1*9a0e4156SSadaf Ebrahimi /*
2*9a0e4156SSadaf Ebrahimi Capstone Disassembly Engine bindings for VB6
3*9a0e4156SSadaf Ebrahimi Contributed by FireEye FLARE Team
4*9a0e4156SSadaf Ebrahimi Author: David Zimmer <[email protected]>, <[email protected]>
5*9a0e4156SSadaf Ebrahimi License: Apache
6*9a0e4156SSadaf Ebrahimi Copyright: FireEye 2017
7*9a0e4156SSadaf Ebrahimi
8*9a0e4156SSadaf Ebrahimi This dll is a small stdcall shim so VB6 can access the capstone API
9*9a0e4156SSadaf Ebrahimi */
10*9a0e4156SSadaf Ebrahimi
11*9a0e4156SSadaf Ebrahimi #include <stdio.h>
12*9a0e4156SSadaf Ebrahimi #include <conio.h>
13*9a0e4156SSadaf Ebrahimi #include <string.h>
14*9a0e4156SSadaf Ebrahimi
15*9a0e4156SSadaf Ebrahimi #include <capstone.h>
16*9a0e4156SSadaf Ebrahimi #pragma comment(lib, "capstone.lib")
17*9a0e4156SSadaf Ebrahimi
18*9a0e4156SSadaf Ebrahimi #define EXPORT comment(linker, "/EXPORT:"__FUNCTION__"="__FUNCDNAME__)
19*9a0e4156SSadaf Ebrahimi
bs_version(int * major,int * minor)20*9a0e4156SSadaf Ebrahimi unsigned int __stdcall bs_version(int *major, int *minor){
21*9a0e4156SSadaf Ebrahimi #pragma EXPORT
22*9a0e4156SSadaf Ebrahimi return cs_version(major,minor);
23*9a0e4156SSadaf Ebrahimi }
24*9a0e4156SSadaf Ebrahimi
bs_support(int query)25*9a0e4156SSadaf Ebrahimi bool __stdcall bs_support(int query){
26*9a0e4156SSadaf Ebrahimi #pragma EXPORT
27*9a0e4156SSadaf Ebrahimi return cs_support(query);
28*9a0e4156SSadaf Ebrahimi }
29*9a0e4156SSadaf Ebrahimi
bs_open(cs_arch arch,cs_mode mode,csh * handle)30*9a0e4156SSadaf Ebrahimi cs_err __stdcall bs_open(cs_arch arch, cs_mode mode, csh *handle){
31*9a0e4156SSadaf Ebrahimi #pragma EXPORT
32*9a0e4156SSadaf Ebrahimi return cs_open(arch, mode, handle);
33*9a0e4156SSadaf Ebrahimi }
34*9a0e4156SSadaf Ebrahimi
bs_close(csh * handle)35*9a0e4156SSadaf Ebrahimi cs_err __stdcall bs_close(csh *handle){
36*9a0e4156SSadaf Ebrahimi #pragma EXPORT
37*9a0e4156SSadaf Ebrahimi return cs_close(handle);
38*9a0e4156SSadaf Ebrahimi }
39*9a0e4156SSadaf Ebrahimi
bs_option(csh handle,cs_opt_type type,size_t value)40*9a0e4156SSadaf Ebrahimi cs_err __stdcall bs_option(csh handle, cs_opt_type type, size_t value){
41*9a0e4156SSadaf Ebrahimi #pragma EXPORT
42*9a0e4156SSadaf Ebrahimi return cs_option(handle, type, value);
43*9a0e4156SSadaf Ebrahimi }
44*9a0e4156SSadaf Ebrahimi
bs_errno(csh handle)45*9a0e4156SSadaf Ebrahimi cs_err __stdcall bs_errno(csh handle){
46*9a0e4156SSadaf Ebrahimi #pragma EXPORT
47*9a0e4156SSadaf Ebrahimi return cs_errno(handle);
48*9a0e4156SSadaf Ebrahimi }
49*9a0e4156SSadaf Ebrahimi
bs_strerror(cs_err code)50*9a0e4156SSadaf Ebrahimi const char* __stdcall bs_strerror(cs_err code){
51*9a0e4156SSadaf Ebrahimi #pragma EXPORT
52*9a0e4156SSadaf Ebrahimi return cs_strerror(code);
53*9a0e4156SSadaf Ebrahimi }
54*9a0e4156SSadaf Ebrahimi
bs_disasm(csh handle,const uint8_t * code,size_t code_size,uint64_t address,size_t count,cs_insn ** insn)55*9a0e4156SSadaf Ebrahimi size_t __stdcall bs_disasm(csh handle, const uint8_t *code, size_t code_size, uint64_t address, size_t count, cs_insn **insn){
56*9a0e4156SSadaf Ebrahimi #pragma EXPORT
57*9a0e4156SSadaf Ebrahimi return cs_disasm(handle, code, code_size, address, count, insn);
58*9a0e4156SSadaf Ebrahimi }
59*9a0e4156SSadaf Ebrahimi
getInstruction(cs_insn * insn,uint32_t index,void * curInst,uint32_t bufSize)60*9a0e4156SSadaf Ebrahimi void __stdcall getInstruction(cs_insn *insn, uint32_t index, void* curInst, uint32_t bufSize){
61*9a0e4156SSadaf Ebrahimi #pragma EXPORT
62*9a0e4156SSadaf Ebrahimi memcpy(curInst, (void*)&insn[index], bufSize); //size lets us get a partial version of whatever we have implemented in the vbstruct...
