1*9a0e4156SSadaf EbrahimiAttribute VB_Name = "mCapStone" 2*9a0e4156SSadaf EbrahimiOption Explicit 3*9a0e4156SSadaf Ebrahimi 4*9a0e4156SSadaf Ebrahimi'Capstone Disassembly Engine bindings for VB6 5*9a0e4156SSadaf Ebrahimi'Contributed by FireEye FLARE Team 6*9a0e4156SSadaf Ebrahimi'Author: David Zimmer <[email protected]>, <[email protected]> 7*9a0e4156SSadaf Ebrahimi'License: Apache 8*9a0e4156SSadaf Ebrahimi'Copyright: FireEye 2017 9*9a0e4156SSadaf Ebrahimi 10*9a0e4156SSadaf Ebrahimi'todo: cs_disasm_iter / skipdata 11*9a0e4156SSadaf Ebrahimi 12*9a0e4156SSadaf Ebrahimi'this is for my vb code and how much info it spits out in tostring methods.. 13*9a0e4156SSadaf EbrahimiGlobal Const DEBUG_DUMP = 0 14*9a0e4156SSadaf Ebrahimi 15*9a0e4156SSadaf Ebrahimi'Architecture type 16*9a0e4156SSadaf EbrahimiPublic Enum cs_arch 17*9a0e4156SSadaf Ebrahimi CS_ARCH_ARM = 0 ' ARM architecture (including Thumb, Thumb-2) 18*9a0e4156SSadaf Ebrahimi CS_ARCH_ARM64 ' ARM-64, also called AArch64 19*9a0e4156SSadaf Ebrahimi CS_ARCH_MIPS ' Mips architecture 20*9a0e4156SSadaf Ebrahimi CS_ARCH_X86 ' X86 architecture (including x86 & x86-64) 21*9a0e4156SSadaf Ebrahimi CS_ARCH_PPC ' PowerPC architecture 22*9a0e4156SSadaf Ebrahimi CS_ARCH_SPARC ' Sparc architecture 23*9a0e4156SSadaf Ebrahimi CS_ARCH_SYSZ ' SystemZ architecture 24*9a0e4156SSadaf Ebrahimi CS_ARCH_XCORE ' XCore architecture 25*9a0e4156SSadaf Ebrahimi CS_ARCH_MAX 26*9a0e4156SSadaf Ebrahimi CS_ARCH_ALL = &HFFFF ' All architectures - for cs_support() 27*9a0e4156SSadaf EbrahimiEnd Enum 28*9a0e4156SSadaf Ebrahimi 29*9a0e4156SSadaf EbrahimiPublic Enum cs_mode 30*9a0e4156SSadaf Ebrahimi CS_MODE_LITTLE_ENDIAN = 0 ' little-endian mode (default mode) 31*9a0e4156SSadaf Ebrahimi CS_MODE_ARM = 0 ' 32-bit ARM 32*9a0e4156SSadaf Ebrahimi CS_MODE_16 = 2 ' 16-bit mode (X86) 33*9a0e4156SSadaf Ebrahimi CS_MODE_32 = 4 ' 32-bit mode (X86) 34*9a0e4156SSadaf Ebrahimi CS_MODE_64 = 8 ' 64-bit mode (X86, PPC) 35*9a0e4156SSadaf Ebrahimi CS_MODE_THUMB = 16 ' ARM's Thumb mode, including Thumb-2 36*9a0e4156SSadaf Ebrahimi CS_MODE_MCLASS = 32 ' ARM's Cortex-M series 37*9a0e4156SSadaf Ebrahimi CS_MODE_V8 = 64 ' ARMv8 A32 encodings for ARM 38*9a0e4156SSadaf Ebrahimi CS_MODE_MICRO = 16 ' MicroMips mode (MIPS) 39*9a0e4156SSadaf Ebrahimi CS_MODE_MIPS3 = 32 ' Mips III ISA 40*9a0e4156SSadaf Ebrahimi CS_MODE_MIPS32R6 = 64 ' Mips32r6 ISA 41*9a0e4156SSadaf Ebrahimi CS_MODE_MIPSGP64 = 128 ' General Purpose Registers are 64-bit wide (MIPS) 42*9a0e4156SSadaf Ebrahimi CS_MODE_V9 = 16 ' SparcV9 mode (Sparc) 43*9a0e4156SSadaf Ebrahimi CS_MODE_BIG_ENDIAN = &H80000000 ' big-endian mode 44*9a0e4156SSadaf Ebrahimi CS_MODE_MIPS32 = CS_MODE_32 ' Mips32 ISA (Mips) 45*9a0e4156SSadaf Ebrahimi CS_MODE_MIPS64 = CS_MODE_64 ' Mips64 ISA (Mips) 46*9a0e4156SSadaf EbrahimiEnd Enum 47*9a0e4156SSadaf Ebrahimi 48*9a0e4156SSadaf Ebrahimi'Runtime option for the disassembled engine 49*9a0e4156SSadaf EbrahimiPublic Enum cs_opt_type 50*9a0e4156SSadaf Ebrahimi CS_OPT_SYNTAX = 1 ' Assembly output syntax 51*9a0e4156SSadaf Ebrahimi CS_OPT_DETAIL ' Break down instruction structure into details 52*9a0e4156SSadaf Ebrahimi CS_OPT_MODE ' Change engine's mode at run-time 53*9a0e4156SSadaf Ebrahimi CS_OPT_MEM ' User-defined dynamic memory related functions 54*9a0e4156SSadaf Ebrahimi CS_OPT_SKIPDATA ' Skip data when disassembling. Then engine is in SKIPDATA mode. 55*9a0e4156SSadaf Ebrahimi CS_OPT_SKIPDATA_SETUP ' Setup user-defined function for SKIPDATA option 56*9a0e4156SSadaf EbrahimiEnd Enum 57*9a0e4156SSadaf Ebrahimi 58*9a0e4156SSadaf Ebrahimi 59*9a0e4156SSadaf Ebrahimi'Runtime option value (associated with option type above) 60*9a0e4156SSadaf EbrahimiPublic Enum cs_opt_value 61*9a0e4156SSadaf Ebrahimi CS_OPT_OFF = 0 ' Turn OFF an option - default option of CS_OPT_DETAIL, CS_OPT_SKIPDATA. 62*9a0e4156SSadaf Ebrahimi CS_OPT_ON = 3 ' Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA). 63*9a0e4156SSadaf Ebrahimi CS_OPT_SYNTAX_DEFAULT = 0 ' Default asm syntax (CS_OPT_SYNTAX). 64*9a0e4156SSadaf Ebrahimi CS_OPT_SYNTAX_INTEL ' X86 Intel asm syntax - default on X86 (CS_OPT_SYNTAX). 65*9a0e4156SSadaf Ebrahimi CS_OPT_SYNTAX_ATT ' X86 ATT asm syntax (CS_OPT_SYNTAX). 66*9a0e4156SSadaf Ebrahimi CS_OPT_SYNTAX_NOREGNAME ' Prints register name with only number (CS_OPT_SYNTAX) 67*9a0e4156SSadaf EbrahimiEnd Enum 68*9a0e4156SSadaf Ebrahimi 69*9a0e4156SSadaf Ebrahimi'Common instruction operand types - to be consistent across all architectures. 70*9a0e4156SSadaf EbrahimiPublic Enum cs_op_type 71*9a0e4156SSadaf Ebrahimi CS_OP_INVALID = 0 ' uninitialized/invalid operand. 72*9a0e4156SSadaf Ebrahimi CS_OP_REG ' Register operand. 73*9a0e4156SSadaf Ebrahimi CS_OP_IMM ' Immediate operand. 74*9a0e4156SSadaf Ebrahimi CS_OP_MEM ' Memory operand. 75*9a0e4156SSadaf Ebrahimi CS_OP_FP ' Floating-Point operand. 76*9a0e4156SSadaf EbrahimiEnd Enum 77*9a0e4156SSadaf Ebrahimi 78*9a0e4156SSadaf Ebrahimi'Common instruction groups - to be consistent across all architectures. 79*9a0e4156SSadaf EbrahimiPublic Enum cs_group_type 80*9a0e4156SSadaf Ebrahimi CS_GRP_INVALID = 0 ' uninitialized/invalid group. 