItem "Sample requires Capstone v3+"
Exit Sub
End If
Set ret = cap.disasm(&H1000, code)
For Each ci In ret
Set li = lv.ListItems.Add(, , ci.text)
Set li.Tag = ci
Next
End Sub
Private Sub Command2_Click()
Dim fName() As String
Dim fPath As String
Dim t() As String
Dim li As ListItem
Dim ci As CInstruction
On Error Resume Next
If lastSample = -1 Then
MsgBox "Run a test first..."
Exit Sub
End If
fName = Split("16b,32b,64b,Arm,Arm64", ",")
fPath = App.path & "\vb" & fName(lastSample) & "Test.txt"
If FileExists(fPath) Then Kill fPath
For Each li In lv.ListItems
push t, li.text
Set ci = li.Tag
push t, ci.toString()
push t, String(60, "-")
Next
WriteFile fPath, Join(t, vbCrLf)
MsgBox FileLen(fPath) & " bytes saved to: " & vbCrLf & vbCrLf & fPath
End Sub
Private Sub lv_ItemClick(ByVal Item As MSComctlLib.ListItem)
Dim ci As CInstruction
Set ci = Item.Tag
Text1 = ci.toString()
End Sub
Function clearForm()
List1.Clear
lv.ListItems.Clear
Text1 = Empty
End Function
Private Sub Form_Load()
lv.ColumnHeaders(1).Width = lv.Width
clearForm
lastSample = -1
End Sub
Reference in New Issue View Git Blame Copy Permalink