63*9a0e4156SSadaf Ebrahimi }
64*9a0e4156SSadaf Ebrahimi
bs_reg_name(csh handle,unsigned int reg_id)65*9a0e4156SSadaf Ebrahimi const char* __stdcall bs_reg_name(csh handle, unsigned int reg_id){
66*9a0e4156SSadaf Ebrahimi #pragma EXPORT
67*9a0e4156SSadaf Ebrahimi return cs_reg_name(handle, reg_id);
68*9a0e4156SSadaf Ebrahimi }
69*9a0e4156SSadaf Ebrahimi
bs_free(cs_insn * insn,size_t count)70*9a0e4156SSadaf Ebrahimi void __stdcall bs_free(cs_insn *insn, size_t count){
71*9a0e4156SSadaf Ebrahimi #pragma EXPORT
72*9a0e4156SSadaf Ebrahimi return cs_free(insn, count);
73*9a0e4156SSadaf Ebrahimi }
74*9a0e4156SSadaf Ebrahimi
bs_malloc(csh handle)75*9a0e4156SSadaf Ebrahimi cs_insn* __stdcall bs_malloc(csh handle){
76*9a0e4156SSadaf Ebrahimi #pragma EXPORT
77*9a0e4156SSadaf Ebrahimi return cs_malloc(handle);
78*9a0e4156SSadaf Ebrahimi }
79*9a0e4156SSadaf Ebrahimi
80*9a0e4156SSadaf Ebrahimi
bs_op_index(csh handle,const cs_insn * insn,unsigned int op_type,unsigned int position)81*9a0e4156SSadaf Ebrahimi int __stdcall bs_op_index(csh handle, const cs_insn *insn, unsigned int op_type, unsigned int position){
82*9a0e4156SSadaf Ebrahimi #pragma EXPORT
83*9a0e4156SSadaf Ebrahimi return cs_op_index(handle,insn,op_type,position);
84*9a0e4156SSadaf Ebrahimi }
85*9a0e4156SSadaf Ebrahimi
bs_op_count(csh handle,const cs_insn * insn,unsigned int op_type)86*9a0e4156SSadaf Ebrahimi int __stdcall bs_op_count(csh handle, const cs_insn *insn, unsigned int op_type){
87*9a0e4156SSadaf Ebrahimi #pragma EXPORT
88*9a0e4156SSadaf Ebrahimi return cs_op_count(handle,insn,op_type);
89*9a0e4156SSadaf Ebrahimi }
90*9a0e4156SSadaf Ebrahimi
bs_reg_write(csh handle,const cs_insn * insn,unsigned int reg_id)91*9a0e4156SSadaf Ebrahimi bool __stdcall bs_reg_write(csh handle, const cs_insn *insn, unsigned int reg_id){
92*9a0e4156SSadaf Ebrahimi #pragma EXPORT
93*9a0e4156SSadaf Ebrahimi return cs_reg_write(handle,insn,reg_id);
94*9a0e4156SSadaf Ebrahimi }
95*9a0e4156SSadaf Ebrahimi
bs_reg_read(csh handle,const cs_insn * insn,unsigned int reg_id)96*9a0e4156SSadaf Ebrahimi bool __stdcall bs_reg_read(csh handle, const cs_insn *insn, unsigned int reg_id){
97*9a0e4156SSadaf Ebrahimi #pragma EXPORT
98*9a0e4156SSadaf Ebrahimi return cs_reg_read(handle,insn,reg_id);
99*9a0e4156SSadaf Ebrahimi }
100*9a0e4156SSadaf Ebrahimi
bs_insn_group(csh handle,const cs_insn * insn,unsigned int group_id)101*9a0e4156SSadaf Ebrahimi bool __stdcall bs_insn_group(csh handle, const cs_insn *insn, unsigned int group_id){
102*9a0e4156SSadaf Ebrahimi #pragma EXPORT
103*9a0e4156SSadaf Ebrahimi return cs_insn_group(handle,insn,group_id);
104*9a0e4156SSadaf Ebrahimi }
105*9a0e4156SSadaf Ebrahimi
bcs_group_name(csh handle,unsigned int group_id)106*9a0e4156SSadaf Ebrahimi const char* __stdcall bcs_group_name(csh handle, unsigned int group_id){
107*9a0e4156SSadaf Ebrahimi #pragma EXPORT
108*9a0e4156SSadaf Ebrahimi return cs_group_name(handle,group_id);
109*9a0e4156SSadaf Ebrahimi }
110*9a0e4156SSadaf Ebrahimi
bs_insn_name(csh handle,unsigned int insn_id)111*9a0e4156SSadaf Ebrahimi const char* __stdcall bs_insn_name(csh handle, unsigned int insn_id){
112*9a0e4156SSadaf Ebrahimi #pragma EXPORT
113*9a0e4156SSadaf Ebrahimi return cs_insn_name(handle,insn_id);
114*9a0e4156SSadaf Ebrahimi }
115*9a0e4156SSadaf Ebrahimi
bs_disasm_iter(csh handle,const uint8_t ** code,size_t * size,uint64_t * address,cs_insn * insn)116*9a0e4156SSadaf Ebrahimi bool __stdcall bs_disasm_iter(csh handle, const uint8_t **code, size_t *size, uint64_t *address, cs_insn *insn){
117*9a0e4156SSadaf Ebrahimi #pragma EXPORT
118*9a0e4156SSadaf Ebrahimi return cs_disasm_iter(handle, code, size, address, insn);
119*9a0e4156SSadaf Ebrahimi }
120