81*9a0e4156SSadaf Ebrahimi CS_GRP_JUMP ' all jump instructions (conditional+direct+indirect jumps) 82*9a0e4156SSadaf Ebrahimi CS_GRP_CALL ' all call instructions 83*9a0e4156SSadaf Ebrahimi CS_GRP_RET ' all return instructions 84*9a0e4156SSadaf Ebrahimi CS_GRP_INT ' all interrupt instructions (int+syscall) 85*9a0e4156SSadaf Ebrahimi CS_GRP_IRET ' all interrupt return instructions 86*9a0e4156SSadaf EbrahimiEnd Enum 87*9a0e4156SSadaf Ebrahimi 88*9a0e4156SSadaf Ebrahimi 89*9a0e4156SSadaf Ebrahimi'NOTE: All information in cs_detail is only available when CS_OPT_DETAIL = CS_OPT_ON 90*9a0e4156SSadaf EbrahimiPublic Type cs_detail 91*9a0e4156SSadaf Ebrahimi regs_read(0 To 15) As Byte ' list of implicit registers read by this insn UNSIGNED 92*9a0e4156SSadaf Ebrahimi regs_read_count As Byte ' number of implicit registers read by this insn UNSIGNED 93*9a0e4156SSadaf Ebrahimi regs_write(0 To 19) As Byte ' list of implicit registers modified by this insn UNSIGNED 94*9a0e4156SSadaf Ebrahimi regs_write_count As Byte ' number of implicit registers modified by this insn UNSIGNED 95*9a0e4156SSadaf Ebrahimi groups(0 To 7) As Byte ' list of group this instruction belong to UNSIGNED 96*9a0e4156SSadaf Ebrahimi groups_count As Byte ' number of groups this insn belongs to UNSIGNED 97*9a0e4156SSadaf EbrahimiEnd Type 98*9a0e4156SSadaf Ebrahimi 99*9a0e4156SSadaf Ebrahimi'typedef struct cs_detail { 100*9a0e4156SSadaf Ebrahimi' uint8_t regs_read[16]; // list of implicit registers read by this insn 101*9a0e4156SSadaf Ebrahimi' uint8_t regs_read_count; // number of implicit registers read by this insn 102*9a0e4156SSadaf Ebrahimi' 103*9a0e4156SSadaf Ebrahimi' uint8_t regs_write[20]; // list of implicit registers modified by this insn 104*9a0e4156SSadaf Ebrahimi' uint8_t regs_write_count; // number of implicit registers modified by this insn 105*9a0e4156SSadaf Ebrahimi' 106*9a0e4156SSadaf Ebrahimi' uint8_t groups[8]; // list of group this instruction belong to 107*9a0e4156SSadaf Ebrahimi' uint8_t groups_count; // number of groups this insn belongs to 108*9a0e4156SSadaf Ebrahimi' 109*9a0e4156SSadaf Ebrahimi' // Architecture-specific instruction info 110*9a0e4156SSadaf Ebrahimi' union { 111*9a0e4156SSadaf Ebrahimi' cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode 112*9a0e4156SSadaf Ebrahimi' cs_arm64 arm64; // ARM64 architecture (aka AArch64) 113*9a0e4156SSadaf Ebrahimi' cs_arm arm; // ARM architecture (including Thumb/Thumb2) 114*9a0e4156SSadaf Ebrahimi' cs_mips mips; // MIPS architecture 115*9a0e4156SSadaf Ebrahimi' cs_ppc ppc; // PowerPC architecture 116*9a0e4156SSadaf Ebrahimi' cs_sparc sparc; // Sparc architecture 117*9a0e4156SSadaf Ebrahimi' cs_sysz sysz; // SystemZ architecture 118*9a0e4156SSadaf Ebrahimi' cs_xcore xcore; // XCore architecture 119*9a0e4156SSadaf Ebrahimi' }; 120*9a0e4156SSadaf Ebrahimi'} cs_detail; 121*9a0e4156SSadaf Ebrahimi 122*9a0e4156SSadaf Ebrahimi'Detail information of disassembled instruction 123*9a0e4156SSadaf EbrahimiPublic Type cs_insn 124*9a0e4156SSadaf Ebrahimi ' Instruction ID (basically a numeric ID for the instruction mnemonic) 125*9a0e4156SSadaf Ebrahimi ' Find the instruction id in the '[ARCH]_insn' enum in the header file 126*9a0e4156SSadaf Ebrahimi ' of corresponding architecture, such as 'arm_insn' in arm.h for ARM, 127*9a0e4156SSadaf Ebrahimi ' 'x86_insn' in x86.h for X86, etc... 128*9a0e4156SSadaf Ebrahimi ' available even when CS_OPT_DETAIL = CS_OPT_OFF 129*9a0e4156SSadaf Ebrahimi ' NOTE: in Skipdata mode, "data" instruction has 0 for this id field. UNSIGNED 130*9a0e4156SSadaf Ebrahimi ID As Long ' 131*9a0e4156SSadaf Ebrahimi align As Long 'not sure why it needs this..but it does.. 132*9a0e4156SSadaf Ebrahimi address As Currency ' Address (EIP) of this instruction available even when CS_OPT_DETAIL = CS_OPT_OFF UNSIGNED 133*9a0e4156SSadaf Ebrahimi size As Integer ' Size of this instruction available even when CS_OPT_DETAIL = CS_OPT_OFF UNSIGNED 134*9a0e4156SSadaf Ebrahimi bytes(0 To 23) As Byte ' Machine bytes of this instruction, with number of bytes indicated by @size above available even when CS_OPT_DETAIL = CS_OPT_OFF 135*9a0e4156SSadaf Ebrahimi mnemonic(0 To 31) As Byte ' Ascii text of instruction mnemonic available even when CS_OPT_DETAIL = CS_OPT_OFF 136*9a0e4156SSadaf Ebrahimi op_str(0 To 159) As Byte ' Ascii text of instruction operands available even when CS_OPT_DETAIL = CS_OPT_OFF 137*9a0e4156SSadaf Ebrahimi 138*9a0e4156SSadaf Ebrahimi ' Pointer to cs_detail. 139*9a0e4156SSadaf Ebrahimi ' NOTE: detail pointer is only valid when both requirements below are met: 140*9a0e4156SSadaf Ebrahimi ' (1) CS_OP_DETAIL = CS_OPT_ON 141*9a0e4156SSadaf Ebrahimi ' (2) Engine is not in Skipdata mode (CS_OP_SKIPDATA option set to CS_OPT_ON) 142*9a0e4156SSadaf Ebrahimi ' NOTE 2: when in Skipdata mode, or when detail mode is OFF, even if this pointer 143*9a0e4156SSadaf Ebrahimi ' is not NULL, its content is still irrelevant. 