diff --git a/bindings/msvc/unicorn.def b/bindings/msvc/unicorn.def index aab59380..c9c6315f 100644 --- a/bindings/msvc/unicorn.def +++ b/bindings/msvc/unicorn.def @@ -21,3 +21,7 @@ uc_mem_map_ptr uc_mem_unmap uc_mem_protect uc_mem_regions +uc_context_alloc +uc_context_restore +uc_context_save +uc_free diff --git a/bindings/msvc/unicorn_dynload.c b/bindings/msvc/unicorn_dynload.c index 19c604fd..fa9c71e8 100644 --- a/bindings/msvc/unicorn_dynload.c +++ b/bindings/msvc/unicorn_dynload.c @@ -80,6 +80,10 @@ typedef uc_err (*uc_mem_map_ptr_t)(uc_engine *uc, uint64_t address, size_t size, typedef uc_err (*uc_mem_unmap_t)(uc_engine *uc, uint64_t address, size_t size); typedef uc_err (*uc_mem_protect_t)(uc_engine *uc, uint64_t address, size_t size, uint32_t perms); typedef uc_err (*uc_mem_regions_t)(uc_engine *uc, uc_mem_region **regions, uint32_t *count); +typedef uc_err (*uc_context_alloc_t)(uc_engine *uc, uc_context **context); +typedef uc_err (*uc_context_save_t)(uc_engine *uc, uc_context *context); +typedef uc_err (*uc_context_restore_t)(uc_engine *uc, uc_context *context); +typedef uc_err (*uc_free_t)(void *mem); static uc_version_t gp_uc_version = NULL; @@ -104,7 +108,10 @@ static uc_mem_map_ptr_t gp_uc_mem_map_ptr = NULL; static uc_mem_unmap_t gp_uc_mem_unmap = NULL; static uc_mem_protect_t gp_uc_mem_protect = NULL; static uc_mem_regions_t gp_uc_mem_regions = NULL; - +static uc_context_alloc_t gp_uc_context_alloc = NULL; +static uc_context_save_t gp_uc_context_save = NULL; +static uc_context_restore_t gp_uc_context_restore = NULL; +static uc_free_t gp_uc_free = NULL; bool uc_dyn_load(const char* path, int flags) { @@ -146,6 +153,14 @@ bool uc_dyn_load(const char* path, int flags) gp_uc_mem_unmap = (uc_mem_unmap_t)DYNLOAD_GETFUNC(g_dyn_handle, "uc_mem_unmap"); gp_uc_mem_protect = (uc_mem_protect_t)DYNLOAD_GETFUNC(g_dyn_handle, "uc_mem_protect"); gp_uc_mem_regions = (uc_mem_regions_t)DYNLOAD_GETFUNC(g_dyn_handle, "uc_mem_regions"); + gp_uc_context_alloc = (uc_context_alloc_t)DYNLOAD_GETFUNC(g_dyn_handle, "uc_context_alloc"); + gp_uc_context_save = (uc_context_save_t)DYNLOAD_GETFUNC(g_dyn_handle, "uc_context_save"); + gp_uc_context_restore = (uc_context_restore_t)DYNLOAD_GETFUNC(g_dyn_handle, "uc_context_restore"); + gp_uc_free = (uc_free_t)DYNLOAD_GETFUNC(g_dyn_handle, "uc_free"); + + //support old compiled dlls + if(gp_uc_free==0) gp_uc_free = (uc_free_t)DYNLOAD_GETFUNC(g_dyn_handle, "uc_context_free"); + return true; } @@ -179,6 +194,11 @@ bool uc_dyn_free(void) gp_uc_mem_unmap = NULL; gp_uc_mem_protect = NULL; gp_uc_mem_regions = NULL; + gp_uc_context_alloc = NULL; + gp_uc_context_save = NULL; + gp_uc_context_restore = NULL; + gp_uc_free = NULL; + return true; } @@ -329,4 +349,23 @@ uc_err uc_mem_regions(uc_engine *uc, uc_mem_region **regions, uint32_t *count) return gp_uc_mem_regions(uc, regions, count); } +uc_err uc_context_alloc(uc_engine *uc, uc_context **context){ + return gp_uc_context_alloc(uc,context); +} + +uc_err uc_context_save(uc_engine *uc, uc_context *context) +{ + return gp_uc_context_save(uc,context); +} + +uc_err uc_context_restore(uc_engine *uc, uc_context *context){ + return gp_uc_context_restore(uc,context); +} + +uc_err uc_free(void *mem){ + return gp_uc_free(mem); +} + + + #endif // DYNLOAD diff --git a/bindings/vb6/.gitattributes b/bindings/vb6/.gitattributes new file mode 100644 index 00000000..8ba1c029 --- /dev/null +++ b/bindings/vb6/.gitattributes @@ -0,0 +1,11 @@ +*.frm eol=crlf +*.bas eol=crlf +*.cls eol=crlf +*.ctl eol=crlf +*.vbp eol=crlf +*.txt eol=crlf +*.cpp eol=crlf +*.tli eol=crlf +*.tlh eol=crlf +*.vcproj eol=crlf +*.sln eol=crlf diff --git a/bindings/vb6/CMemRegion.cls b/bindings/vb6/CMemRegion.cls new file mode 100644 index 00000000..bb2085f5 --- /dev/null +++ b/bindings/vb6/CMemRegion.cls @@ -0,0 +1,50 @@ +VERSION 1.0 CLASS +BEGIN + MultiUse = -1 'True + Persistable = 0 'NotPersistable + DataBindingBehavior = 0 'vbNone + DataSourceBehavior = 0 'vbNone + MTSTransactionMode = 0 'NotAnMTSObject +END +Attribute VB_Name = "CMemRegion" +Attribute VB_GlobalNameSpace = False +Attribute VB_Creatable = True +Attribute VB_PredeclaredId = False +Attribute VB_Exposed = False +'this is for 32bit address space.. +Public address As Long +Public size As Long +Public endsAt As Long +Public perm As Long + +Function toString() As String + toString = "Addr: " & Hex(address) & " Size: " & Hex(size) & " Perm: " & permToString() & " (" & Hex(perm) & ")" +End Function + +'Public Enum uc_prot +' UC_PROT_NONE = 0 +' UC_PROT_READ = 1 +' UC_PROT_WRITE = 2 +' UC_PROT_EXEC = 4 +' UC_PROT_ALL = 7 +'End Enum + +Function permToString() As String + + If perm = 7 Then + permToString = "All" + Exit Function + End If + + If perm = 0 Then + permToString = "None" + Exit Function + End If + + If (perm And 1) = 1 Then permToString = "Read " + If (perm And 2) = 2 Then permToString = permToString & "Write " + If (perm And 4) = 4 Then permToString = permToString & "Exec" + + permToString = Trim(permToString) + +End Function diff --git a/bindings/vb6/Form1.frm b/bindings/vb6/Form1.frm new file mode 100644 index 00000000..d3fa0338 --- /dev/null +++ b/bindings/vb6/Form1.frm @@ -0,0 +1,256 @@ +VERSION 5.00 +Begin VB.Form Form1 + Caption = "Form1" + ClientHeight = 6720 + ClientLeft = 60 + ClientTop = 345 + ClientWidth = 14220 + LinkTopic = "Form1" + ScaleHeight = 6720 + ScaleWidth = 14220 + StartUpPosition = 2 'CenterScreen + Begin VB.CommandButton Command1 + Caption = "Copy" + Height = 465 + Left = 6180 + TabIndex = 1 + Top = 6150 + Width = 1995 + End + Begin VB.ListBox List1 + BeginProperty Font + Name = "Courier New" + Size = 11.25 + Charset = 0 + Weight = 400 + Underline = 0 'False + Italic = 0 'False + Strikethrough = 0 'False + EndProperty + Height = 5925 + Left = 150 + TabIndex = 0 + Top = 120 + Width = 13965 + End +End +Attribute VB_Name = "Form1" +Attribute VB_GlobalNameSpace = False +Attribute VB_Creatable = False +Attribute VB_PredeclaredId = True +Attribute VB_Exposed = False +Option Explicit + +'Contributed by: FireEye FLARE team +'Author: David Zimmer , +'License: Apache + +Public WithEvents uc As ucIntel32 +Attribute uc.VB_VarHelpID = -1 +Dim hContext As Long + + +'test sample ported from: (requires unicorn 1.0 for success) +' https://github.com/unicorn-engine/unicorn/blob/master/tests/unit/test_pc_change.c +' https://github.com/unicorn-engine/unicorn/issues/210 + +Private Sub Form_Load() + + Dim ecx As Long, edx As Long + Dim address As Long, size As Long, endAt As Long + Dim b() As Byte, c As Collection, mem As CMemRegion + + Me.Visible = True + + 'you can set UNICORN_PATH global variable to load a specific dll, do this before initilizing the class + Set uc = New ucIntel32 + + If uc.hadErr Then + List1.AddItem uc.errMsg + Exit Sub + End If + + List1.AddItem "ucvbshim.dll loaded @" & Hex(uc.hLib) + List1.AddItem "Unicorn version: " & uc.Version + List1.AddItem "Disassembler available: " & uc.DisasmAvail + If uc.major < 1 Then List1.AddItem "Change Eip in hook test requires >= v1.x for success" + + List1.AddItem "Unicorn x86 32bit engine handle: " & Hex(uc.uc) + +' ReDim b(8) 'for clarity in what we are testing.. +' b(0) = &H41 ' inc ECX @0x1000000 +' b(1) = &H41 ' inc ECX +' b(2) = &H41 ' inc ECX +' b(3) = &H41 ' inc ECX @0x1000003 +' b(4) = &H41 ' inc ECX +' b(5) = &H41 ' inc ECX +' +' b(6) = &H42 ' inc EDX @0x1000006 +' b(7) = &H42 ' inc EDX + +' #define X86_CODE32_MEM_WRITE "\x89\x0D\xAA\xAA\xAA\xAA\x41\x4a" // mov [0xaaaaaaaa], ecx; INC ecx; DEC edx + + 'we mash up two different test cases, first the change eip in hook test, then an invalid memory access + 'note the format accepted by tobytes() is somewhat forgiving (always use 2char hex vals though) + b() = toBytes("4141414141414242cc\x89\x0D\xAA\xAA\xAA\xAA\x41\x4a") + + ecx = 3 + edx = 15 + address = &H1000000 + size = &H200000 + endAt = address + UBound(b) + 1 + + If Not uc.mapMem(address, size) Then + List1.AddItem "Failed to map in 2mb memory " & uc.errMsg + Exit Sub + End If + + ' write machine code to be emulated to memory + If Not uc.writeMem(address, b()) Then + List1.AddItem "Failed to write code to memory " & uc.errMsg + Exit Sub + End If + + List1.AddItem "starts at: " & uc.disasm(address) + + Dim b2() As Byte + If uc.readMem(address, b2, UBound(b) + 1) Then '+1 because ubound is 0 based.. + List1.AddItem "readMem: " & HexDump(b2, 1) + End If + + uc.reg32(ecx_r) = ecx + uc.reg32(edx_r) = edx + List1.AddItem "start values ECX = " & ecx & " EDX = " & edx + + ' trace all instructions + uc.addHook hc_code, UC_HOOK_CODE + uc.addHook hc_memInvalid, UC_HOOK_MEM_READ_UNMAPPED Or UC_HOOK_MEM_WRITE_UNMAPPED + 'uc.removeHook UC_HOOK_MEM_READ_UNMAPPED Or UC_HOOK_MEM_WRITE_UNMAPPED + uc.addHook hc_int, UC_HOOK_INTR + + List1.AddItem "beginning emulation.." + If Not uc.startEmu(address, endAt) Then List1.AddItem uc.errMsg + + ecx = uc.reg32(ecx_r) + edx = uc.reg8(dl_r) + + List1.AddItem "ECX: 6 =? " & ecx + List1.AddItem "EDX: 17 =? " & edx + List1.AddItem uc.dumpFlags + If ecx <> 6 Then List1.AddItem "failed to change eip in hook!" + + ReDim b(100) 'this will handle mapping and alignment automatically.. + uc.writeBlock &H2001, b(), UC_PROT_READ Or UC_PROT_WRITE + + List1.AddItem "Initilizing sharedMemory with: aabbccddeeff0011223344556677889900" + sharedMemory() = toBytes("aabbccddeeff0011223344556677889900") + ReDim Preserve sharedMemory(&H1000) 'must be 4k bytes aligned... + + If Not uc.mapMemPtr(sharedMemory, &H4000, UBound(sharedMemory)) Then + List1.AddItem "Failed to map in host memory " & uc.errMsg + Else + + Dim bb As Byte, ii As Integer, ll As Long + + If Not uc.writeByte(&H4001, &H41) Then + List1.AddItem "Failed to write byte to shared mem" + Else + List1.AddItem "Wrote 0x41 to sharedMemory + 1" + If uc.readByte(&H4001, bb) Then List1.AddItem "readByte = " & Hex(bb) + End If + + 'uc.writeInt &H4001, &H4142 + 'If uc.readInt(&H4001, ii) Then List1.AddItem Hex(ii) + + 'uc.writeLong &H4001, &H11223344 + 'If uc.readLong(&H4001, ll) Then List1.AddItem Hex(ll) + + Erase b2 + If uc.readMem(&H4000, b2, 20) Then + List1.AddItem "emu read of sharedMemory: " & HexDump(b2, 1) + Else + List1.AddItem "Failed to readMem on sharedMemory " & uc.errMsg + End If + + List1.AddItem "sanity checking host mem: " & HexDump(sharedMemory, 1, , 20) + + End If + + List1.AddItem "Enumerating memory regions..." + + Set c = uc.getMemMap() + + For Each mem In c + List1.AddItem mem.toString() + Next + + If hContext <> 0 Then + List1.AddItem "trying to restore context.." + If Not uc.restoreContext(hContext) Then List1.AddItem uc.errMsg + List1.AddItem uc.regDump() + List1.AddItem "beginning emulation.." + If Not uc.startEmu(uc.eip, endAt) Then List1.AddItem uc.errMsg + List1.AddItem uc.regDump() + List1.AddItem "releasing saved context.." + If Not uc.freeContext(hContext) Then List1.AddItem uc.errMsg + End If + + Set mem = c(2) + If Not uc.changePermissions(mem, UC_PROT_ALL) Then + List1.AddItem "Failed to change permissions on second alloc " & uc.errMsg + Else + List1.AddItem "Changed permissions on second alloc to ALL" + List1.AddItem "redumping memory regions to check..." + Set c = uc.getMemMap() + For Each mem In c + List1.AddItem mem.toString() + Next + End If + + If uc.unMapMem(&H2000) Then + List1.AddItem "Successfully unmapped new alloc" + Else + List1.AddItem "Failed to unmap alloc " & uc.errMsg + End If + + List1.AddItem "Mem allocs count now: " & uc.getMemMap().count + +End Sub + +Private Sub Command1_Click() + Clipboard.Clear + Clipboard.SetText lbCopy(List1) +End Sub + +Private Sub Form_Unload(Cancel As Integer) + 'so IDE doesnt hang onto dll and we can recompile in development testing.. if you hit stop this benefit is lost.. + 'do not use this in your real code, only for c dll development.. + If uc.hLib <> 0 Then FreeLibrary uc.hLib +End Sub + +Private Sub uc_CodeHook(ByVal