144*9a0e4156SSadaf Ebrahimi lpDetail As Long ' points to a cs_detail structure NOTE: only available when CS_OPT_DETAIL = CS_OPT_ON 145*9a0e4156SSadaf Ebrahimi 146*9a0e4156SSadaf EbrahimiEnd Type 147*9a0e4156SSadaf Ebrahimi 148*9a0e4156SSadaf Ebrahimi'All type of errors encountered by Capstone API. 149*9a0e4156SSadaf Ebrahimi'These are values returned by cs_errno() 150*9a0e4156SSadaf EbrahimiPublic Enum cs_err 151*9a0e4156SSadaf Ebrahimi CS_ERR_OK = 0 ' No error: everything was fine 152*9a0e4156SSadaf Ebrahimi CS_ERR_MEM ' Out-Of-Memory error: cs_open(), cs_disasm(), cs_disasm_iter() 153*9a0e4156SSadaf Ebrahimi CS_ERR_ARCH ' Unsupported architecture: cs_open() 154*9a0e4156SSadaf Ebrahimi CS_ERR_HANDLE ' Invalid handle: cs_op_count(), cs_op_index() 155*9a0e4156SSadaf Ebrahimi CS_ERR_CSH ' Invalid csh argument: cs_close(), cs_errno(), cs_option() 156*9a0e4156SSadaf Ebrahimi CS_ERR_MODE ' Invalid/unsupported mode: cs_open() 157*9a0e4156SSadaf Ebrahimi CS_ERR_OPTION ' Invalid/unsupported option: cs_option() 158*9a0e4156SSadaf Ebrahimi CS_ERR_DETAIL ' Information is unavailable because detail option is OFF 159*9a0e4156SSadaf Ebrahimi CS_ERR_MEMSETUP ' Dynamic memory management uninitialized (see CS_OPT_MEM) 160*9a0e4156SSadaf Ebrahimi CS_ERR_VERSION ' Unsupported version (bindings) 161*9a0e4156SSadaf Ebrahimi CS_ERR_DIET ' Access irrelevant data in "diet" engine 162*9a0e4156SSadaf Ebrahimi CS_ERR_SKIPDATA ' Access irrelevant data for "data" instruction in SKIPDATA mode 163*9a0e4156SSadaf Ebrahimi CS_ERR_X86_ATT ' X86 AT&T syntax is unsupported (opt-out at compile time) 164*9a0e4156SSadaf Ebrahimi CS_ERR_X86_INTEL ' X86 Intel syntax is unsupported (opt-out at compile time) 165*9a0e4156SSadaf EbrahimiEnd Enum 166*9a0e4156SSadaf Ebrahimi 167*9a0e4156SSadaf Ebrahimi 168*9a0e4156SSadaf Ebrahimi'/* 169*9a0e4156SSadaf Ebrahimi' Return combined API version & major and minor version numbers. 170*9a0e4156SSadaf Ebrahimi' 171*9a0e4156SSadaf Ebrahimi' @major: major number of API version 172*9a0e4156SSadaf Ebrahimi' @minor: minor number of API version 173*9a0e4156SSadaf Ebrahimi' 174*9a0e4156SSadaf Ebrahimi' @return hexical number as (major << 8 | minor), which encodes both 175*9a0e4156SSadaf Ebrahimi' major & minor versions. 176*9a0e4156SSadaf Ebrahimi' NOTE: This returned value can be compared with version number made 177*9a0e4156SSadaf Ebrahimi' with macro CS_MAKE_VERSION 178*9a0e4156SSadaf Ebrahimi' 179*9a0e4156SSadaf Ebrahimi' For example, second API version would return 1 in @major, and 1 in @minor 180*9a0e4156SSadaf Ebrahimi' The return value would be 0x0101 181*9a0e4156SSadaf Ebrahimi' 182*9a0e4156SSadaf Ebrahimi' NOTE: if you only care about returned value, but not major and minor values, 183*9a0e4156SSadaf Ebrahimi' set both @major & @minor arguments to NULL. 184*9a0e4156SSadaf Ebrahimi'*/ 185*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 186*9a0e4156SSadaf Ebrahimi'unsigned int cs_version(int *major, int *minor); 187*9a0e4156SSadaf EbrahimiPublic Declare Function cs_version Lib "vbCapstone.dll" Alias "bs_version" (ByRef major As Long, ByRef minor As Long) As Long 188*9a0e4156SSadaf Ebrahimi 189*9a0e4156SSadaf Ebrahimi 190*9a0e4156SSadaf Ebrahimi 191*9a0e4156SSadaf Ebrahimi' 192*9a0e4156SSadaf Ebrahimi'/* 193*9a0e4156SSadaf Ebrahimi' This API can be used to either ask for archs supported by this library, 194*9a0e4156SSadaf Ebrahimi' or check to see if the library was compile with 'diet' option (or called 195*9a0e4156SSadaf Ebrahimi' in 'diet' mode). 196*9a0e4156SSadaf Ebrahimi' 197*9a0e4156SSadaf Ebrahimi' To check if a particular arch is supported by this library, set @query to 198*9a0e4156SSadaf Ebrahimi' arch mode (CS_ARCH_* value). 199*9a0e4156SSadaf Ebrahimi' To verify if this library supports all the archs, use CS_ARCH_ALL. 200*9a0e4156SSadaf Ebrahimi' 201*9a0e4156SSadaf Ebrahimi' To check if this library is in 'diet' mode, set @query to CS_SUPPORT_DIET. 202*9a0e4156SSadaf Ebrahimi' 203*9a0e4156SSadaf Ebrahimi' @return True if this library supports the given arch, or in 'diet' mode. 204*9a0e4156SSadaf Ebrahimi'*/ 205*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 206*9a0e4156SSadaf Ebrahimi'bool cs_support(int query); 207*9a0e4156SSadaf EbrahimiPublic Declare Function cs_support Lib "vbCapstone.dll" Alias "bs_support" (ByVal query As Long) As Long 208*9a0e4156SSadaf Ebrahimi 209*9a0e4156SSadaf Ebrahimi 210*9a0e4156SSadaf Ebrahimi 211*9a0e4156SSadaf Ebrahimi'/* 212*9a0e4156SSadaf Ebrahimi' Initialize CS handle: this must be done before any usage of CS. 213*9a0e4156SSadaf Ebrahimi' 214*9a0e4156SSadaf Ebrahimi' @arch: architecture type (CS_ARCH_*) 215*9a0e4156SSadaf Ebrahimi' @mode: hardware mode. This is combined of CS_MODE_* 216*9a0e4156SSadaf Ebrahimi' @handle: pointer to handle, which will be updated at return time 217*9a0e4156SSadaf Ebrahimi' 218*9a0e4156SSadaf Ebrahimi' @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 219*9a0e4156SSadaf Ebrahimi' for detailed error). 220*9a0e4156SSadaf Ebrahimi'*/ 221*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 222*9a0e4156SSadaf Ebrahimi'cs_err cs_open(cs_arch arch, cs_mode mode, csh *handle); 223*9a0e4156SSadaf EbrahimiPublic Declare Function cs_open Lib "vbCapstone.dll" Alias "bs_open" (ByVal arch As cs_arch, ByVal mode As cs_mode, ByRef hEngine As Long) As cs_err 224*9a0e4156SSadaf Ebrahimi 225*9a0e4156SSadaf Ebrahimi 226*9a0e4156SSadaf Ebrahimi'/* 227*9a0e4156SSadaf Ebrahimi' Close CS handle: MUST do to release the handle when it is not used anymore. 228*9a0e4156SSadaf Ebrahimi' NOTE: this must be only called when there is no longer usage of Capstone, 229*9a0e4156SSadaf Ebrahimi' not even access to cs_insn array. The reason is the this API releases some 230*9a0e4156SSadaf Ebrahimi' cached memory, thus access to any Capstone API after cs_close() might crash 231*9a0e4156SSadaf Ebrahimi' your application. 232*9a0e4156SSadaf Ebrahimi' 233*9a0e4156SSadaf Ebrahimi' In fact,this API invalidate @handle by ZERO out its value (i.e *handle = 0). 234*9a0e4156SSadaf Ebrahimi' 235*9a0e4156SSadaf Ebrahimi' @handle: pointer to a handle returned by cs_open() 236*9a0e4156SSadaf Ebrahimi' 237*9a0e4156SSadaf Ebrahimi' @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 238*9a0e4156SSadaf Ebrahimi' for detailed error). 239*9a0e4156SSadaf Ebrahimi'*/ 240*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 241*9a0e4156SSadaf Ebrahimi'cs_err cs_close(csh *handle); 242*9a0e4156SSadaf EbrahimiPublic Declare Function cs_close Lib "vbCapstone.dll" Alias "bs_close" (ByRef hEngine As Long) As cs_err 243*9a0e4156SSadaf Ebrahimi 244*9a0e4156SSadaf Ebrahimi 245*9a0e4156SSadaf Ebrahimi 246*9a0e4156SSadaf Ebrahimi'/* 247*9a0e4156SSadaf Ebrahimi' Set option for disassembling engine at runtime 248*9a0e4156SSadaf Ebrahimi' 249*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 250*9a0e4156SSadaf Ebrahimi' @type: type of option to be set 251*9a0e4156SSadaf Ebrahimi' @value: option value corresponding with @type 252*9a0e4156SSadaf Ebrahimi' 253*9a0e4156SSadaf Ebrahimi' @return: CS_ERR_OK on success, or other value on failure. 254*9a0e4156SSadaf Ebrahimi' Refer to cs_err enum for detailed error. 255*9a0e4156SSadaf Ebrahimi' 256*9a0e4156SSadaf Ebrahimi' NOTE: in the case of CS_OPT_MEM, handle's value can be anything, 257*9a0e4156SSadaf Ebrahimi' so that cs_option(handle, CS_OPT_MEM, value) can (i.e must) be called 258*9a0e4156SSadaf Ebrahimi' even before cs_open() 259*9a0e4156SSadaf Ebrahimi'*/ 260*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 261*9a0e4156SSadaf Ebrahimi'cs_err cs_option(csh handle, cs_opt_type type, size_t value); 262*9a0e4156SSadaf EbrahimiPublic Declare Function cs_option Lib "vbCapstone.dll" Alias "bs_option" (ByVal hEngine As Long, ByVal typ As cs_opt_type, ByVal size As Long) As cs_err 263*9a0e4156SSadaf Ebrahimi 264*9a0e4156SSadaf Ebrahimi 265*9a0e4156SSadaf Ebrahimi 266*9a0e4156SSadaf Ebrahimi'/* 267*9a0e4156SSadaf Ebrahimi' Report the last error number when some API function fail. 268*9a0e4156SSadaf Ebrahimi' Like glibc's errno, cs_errno might not retain its old value once accessed. 269*9a0e4156SSadaf Ebrahimi' 270*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 271*9a0e4156SSadaf Ebrahimi' 272*9a0e4156SSadaf Ebrahimi' @return: error code of cs_err enum type (CS_ERR_*, see above) 273*9a0e4156SSadaf Ebrahimi'*/ 274*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 275*9a0e4156SSadaf Ebrahimi'cs_err cs_errno(csh handle); 276*9a0e4156SSadaf EbrahimiPublic Declare Function cs_errno Lib "vbCapstone.dll" Alias "bs_errno" (ByVal hEngine As Long) As cs_err 277*9a0e4156SSadaf Ebrahimi 278*9a0e4156SSadaf Ebrahimi' 279*9a0e4156SSadaf Ebrahimi'/* 280*9a0e4156SSadaf Ebrahimi' Return a string describing given error code. 281*9a0e4156SSadaf Ebrahimi' 282*9a0e4156SSadaf Ebrahimi' @code: error code (see CS_ERR_* above) 283*9a0e4156SSadaf Ebrahimi' 284*9a0e4156SSadaf Ebrahimi' @return: returns a pointer to a string that describes the error code 285*9a0e4156SSadaf Ebrahimi' passed in the argument @code 286*9a0e4156SSadaf Ebrahimi'*/ 287*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 288*9a0e4156SSadaf Ebrahimi'const char *cs_strerror(cs_err code); 289*9a0e4156SSadaf EbrahimiPublic Declare Function cs_strerror Lib "vbCapstone.dll" Alias "bs_strerror" (ByVal errCode As cs_err) As Long 290*9a0e4156SSadaf Ebrahimi 291*9a0e4156SSadaf Ebrahimi 292*9a0e4156SSadaf Ebrahimi'/* 293*9a0e4156SSadaf Ebrahimi' Disassemble binary code, given the code buffer, size, address and number 294*9a0e4156SSadaf Ebrahimi' of instructions to be decoded. 295*9a0e4156SSadaf Ebrahimi' This API dynamically allocate memory to contain disassembled instruction. 296*9a0e4156SSadaf Ebrahimi' Resulting instructions will be put into @*insn 297*9a0e4156SSadaf Ebrahimi' 298*9a0e4156SSadaf Ebrahimi' NOTE 1: this API will automatically determine memory needed to contain 299*9a0e4156SSadaf Ebrahimi' output disassembled instructions in @insn. 300*9a0e4156SSadaf Ebrahimi' 301*9a0e4156SSadaf Ebrahimi' NOTE 2: caller must free the allocated memory itself to avoid memory leaking. 302*9a0e4156SSadaf Ebrahimi' 303*9a0e4156SSadaf Ebrahimi' NOTE 3: for system with scarce memory to be dynamically allocated such as 304*9a0e4156SSadaf Ebrahimi' OS kernel or firmware, the API cs_disasm_iter() might be a better choice than 305*9a0e4156SSadaf Ebrahimi' cs_disasm(). The reason is that with cs_disasm(), based on limited available 306*9a0e4156SSadaf Ebrahimi' memory, we have to calculate in advance how many instructions to be disassembled, 307*9a0e4156SSadaf Ebrahimi' which complicates things. This is especially troublesome for the case @count=0, 308*9a0e4156SSadaf Ebrahimi' when cs_disasm() runs uncontrollably (until either end of input buffer, or 309*9a0e4156SSadaf Ebrahimi' when it encounters an invalid instruction). 