address As Long, ByVal size As Long) + + List1.AddItem "> " & uc.disasm(address) + + If hContext = 0 And address = &H1000003 Then 'change the PC to "inc EDX" + List1.AddItem "changing eip to skip last inc ecx's and saving context..." + hContext = uc.saveContext() + If hContext = 0 Then List1.AddItem "Failed to save context " & uc.errMsg + uc.eip = &H1000006 + End If + +End Sub + +Private Sub uc_Interrupt(ByVal intno As Long) + List1.AddItem "Interrupt: " & intno +End Sub + +Private Sub uc_InvalidMem(ByVal t As uc_mem_type, ByVal address As Long, ByVal size As Long, ByVal value As Long, continue As Boolean) + 'continue defaults to false so we can ignore it unless we want to continue.. + List1.AddItem "Invalid mem access address: " & Hex(address) & " size: " & Hex(size) & " type: " & memType2str(t) +End Sub + +Private Sub uc_MemAccess(ByVal t As uc_mem_type, ByVal address As Long, ByVal size As Long, ByVal value As Long) + List1.AddItem "mem access: address: " & Hex(address) & " size: " & Hex(size) & " type: " & memType2str(t) +End Sub + diff --git a/bindings/vb6/Project1.vbp b/bindings/vb6/Project1.vbp new file mode 100644 index 00000000..31ab39fe --- /dev/null +++ b/bindings/vb6/Project1.vbp @@ -0,0 +1,42 @@ +Type=Exe +Form=Form1.frm +Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\WINDOWS\system32\stdole2.tlb#OLE Automation +Module=uc_def; uc_def.bas +Module=misc; misc.bas +Class=ucIntel32; ucIntel32.cls +Class=CMemRegion; CMemRegion.cls +IconForm="Form1" +Startup="Form1" +HelpFile="" +ExeName32="vb6Test.exe" +Command32="" +Name="Project1" +HelpContextID="0" +CompatibleMode="0" +MajorVer=1 +MinorVer=0 +RevisionVer=0 +AutoIncrementVer=0 +ServerSupportFiles=0 +VersionCompanyName="sandsprite" +CompilationType=0 +OptimizationType=0 +FavorPentiumPro(tm)=0 +CodeViewDebugInfo=-1 +NoAliasing=0 +BoundsCheck=0 +OverflowCheck=0 +FlPointCheck=0 +FDIVCheck=0 +UnroundedFP=0 +StartMode=0 +Unattended=0 +Retained=0 +ThreadPerObject=0 +MaxNumberOfThreads=1 + +[MS Transaction Server] +AutoRefresh=1 + +[fastBuild] +fullPath=%ap%\vb6Test.exe diff --git a/bindings/vb6/Project1.vbw b/bindings/vb6/Project1.vbw new file mode 100644 index 00000000..f8e0f276 --- /dev/null +++ b/bindings/vb6/Project1.vbw @@ -0,0 +1,5 @@ +Form1 = 39, 35, 1148, 674, , 22, 22, 1090, 631, C +uc_def = 56, 12, 1177, 758, +misc = 44, 44, 1121, 685, +ucIntel32 = 88, 33, 1136, 684, +CMemRegion = 110, 110, 1026, 639, diff --git a/bindings/vb6/README.txt b/bindings/vb6/README.txt new file mode 100644 index 00000000..bb607d78 --- /dev/null +++ b/bindings/vb6/README.txt @@ -0,0 +1,71 @@ + +Unicorn engine bindings for VB6 + +A sample class for the 32bit x86 emulator is provided. + +Contributed by: FireEye FLARE team +Author: David Zimmer , +License: Apache + +' supported api: +' ucs_version +' ucs_arch_supported +' ucs_open +' ucs_close +' uc_reg_write +' uc_reg_read +' uc_mem_write +' UC_MEM_READ +' uc_emu_start +' uc_emu_stop +' ucs_hook_add +' uc_mem_map +' uc_hook_del +' uc_mem_regions +' uc_mem_map_ptr +' uc_context_alloc +' uc_free +' uc_context_save +' uc_context_restore +' uc_mem_unmap +' uc_mem_protect +' uc_strerror +' uc_errno +' +' supported hooks: +' UC_HOOK_CODE +' UC_HOOK_BLOCK +' memory READ/WRITE/FETCH +' invalid memory access +' interrupts +' +' bonus: +' disasm_addr (conditional compile - uses libdasm) +' mem_write_block (map and write data auto handles alignment) +' get_memMap (wrapper for uc_mem_regions) +' + +dependancies: (all in same directory or unicorn package in %windir%) + vb6Test.exe + ucvbshim.dll _ + unicorn.dll - + libgcc_s_dw2-1.dll \ + libiconv-2.dll \__ unicorn package + libintl-8.dll / + libpcre-1.dll / + libwinpthread-1.dll_- + +Notes: + + c dll was built using VS2008 + build notes are included at the top of main.c + this dll serves as a stdcall shim so vb6 can access the cdecl api and receive data from the callbacks. + + huge thanks to the unicorn and qemu authors who took on a gigantic task to