310*9a0e4156SSadaf Ebrahimi' 311*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 312*9a0e4156SSadaf Ebrahimi' @code: buffer containing raw binary code to be disassembled. 313*9a0e4156SSadaf Ebrahimi' @code_size: size of the above code buffer. 314*9a0e4156SSadaf Ebrahimi' @address: address of the first instruction in given raw code buffer. 315*9a0e4156SSadaf Ebrahimi' @insn: array of instructions filled in by this API. 316*9a0e4156SSadaf Ebrahimi' NOTE: @insn will be allocated by this function, and should be freed 317*9a0e4156SSadaf Ebrahimi' with cs_free() API. 318*9a0e4156SSadaf Ebrahimi' @count: number of instructions to be disassembled, or 0 to get all of them 319*9a0e4156SSadaf Ebrahimi' 320*9a0e4156SSadaf Ebrahimi' @return: the number of successfully disassembled instructions, 321*9a0e4156SSadaf Ebrahimi' or 0 if this function failed to disassemble the given code 322*9a0e4156SSadaf Ebrahimi' 323*9a0e4156SSadaf Ebrahimi' On failure, call cs_errno() for error code. 324*9a0e4156SSadaf Ebrahimi'*/ 325*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 326*9a0e4156SSadaf Ebrahimi'size_t cs_disasm( 327*9a0e4156SSadaf Ebrahimi' csh handle, 328*9a0e4156SSadaf Ebrahimi' const uint8_t *code, 329*9a0e4156SSadaf Ebrahimi' size_t code_size, 330*9a0e4156SSadaf Ebrahimi' uint64_t address, 331*9a0e4156SSadaf Ebrahimi' size_t count, 332*9a0e4156SSadaf Ebrahimi' cs_insn **insn 333*9a0e4156SSadaf Ebrahimi'); 334*9a0e4156SSadaf EbrahimiPublic Declare Function cs_disasm Lib "vbCapstone.dll" Alias "bs_disasm" ( _ 335*9a0e4156SSadaf Ebrahimi ByVal hEngine As Long, _ 336*9a0e4156SSadaf Ebrahimi ByRef code As Byte, _ 337*9a0e4156SSadaf Ebrahimi ByVal size As Long, _ 338*9a0e4156SSadaf Ebrahimi ByVal address As Currency, _ 339*9a0e4156SSadaf Ebrahimi ByVal count As Long, _ 340*9a0e4156SSadaf Ebrahimi ByRef instAryPtr As Long _ 341*9a0e4156SSadaf Ebrahimi) As Long 342*9a0e4156SSadaf Ebrahimi 343*9a0e4156SSadaf Ebrahimi'this proto also lets use byte() to get a dump easily.. 344*9a0e4156SSadaf EbrahimiPublic Declare Sub getInstruction Lib "vbCapstone.dll" (ByVal hInstrAry As Long, ByVal index As Long, ByVal insPtr As Long, ByVal size As Long) 345*9a0e4156SSadaf Ebrahimi 346*9a0e4156SSadaf Ebrahimi 347*9a0e4156SSadaf Ebrahimi'/* 348*9a0e4156SSadaf Ebrahimi' Deprecated function - to be retired in the next version! 349*9a0e4156SSadaf Ebrahimi' Use cs_disasm() instead of cs_disasm_ex() 350*9a0e4156SSadaf Ebrahimi'*/ 351*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 352*9a0e4156SSadaf Ebrahimi'CAPSTONE_DEPRECATED 353*9a0e4156SSadaf Ebrahimi'size_t cs_disasm_ex(csh handle, 354*9a0e4156SSadaf Ebrahimi' const uint8_t *code, size_t code_size, 355*9a0e4156SSadaf Ebrahimi' uint64_t address, 356*9a0e4156SSadaf Ebrahimi' size_t count, 357*9a0e4156SSadaf Ebrahimi' cs_insn **insn); 358*9a0e4156SSadaf Ebrahimi 359*9a0e4156SSadaf Ebrahimi 360*9a0e4156SSadaf Ebrahimi 361*9a0e4156SSadaf Ebrahimi'/* 362*9a0e4156SSadaf Ebrahimi' Free memory allocated by cs_malloc() or cs_disasm() (argument @insn) 363*9a0e4156SSadaf Ebrahimi' 364*9a0e4156SSadaf Ebrahimi' @insn: pointer returned by @insn argument in cs_disasm() or cs_malloc() 365*9a0e4156SSadaf Ebrahimi' @count: number of cs_insn structures returned by cs_disasm(), or 1 366*9a0e4156SSadaf Ebrahimi' to free memory allocated by cs_malloc(). 367*9a0e4156SSadaf Ebrahimi'*/ 368*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 369*9a0e4156SSadaf Ebrahimi'void cs_free(cs_insn *insn, size_t count); 370*9a0e4156SSadaf EbrahimiPublic Declare Sub cs_free Lib "vbCapstone.dll" Alias "bs_free" (ByVal instr As Long, ByVal count As Long) 371*9a0e4156SSadaf Ebrahimi 372*9a0e4156SSadaf Ebrahimi 373*9a0e4156SSadaf Ebrahimi' 374*9a0e4156SSadaf Ebrahimi'/* 375*9a0e4156SSadaf Ebrahimi' Allocate memory for 1 instruction to be used by cs_disasm_iter(). 376*9a0e4156SSadaf Ebrahimi' 377*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 378*9a0e4156SSadaf Ebrahimi' 379*9a0e4156SSadaf Ebrahimi' NOTE: when no longer in use, you can reclaim the memory allocated for 380*9a0e4156SSadaf Ebrahimi' this instruction with cs_free(insn, 1) 381*9a0e4156SSadaf Ebrahimi'*/ 382*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 383*9a0e4156SSadaf Ebrahimi'cs_insn *cs_malloc(csh handle); 384*9a0e4156SSadaf EbrahimiPublic Declare Function cs_malloc Lib "vbCapstone.dll" Alias "bs_malloc" (ByVal handle As Long) As Long 385*9a0e4156SSadaf Ebrahimi 386*9a0e4156SSadaf Ebrahimi 387*9a0e4156SSadaf Ebrahimi 388*9a0e4156SSadaf Ebrahimi'/* 389*9a0e4156SSadaf Ebrahimi' Fast API to disassemble binary code, given the code buffer, size, address 390*9a0e4156SSadaf Ebrahimi' and number of instructions to be decoded. 391*9a0e4156SSadaf Ebrahimi' This API puts the resulting instruction into a given cache in @insn. 392*9a0e4156SSadaf Ebrahimi' See tests/test_iter.c for sample code demonstrating this API. 393*9a0e4156SSadaf Ebrahimi' 394*9a0e4156SSadaf Ebrahimi' NOTE 1: this API will update @code, @size & @address to point to the next 395*9a0e4156SSadaf Ebrahimi' instruction in the input buffer. Therefore, it is convenient to use 396*9a0e4156SSadaf Ebrahimi' cs_disasm_iter() inside a loop to quickly iterate all the instructions. 397*9a0e4156SSadaf Ebrahimi' While decoding one instruction at a time can also be achieved with 398*9a0e4156SSadaf Ebrahimi' cs_disasm(count=1), some benchmarks shown that cs_disasm_iter() can be 30% 399*9a0e4156SSadaf Ebrahimi' faster on random input. 400*9a0e4156SSadaf Ebrahimi' 401*9a0e4156SSadaf Ebrahimi' NOTE 2: the cache in @insn can be created with cs_malloc() API. 402*9a0e4156SSadaf Ebrahimi' 403*9a0e4156SSadaf Ebrahimi' NOTE 3: for system with scarce memory to be dynamically allocated such as 404*9a0e4156SSadaf Ebrahimi' OS kernel or firmware, this API is recommended over cs_disasm(), which 405*9a0e4156SSadaf Ebrahimi' allocates memory based on the number of instructions to be disassembled. 406*9a0e4156SSadaf Ebrahimi' The reason is that with cs_disasm(), based on limited available memory, 407*9a0e4156SSadaf Ebrahimi' we have to calculate in advance how many instructions to be disassembled, 408*9a0e4156SSadaf Ebrahimi' which complicates things. This is especially troublesome for the case 409*9a0e4156SSadaf Ebrahimi' @count=0, when cs_disasm() runs uncontrollably (until either end of input 410*9a0e4156SSadaf Ebrahimi' buffer, or when it encounters an invalid instruction). 411*9a0e4156SSadaf Ebrahimi' 412*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 413*9a0e4156SSadaf Ebrahimi' @code: buffer containing raw binary code to be disassembled 414*9a0e4156SSadaf Ebrahimi' @code_size: size of above code 415*9a0e4156SSadaf Ebrahimi' @address: address of the first insn in given raw code buffer 416*9a0e4156SSadaf Ebrahimi' @insn: pointer to instruction to be filled in by this API. 417*9a0e4156SSadaf Ebrahimi' 418*9a0e4156SSadaf Ebrahimi' @return: true if this API successfully decode 1 instruction, 419*9a0e4156SSadaf Ebrahimi' or false otherwise. 420*9a0e4156SSadaf Ebrahimi' 421*9a0e4156SSadaf Ebrahimi' On failure, call cs_errno() for error code. 422*9a0e4156SSadaf Ebrahimi'*/ 423*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 424*9a0e4156SSadaf Ebrahimi'bool cs_disasm_iter(csh handle, const uint8_t **code, size_t *size, uint64_t *address, cs_insn *insn); 425*9a0e4156SSadaf Ebrahimi 426*9a0e4156SSadaf Ebrahimi 427*9a0e4156SSadaf Ebrahimi 428*9a0e4156SSadaf Ebrahimi'/* 429*9a0e4156SSadaf Ebrahimi' Return friendly name of register in a string. 430*9a0e4156SSadaf Ebrahimi' Find the instruction id from header file of corresponding architecture (arm.h for ARM, 431*9a0e4156SSadaf Ebrahimi' x86.h for X86, ...) 432*9a0e4156SSadaf Ebrahimi' 433*9a0e4156SSadaf Ebrahimi' WARN: when in 'diet' mode, this API is irrelevant because engine does not 434*9a0e4156SSadaf Ebrahimi' store register name. 435*9a0e4156SSadaf Ebrahimi' 436*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 437*9a0e4156SSadaf Ebrahimi' @reg_id: register id 438*9a0e4156SSadaf Ebrahimi' 439*9a0e4156SSadaf Ebrahimi' @return: string name of the register, or NULL if @reg_id is invalid. 440*9a0e4156SSadaf Ebrahimi'*/ 441*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 442*9a0e4156SSadaf Ebrahimi'const char *cs_reg_name(csh handle, unsigned int reg_id); 443*9a0e4156SSadaf EbrahimiPublic Declare Function cs_reg_name Lib "vbCapstone.dll" Alias "bs_reg_name" (ByVal handle As Long, ByVal regID As Long) As Long 444*9a0e4156SSadaf Ebrahimi 445*9a0e4156SSadaf Ebrahimi 446*9a0e4156SSadaf Ebrahimi 447*9a0e4156SSadaf Ebrahimi 448*9a0e4156SSadaf Ebrahimi'/* 449*9a0e4156SSadaf Ebrahimi' Return friendly name of an instruction in a string. 450*9a0e4156SSadaf Ebrahimi' Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 451*9a0e4156SSadaf Ebrahimi' 452*9a0e4156SSadaf Ebrahimi' WARN: when in 'diet' mode, this API is irrelevant because the engine does not 453*9a0e4156SSadaf Ebrahimi' store instruction name. 454*9a0e4156SSadaf Ebrahimi' 455*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 456*9a0e4156SSadaf Ebrahimi' @insn_id: instruction id 457*9a0e4156SSadaf Ebrahimi' 458*9a0e4156SSadaf Ebrahimi' @return: string name of the instruction, or NULL if @insn_id is invalid. 459*9a0e4156SSadaf Ebrahimi'*/ 460*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 461*9a0e4156SSadaf Ebrahimi'const char *cs_insn_name(csh handle, unsigned int insn_id); 462*9a0e4156SSadaf EbrahimiPublic Declare Function cs_insn_name Lib "vbCapstone.dll" Alias "bs_insn_name" (ByVal handle As Long, ByVal insn_id As Long) As Long 463*9a0e4156SSadaf Ebrahimi 464*9a0e4156SSadaf Ebrahimi 465*9a0e4156SSadaf Ebrahimi 466*9a0e4156SSadaf Ebrahimi 467*9a0e4156SSadaf Ebrahimi'/* 468*9a0e4156SSadaf Ebrahimi' Return friendly name of a group id (that an instruction can belong to) 469*9a0e4156SSadaf Ebrahimi' Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 470*9a0e4156SSadaf Ebrahimi' 471*9a0e4156SSadaf Ebrahimi' WARN: when in 'diet' mode, this API is irrelevant because the engine does not 472*9a0e4156SSadaf Ebrahimi' store group name. 473*9a0e4156SSadaf Ebrahimi' 474*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 475*9a0e4156SSadaf Ebrahimi' @group_id: group id 476*9a0e4156SSadaf Ebrahimi' 477*9a0e4156SSadaf Ebrahimi' @return: string name of the group, or NULL if @group_id is invalid. 