create this library! + + + + + + + diff --git a/bindings/vb6/example_output.txt b/bindings/vb6/example_output.txt new file mode 100644 index 00000000..c57c426a --- /dev/null +++ b/bindings/vb6/example_output.txt @@ -0,0 +1,54 @@ +ucvbshim.dll loaded @10000000 +Unicorn version: 1.0 +Disassembler available: True +Unicorn x86 32bit engine handle: 853FD8 +starts at: 01000000 41 inc ecx +readMem: 4141414141414242CC890DAAAAAAAA414A +start values ECX = 3 EDX = 15 +beginning emulation.. +> 01000000 41 inc ecx +> 01000001 41 inc ecx +> 01000002 41 inc ecx +> 01000003 41 inc ecx +changing eip to skip last inc ecx's and saving context... +> 01000006 42 inc edx +> 01000007 42 inc edx +> 01000008 CC int3 +Interrupt: 3 +> 01000009 89 0D AA AA AA AA mov [0xaaaaaaaa],ecx +Invalid mem access address: AAAAAAAA size: 4 type: Unmapped memory is written to +Quit emulation due to WRITE on unmapped memory: uc_emu_start() +ECX: 6 =? 6 +EDX: 17 =? 17 +EFL 4 P +Initilizing sharedMemory with: aabbccddeeff0011223344556677889900 +Wrote 0x41 to sharedMemory + 1 +readByte = 41 +emu read of sharedMemory: AA41CCDDEEFF0011223344556677889900000000 +sanity checking host mem: AA41CCDDEEFF0011223344556677889900000000 +Enumerating memory regions... +Addr: 1000000 Size: 200000 Perm: All (7) +Addr: 2000 Size: 1000 Perm: Read Write (3) +Addr: 4000 Size: 1000 Perm: All (7) +trying to restore context.. +eax=0 ecx=6 edx=F ebx=0 esp=0 ebp=0 esi=0 edi=0 eip=1000003 eflags=0 EFL 0 +beginning emulation.. +> 01000003 41 inc ecx +> 01000004 41 inc ecx +> 01000005 41 inc ecx +> 01000006 42 inc edx +> 01000007 42 inc edx +> 01000008 CC int3 +Interrupt: 3 +> 01000009 89 0D AA AA AA AA mov [0xaaaaaaaa],ecx +Invalid mem access address: AAAAAAAA size: 4 type: Unmapped memory is written to +Quit emulation due to WRITE on unmapped memory: uc_emu_start() +eax=0 ecx=9 edx=11 ebx=0 esp=0 ebp=0 esi=0 edi=0 eip=1000009 eflags=4 EFL 4 P +releasing saved context.. +Changed permissions on second alloc to ALL +redumping memory regions to check... +Addr: 1000000 Size: 200000 Perm: All (7) +Addr: 2000 Size: 1000 Perm: All (7) +Addr: 4000 Size: 1000 Perm: All (7) +Successfully unmapped new alloc +Mem allocs count now: 2 diff --git a/bindings/vb6/main.cpp b/bindings/vb6/main.cpp new file mode 100644 index 00000000..5b92457d --- /dev/null +++ b/bindings/vb6/main.cpp @@ -0,0 +1,464 @@ + +/* + stdcall unicorn engine shim layer for use with VB6 or C# + code ripped from unicorn_dynload.c + + Contributed by: FireEye FLARE team + Author: David Zimmer , + License: Apache + + Disassembler support can be optionally compiled in using: + libdasm (c) 2004 - 2006 jt / nologin.org + + this project has been built with vs2008 + + precompiled binaries with disasm support available here: + https://github.com/dzzie/libs/tree/master/unicorn_emu + +*/ + +#include +#include + +#ifdef _WIN64 +#error vb6 is 32bit only +#endif + +#ifdef DYNLOAD +#include "./../msvc/unicorn_dynload.h" +#else +#include +#pragma comment(lib, "unicorn_staload.lib") +#endif + + +//if you compile with VS2008 you will need to add stdint.h and inttypes.h to your compiler include directory +//you can find examples here: https://github.com/dzzie/VS_LIBEMU/tree/master/libemu/include + +//if you want to include disassembler support: +// 1) install libdasm in your compilers include directory +// 2) add libdasm.h/.c to the project (drag and drop into VS project explorer), +// 3) remove the comment from the define below. +//The vb code detects the changes at runtime. +//#define INCLUDE_DISASM + +#ifdef INCLUDE_DISASM +#include +#endif + + +#include "msvbvm60.tlh" //so we can use the vb6 collection object + +#define EXPORT comment(linker, "/EXPORT:"__FUNCTION__"="__FUNCDNAME__) + + +enum hookCatagory{hc_code = 0, hc_block = 1, hc_inst = 2, hc_int = 3, hc_mem = 4, hc_memInvalid = 5}; + +//tracing UC_HOOK_CODE & UC_HOOK_BLOCK +typedef void (__stdcall *vb_cb_hookcode_t) (uc_engine *uc, uint64_t address, uint32_t