478*9a0e4156SSadaf Ebrahimi'*/ 479*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 480*9a0e4156SSadaf Ebrahimi'const char *cs_group_name(csh handle, unsigned int group_id); 481*9a0e4156SSadaf EbrahimiPublic Declare Function cs_group_name Lib "vbCapstone.dll" Alias "bs_group_name" (ByVal handle As Long, ByVal group_id As Long) As Long 482*9a0e4156SSadaf Ebrahimi 483*9a0e4156SSadaf Ebrahimi 484*9a0e4156SSadaf Ebrahimi 485*9a0e4156SSadaf Ebrahimi'/* 486*9a0e4156SSadaf Ebrahimi' Check if a disassembled instruction belong to a particular group. 487*9a0e4156SSadaf Ebrahimi' Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 488*9a0e4156SSadaf Ebrahimi' Internally, this simply verifies if @group_id matches any member of insn->groups array. 489*9a0e4156SSadaf Ebrahimi' 490*9a0e4156SSadaf Ebrahimi' NOTE: this API is only valid when detail option is ON (which is OFF by default). 491*9a0e4156SSadaf Ebrahimi' 492*9a0e4156SSadaf Ebrahimi' WARN: when in 'diet' mode, this API is irrelevant because the engine does not 493*9a0e4156SSadaf Ebrahimi' update @groups array. 494*9a0e4156SSadaf Ebrahimi' 495*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 496*9a0e4156SSadaf Ebrahimi' @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 497*9a0e4156SSadaf Ebrahimi' @group_id: group that you want to check if this instruction belong to. 498*9a0e4156SSadaf Ebrahimi' 499*9a0e4156SSadaf Ebrahimi' @return: true if this instruction indeed belongs to the given group, or false otherwise. 500*9a0e4156SSadaf Ebrahimi'*/ 501*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 502*9a0e4156SSadaf Ebrahimi'bool cs_insn_group(csh handle, const cs_insn *insn, unsigned int group_id); 503*9a0e4156SSadaf EbrahimiPublic Declare Function cs_insn_group Lib "vbCapstone.dll" Alias "bs_insn_group" (ByVal handle As Long, ByVal instruction As Long, ByVal group_id As Long) As Long 504*9a0e4156SSadaf Ebrahimi 505*9a0e4156SSadaf Ebrahimi 506*9a0e4156SSadaf Ebrahimi 507*9a0e4156SSadaf Ebrahimi'/* 508*9a0e4156SSadaf Ebrahimi' Check if a disassembled instruction IMPLICITLY used a particular register. 509*9a0e4156SSadaf Ebrahimi' Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 510*9a0e4156SSadaf Ebrahimi' Internally, this simply verifies if @reg_id matches any member of insn->regs_read array. 511*9a0e4156SSadaf Ebrahimi' 512*9a0e4156SSadaf Ebrahimi' NOTE: this API is only valid when detail option is ON (which is OFF by default) 513*9a0e4156SSadaf Ebrahimi' 514*9a0e4156SSadaf Ebrahimi' WARN: when in 'diet' mode, this API is irrelevant because the engine does not 515*9a0e4156SSadaf Ebrahimi' update @regs_read array. 516*9a0e4156SSadaf Ebrahimi' 517*9a0e4156SSadaf Ebrahimi' @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 518*9a0e4156SSadaf Ebrahimi' @reg_id: register that you want to check if this instruction used it. 519*9a0e4156SSadaf Ebrahimi' 520*9a0e4156SSadaf Ebrahimi' @return: true if this instruction indeed implicitly used the given register, or false otherwise. 521*9a0e4156SSadaf Ebrahimi'*/ 522*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 523*9a0e4156SSadaf Ebrahimi'bool cs_reg_read(csh handle, const cs_insn *insn, unsigned int reg_id); 524*9a0e4156SSadaf EbrahimiPublic Declare Function cs_reg_read Lib "vbCapstone.dll" Alias "bs_reg_read" (ByVal handle As Long, ByVal instruction As Long, ByVal reg_id As Long) As Long 525*9a0e4156SSadaf Ebrahimi 526*9a0e4156SSadaf Ebrahimi 527*9a0e4156SSadaf Ebrahimi 528*9a0e4156SSadaf Ebrahimi'/* 529*9a0e4156SSadaf Ebrahimi' Check if a disassembled instruction IMPLICITLY modified a particular register. 530*9a0e4156SSadaf Ebrahimi' Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 531*9a0e4156SSadaf Ebrahimi' Internally, this simply verifies if @reg_id matches any member of insn->regs_write array. 532*9a0e4156SSadaf Ebrahimi' 533*9a0e4156SSadaf Ebrahimi' NOTE: this API is only valid when detail option is ON (which is OFF by default) 534*9a0e4156SSadaf Ebrahimi' 535*9a0e4156SSadaf Ebrahimi' WARN: when in 'diet' mode, this API is irrelevant because the engine does not 536*9a0e4156SSadaf Ebrahimi' update @regs_write array. 537*9a0e4156SSadaf Ebrahimi' 538*9a0e4156SSadaf Ebrahimi' @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 539*9a0e4156SSadaf Ebrahimi' @reg_id: register that you want to check if this instruction modified it. 540*9a0e4156SSadaf Ebrahimi' 541*9a0e4156SSadaf Ebrahimi' @return: true if this instruction indeed implicitly modified the given register, or false otherwise. 542*9a0e4156SSadaf Ebrahimi'*/ 543*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 544*9a0e4156SSadaf Ebrahimi'bool cs_reg_write(csh handle, const cs_insn *insn, unsigned int reg_id); 545*9a0e4156SSadaf EbrahimiPublic Declare Function cs_reg_write Lib "vbCapstone.dll" Alias "bs_reg_write" (ByVal handle As Long, ByVal instruction As Long, ByVal reg_id As Long) As Long 546*9a0e4156SSadaf Ebrahimi 547*9a0e4156SSadaf Ebrahimi 548*9a0e4156SSadaf Ebrahimi 549*9a0e4156SSadaf Ebrahimi'/* 550*9a0e4156SSadaf Ebrahimi' Count the number of operands of a given type. 551*9a0e4156SSadaf Ebrahimi' Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 552*9a0e4156SSadaf Ebrahimi' 553*9a0e4156SSadaf Ebrahimi' NOTE: this API is only valid when detail option is ON (which is OFF by default) 554*9a0e4156SSadaf Ebrahimi' 555*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 556*9a0e4156SSadaf Ebrahimi' @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 557*9a0e4156SSadaf Ebrahimi' @op_type: Operand type to be found. 558*9a0e4156SSadaf Ebrahimi' 559*9a0e4156SSadaf Ebrahimi' @return: number of operands of given type @op_type in instruction @insn, 560*9a0e4156SSadaf Ebrahimi' or -1 on failure. 561*9a0e4156SSadaf Ebrahimi'*/ 562*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 563*9a0e4156SSadaf Ebrahimi'int cs_op_count(csh handle, const cs_insn *insn, unsigned int op_type); 564*9a0e4156SSadaf EbrahimiPublic Declare Function cs_op_count Lib "vbCapstone.dll" Alias "bs_op_count" (ByVal handle As Long, ByVal instruction As Long, ByVal op_type As Long) As Long 565*9a0e4156SSadaf Ebrahimi 566*9a0e4156SSadaf Ebrahimi 567*9a0e4156SSadaf Ebrahimi 568*9a0e4156SSadaf Ebrahimi'/* 569*9a0e4156SSadaf Ebrahimi' Retrieve the position of operand of given type in <arch>.operands[] array. 570*9a0e4156SSadaf Ebrahimi' Later, the operand can be accessed using the returned position. 571*9a0e4156SSadaf Ebrahimi' Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 572*9a0e4156SSadaf Ebrahimi' 573*9a0e4156SSadaf Ebrahimi' NOTE: this API is only valid when detail option is ON (which is OFF by default) 574*9a0e4156SSadaf Ebrahimi' 575*9a0e4156SSadaf Ebrahimi' @handle: handle returned by cs_open() 576*9a0e4156SSadaf Ebrahimi' @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 577*9a0e4156SSadaf Ebrahimi' @op_type: Operand type to be found. 578*9a0e4156SSadaf Ebrahimi' @position: position of the operand to be found. This must be in the range 579*9a0e4156SSadaf Ebrahimi' [1, cs_op_count(handle, insn, op_type)] 580*9a0e4156SSadaf Ebrahimi' 581*9a0e4156SSadaf Ebrahimi' @return: index of operand of given type @op_type in <arch>.operands[] array 582*9a0e4156SSadaf Ebrahimi' in instruction @insn, or -1 on failure. 583*9a0e4156SSadaf Ebrahimi'*/ 584*9a0e4156SSadaf Ebrahimi'CAPSTONE_EXPORT 585*9a0e4156SSadaf Ebrahimi'int cs_op_index(csh handle, const cs_insn *insn, unsigned int op_type, unsigned int position); 586*9a0e4156SSadaf EbrahimiPublic Declare Function cs_op_index Lib "vbCapstone.dll" Alias "bs_op_index" (ByVal handle As Long, ByVal instruction As Long, ByVal op_type As Long, ByVal position As Long) As Long 587*9a0e4156SSadaf Ebrahimi 588*9a0e4156SSadaf Ebrahimi 589*9a0e4156SSadaf Ebrahimi 590*9a0e4156SSadaf EbrahimiPrivate Declare Function lstrcpy Lib "kernel32" Alias "lstrcpyA" (ByVal lpString1 As String, ByVal lpString2 As String) As Long 591*9a0e4156SSadaf EbrahimiPrivate Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As Long) As Long 592*9a0e4156SSadaf Ebrahimi 593*9a0e4156SSadaf EbrahimiFunction cstr2vb(lpStr As Long) As String 594*9a0e4156SSadaf Ebrahimi 595*9a0e4156SSadaf Ebrahimi Dim length As Long 596*9a0e4156SSadaf Ebrahimi Dim buf() As Byte 597*9a0e4156SSadaf Ebrahimi 598*9a0e4156SSadaf Ebrahimi If lpStr = 0 Then Exit Function 599*9a0e4156SSadaf Ebrahimi 600*9a0e4156SSadaf Ebrahimi length = lstrlen(lpStr) 601*9a0e4156SSadaf Ebrahimi If length < 1 Then Exit Function 602*9a0e4156SSadaf Ebrahimi 603*9a0e4156SSadaf Ebrahimi ReDim buf(1 To length) 604*9a0e4156SSadaf Ebrahimi CopyMemory buf(1), ByVal lpStr, length 605*9a0e4156SSadaf Ebrahimi 606*9a0e4156SSadaf Ebrahimi cstr2vb = StrConv(buf, vbUnicode, &H409) 607*9a0e4156SSadaf Ebrahimi 608*9a0e4156SSadaf EbrahimiEnd Function 609*9a0e4156SSadaf Ebrahimi 610*9a0e4156SSadaf EbrahimiFunction err2str(e As cs_err) As String 611*9a0e4156SSadaf Ebrahimi Dim lpStr As Long 612*9a0e4156SSadaf Ebrahimi lpStr = cs_strerror(e) 613*9a0e4156SSadaf Ebrahimi err2str = cstr2vb(lpStr) 614*9a0e4156SSadaf EbrahimiEnd Function 615*9a0e4156SSadaf Ebrahimi 616*9a0e4156SSadaf EbrahimiFunction regName(hEngine As Long, regID As Long) As String 617*9a0e4156SSadaf Ebrahimi Dim lpStr As Long 618*9a0e4156SSadaf Ebrahimi lpStr = cs_reg_name(hEngine, regID) 619*9a0e4156SSadaf Ebrahimi regName = cstr2vb(lpStr) 620*9a0e4156SSadaf Ebrahimi If Len(regName) = 0 Or DEBUG_DUMP Then regName = regName & " (" & Hex(regID) & ")" 621*9a0e4156SSadaf EbrahimiEnd Function 622*9a0e4156SSadaf Ebrahimi 623*9a0e4156SSadaf EbrahimiFunction insnName(hEngine As Long, insnID As Long) As String 624*9a0e4156SSadaf Ebrahimi Dim lpStr As Long 625*9a0e4156SSadaf Ebrahimi lpStr = cs_insn_name(hEngine, insnID) 626*9a0e4156SSadaf Ebrahimi insnName = cstr2vb(lpStr) 627*9a0e4156SSadaf Ebrahimi If Len(insnName) = 0 Or DEBUG_DUMP Then insnName = insnName & " (" & Hex(insnID) & ")" 628*9a0e4156SSadaf EbrahimiEnd Function 629*9a0e4156SSadaf Ebrahimi 630*9a0e4156SSadaf EbrahimiFunction groupName(hEngine As Long, groupID As Long) As String 631*9a0e4156SSadaf Ebrahimi Dim lpStr As Long 632*9a0e4156SSadaf Ebrahimi lpStr = cs_group_name(hEngine, groupID) 633*9a0e4156SSadaf Ebrahimi groupName = cstr2vb(lpStr) 634*9a0e4156SSadaf Ebrahimi If Len(groupName) = 0 Or DEBUG_DUMP Then groupName = groupName & " (" & Hex(groupID) & ")" 635*9a0e4156SSadaf EbrahimiEnd Function 636