size, void *user_data); +vb_cb_hookcode_t vbHookcode = 0; +vb_cb_hookcode_t vbHookBlock = 0; + +//hooking memory UC_MEM_READ/WRITE/FETCH +typedef void (__stdcall *vb_cb_hookmem_t) (uc_engine *uc, uc_mem_type type, uint64_t address, int size,int64_t value, void *user_data); +vb_cb_hookmem_t vbHookMem = 0; + +//invalid memory access UC_MEM_*_UNMAPPED and UC_MEM_*PROT events +typedef bool (__stdcall *vb_cb_eventmem_t) (uc_engine *uc, uc_mem_type type, uint64_t address, int size, int64_t value, void *user_data); +vb_cb_eventmem_t vbInvalidMem = 0; + +//tracing interrupts for uc_hook_intr() +typedef void (__stdcall *vb_cb_hookintr_t) (uc_engine *uc, uint32_t intno, void *user_data); +vb_cb_hookintr_t vbHookInt = 0; + +/* +typedef uint32_t (__stdcall *uc_cb_insn_in_t)(uc_engine *uc, uint32_t port, int size, void *user_data); tracing IN instruction of X86 +typedef void (__stdcall *uc_cb_insn_out_t) (uc_engine *uc, uint32_t port, int size, uint32_t value, void *user_data); tracing OUT instruction of X86 +*/ + +//------------------ [ call back proxies ] ------------------------- +static void c_hook_code(uc_engine *uc, uint64_t address, uint32_t size, void *user_data) +{ + if(vbHookcode==0) return; + vbHookcode(uc,address,size,user_data); +} + +static void c_hook_mem(uc_engine *uc, uc_mem_type type,uint64_t address, int size, int64_t value, void *user_data) +{ + if(vbHookMem==0) return; + vbHookMem(uc,type,address,size,value,user_data); +} + +static bool c_hook_mem_invalid(uc_engine *uc, uc_mem_type type, uint64_t address, int size, int64_t value, void *user_data) +{ + if(vbInvalidMem==0) return false; + return vbInvalidMem(uc,type,address,size,value,user_data); +} + + +static void c_hook_block(uc_engine *uc, uint64_t address, uint32_t size, void *user_data) +{ + if(vbHookBlock==0) return; + vbHookBlock(uc,address,size,user_data); +} + +static void c_hook_intr(uc_engine *uc, uint32_t intno, void *user_data) +{ + if(vbHookInt==0) return; + vbHookInt(uc,intno,user_data); +} + + +/* +static uint32_t hook_in(uc_engine *uc, uint32_t port, int size, void *user_data) +{ +} + +static void hook_out(uc_engine *uc, uint32_t port, int size, uint32_t value, void *user_data) +{ +} +*/ + +//------------------------------------------------------------- + +//uc_err uc_hook_add(uc_engine *uc, uc_hook *hh, int type, void *callback, void *user_data, uint64_t begin, uint64_t end, ...); +//we need to use a C stub cdecl callback then proxy to the stdcall vb one.. +//we could get cute with an asm thunk in vb but not worth complexity there are only a couple of them to support.. +//cdecl callback to vb stdcall callback for tracing +uc_err __stdcall ucs_hook_add(uc_engine *uc, uc_hook *hh, int type, void *callback, void *user_data, uint64_t begin, uint64_t end, int catagory, int instr_id){ +#pragma EXPORT + + if(catagory == hc_code){ + if(vbHookcode == 0){ + if((int)callback==0) return UC_ERR_FETCH_UNMAPPED; + vbHookcode = (vb_cb_hookcode_t)callback; + } + return uc_hook_add(uc,hh,type,c_hook_code,user_data,begin,end); + } + + if(catagory == hc_block){ + if(vbHookBlock == 0){ + if((int)callback==0) return UC_ERR_FETCH_UNMAPPED; + vbHookBlock = (vb_cb_hookcode_t)callback; + } + return uc_hook_add(uc,hh,type,c_hook_block,user_data,begin,end); + } + + if(catagory == hc_mem){ //then it is some combination of memory access hook flags.. + if(vbHookMem == 0){ + if((int)callback==0) return UC_ERR_FETCH_UNMAPPED; + vbHookMem = (vb_cb_hookmem_t)callback; + } + return uc_hook_add(uc,hh,type,c_hook_mem,user_data,begin,end); + } + + if(catagory == hc_memInvalid){ //then it is some combination of invalid memory access hook flags.. + if(vbInvalidMem == 0){ + if((int)callback==0) return UC_ERR_FETCH_UNMAPPED; + vbInvalidMem = (vb_cb_eventmem_t)callback; + } + return uc_hook_add(uc,hh,type,c_hook_mem_invalid,user_data,begin,end); + } + + if(catagory == hc_int){ + if(vbHookInt == 0){ + if((int)callback==0) return UC_ERR_FETCH_UNMAPPED; + vbHookInt = (vb_cb_hookintr_t)callback; + } + return uc_hook_add(uc,hh,UC_HOOK_INTR,c_hook_intr,user_data,begin,end); + } + + return UC_ERR_ARG; +} + +unsigned int __stdcall ucs_dynload(char *path){ +#pragma EXPORT + #ifdef DYNLOAD + return uc_dyn_load(path, 0); + #else + return 1; + #endif +} + +unsigned int __stdcall ucs_version(unsigned int *major, unsigned int *minor){ +#pragma EXPORT + return uc_version(major, minor); +} + +bool __stdcall ucs_arch_supported(uc_arch arch){ +#pragma EXPORT + return uc_arch_supported(arch); +} + +uc_err __stdcall ucs_open(uc_arch arch, uc_mode mode, uc_engine **uc){ +#pragma EXPORT + return uc_open(arch, mode, uc); +} + +uc_err __stdcall ucs_close(uc_engine *uc){ +#pragma EXPORT + return uc_close(uc); +} + +uc_err __stdcall ucs_query(uc_engine *uc, uc_query_type type, size_t *result){ +#pragma EXPORT + return uc_query(uc, type, result); +} + +uc_err __stdcall ucs_errno(uc_engine *uc){ +#pragma EXPORT + return uc_errno(uc); +} + +const char *__stdcall ucs_strerror(uc_err code){ +#pragma EXPORT + return uc_strerror(code); +} + +uc_err __stdcall ucs_reg_write(uc_engine *uc, int regid, const void *value){ +#pragma EXPORT + return uc_reg_write(uc, regid, value); +} + +uc_err __stdcall ucs_reg_read(uc_engine *uc, int regid, void *value){ +#pragma EXPORT + return uc_reg_read(uc, regid, value); +} + +uc_err __stdcall ucs_reg_write_batch(uc_engine *uc, int *regs, void *const *vals, int count){ +#pragma EXPORT + return uc_reg_write_batch(uc, regs, vals, count); +} + +uc_err __stdcall ucs_reg_read_batch(uc_engine *uc, int *regs, void **vals, int count){ +#pragma EXPORT + return uc_reg_read_batch(uc, regs, vals, count); +} + +uc_err __stdcall ucs_mem_write(uc_engine *uc, uint64_t address, const void *bytes, size_t size){ +#pragma EXPORT + return uc_mem_write(uc, address, bytes, size); +} + +uc_err __stdcall ucs_mem_read(uc_engine *uc, uint64_t address, void *bytes, size_t size){ +#pragma EXPORT + return uc_mem_read(uc, address, bytes, size); +} + +uc_err __stdcall ucs_emu_start(uc_engine *uc, uint64_t begin, uint64_t until, uint64_t timeout, size_t count){ +#pragma EXPORT + return uc_emu_start(uc, begin, until, timeout, count); +} + +uc_err __stdcall ucs_emu_stop(uc_engine *uc){ +#pragma EXPORT + return uc_emu_stop(uc); +} + +uc_err __stdcall ucs_hook_del(uc_engine *uc, uc_hook hh){ +#pragma EXPORT + return uc_hook_del(uc, hh); +} + +uc_err __stdcall ucs_mem_map(uc_engine *uc, uint64_t address, size_t size, uint32_t perms){ +#pragma EXPORT + return uc_mem_map(uc, address, size, perms); +} + +//requires link against v1.0 +uc_err __stdcall ucs_mem_map_ptr(uc_engine *uc, uint64_t address, size_t size, uint32_t perms, void *ptr){ +#pragma EXPORT + return uc_mem_map_ptr(uc, address, size, perms, ptr); +} + + +uc_err __stdcall ucs_mem_unmap(uc_engine *uc, uint64_t address, size_t size){ +#pragma EXPORT + return uc_mem_unmap(uc, address, size); +} + +uc_err __stdcall ucs_mem_protect(uc_engine *uc, uint64_t address, size_t size, uint32_t perms){ +#pragma EXPORT + return uc_mem_protect(uc, address, size, perms); +} + +uc_err __stdcall ucs_mem_regions(uc_engine *uc, uc_mem_region **regions, uint32_t *count){ +#pragma EXPORT + return uc_mem_regions(uc, regions, count); +} + +uc_err __stdcall ucs_context_alloc(uc_engine *uc, uc_context **context){ +#pragma EXPORT + return uc_context_alloc(uc, context); +} + +uc_err __stdcall ucs_free(void *mem){ +#pragma EXPORT + return uc_free(mem); +} + +uc_err __stdcall ucs_context_save(uc_engine *uc, uc_context *context){ +#pragma EXPORT + return uc_context_save(uc, context); +} + +uc_err __stdcall ucs_context_restore(uc_engine *uc, uc_context *context){ +#pragma EXPORT + return uc_context_restore(uc, context); +} + +/* +char* asprintf(char* format, ...){ + + char *ret = 0; + + if(!format) return 0; + + va_list args; + va_start(args,format); + int size = _vscprintf(format, args); + + if(size > 0){ + size++; //for null + ret = (char*)malloc(size+2); + if(ret) _vsnprintf(ret, size, format, args); + } + + va_end(args); + return ret; +}*/ + +#ifdef INCLUDE_DISASM +int __stdcall disasm_addr(uc_engine *uc, uint32_t va, char *str, int bufLen){ +#pragma EXPORT + uint32_t instr_len = 0; + int readLen = 15; + uint8_t data[32]; + INSTRUCTION inst; + + if(bufLen < 100) return -1; + + //longest x86 instruction is 15 bytes, what if at the tail end of an allocation? try to read as much as we can.. + while(uc_mem_read(uc,va,data,readLen) != 0){ + readLen--; + if(readLen == 0) return -2; + } + + instr_len = get_instruction(&inst, data, MODE_32); + if( instr_len == 0 ) return -3; + + get_instruction_string(&inst, FORMAT_INTEL, va, str, bufLen); + + /* + if(inst.type == INSTRUCTION_TYPE_JMP || inst.type == INSTRUCTION_TYPE_JMPC){ + if(inst.op1.type == OPERAND_TYPE_IMMEDIATE){ + if(strlen(str) + 6 < bufLen){ + if(getJmpTarget(str) < va){ + strcat(str," ^^"); + }else{ + strcat(str," vv"); + } + } + } + }*/ + + return instr_len; +} +#endif + + +//maps and write in one shot, auto handles alignment.. +uc_err __stdcall mem_write_block(uc_engine *uc, uint64_t address, void* data, uint32_t size, uint32_t perm){ +#pragma EXPORT + + uc_err x; + uint64_t base = address; + uint32_t sz = size; + + while(base % 0x1000 !=0){ + base--; + if(base==0) break; + } + + sz += address-base; //if data starts mid block, we need to alloc more than just size.. + while(sz % 0x1000 !=0){ + sz++; + } + + x = uc_mem_map(uc, base, sz, perm); + if(x) return x; + + x = uc_mem_write(uc, address, (void*)data, size); + if(x) return x; + return UC_ERR_OK; +} + +void addStr(_CollectionPtr p , char* str){ + _variant_t vv; + vv.SetString(str); + p->Add( &vv.GetVARIANT() ); +} + +uc_err __stdcall get_memMap(uc_engine *uc, _CollectionPtr *pColl){ +#pragma EXPORT + + uc_mem_region *regions; + uint32_t count; + char tmp[200]; //max 46 chars used + + uc_err err = uc_mem_regions(uc, ®ions, &count); + + if (err != UC_ERR_OK) return err; + + for (uint32_t i = 0; i < count; i++) { + sprintf(tmp,"&h%llx,&h%llx,&h%x", regions[i].begin, regions[i].end, regions[i].perms); + addStr(*pColl,tmp); + } + + //free(regions); //https://github.com/unicorn-engine/unicorn/pull/373#issuecomment-271187118 + + uc_free((void*)regions); + return err; + +} + +enum op{ + op_add = 0, + op_sub = 1, + op_div = 2, + op_mul = 3, + op_mod = 4, + op_xor = 5, + op_and = 6, + op_or = 7, + op_rsh = 8, + op_lsh = 9, + op_gt = 10, + op_lt = 11, + op_gteq = 12, + op_lteq = 13 +}; + +unsigned int __stdcall ULong(unsigned int v1, unsigned int v2, int operation){ +#pragma EXPORT + + switch(operation){ + case op_add: return v1 + v2; + case op_sub: return v1 - v2; + case op_div: return v1 / v2; + case op_mul: return v1 * v2; + case op_mod: return v1 % v2; + case op_xor: return v1 ^ v2; + case op_and: return v1 & v2; + case op_or: return v1 | v2; + case op_rsh: return v1 >> v2; + case op_lsh: return v1 << v2; + case op_gt: return (v1 > v2 ? 1 : 0); + case op_lt: return (v1 < v2 ? 1 : 0); + case op_gteq: return (v1 >= v2 ? 1 : 0); + case op_lteq: return (v1 <= v2 ? 1 : 0); + } + + return -1; + +} \ No newline at end of file diff --git a/bindings/vb6/misc.bas b/bindings/vb6/misc.bas new file mode 100644 index 00000000..255d9e84 --- /dev/null +++ b/bindings/vb6/misc.bas @@ -0,0 +1,325 @@ +Attribute VB_Name = "misc" +Option Explicit + +Public sharedMemory() As Byte 'in a module so it never goes out of scope and becomes unallocated.. + +Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long +Public Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long +Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long) +Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long +Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long + +Enum op + op_add = 0 + op_sub = 1 + op_div = 2 + op_mul = 3 + op_mod = 4 + op_xor = 5 + op_and = 6 + op_or = 7 + op_rsh = 8 + op_lsh = 9 + op_gt = 10 + op_lt = 11 + op_gteq = 12 + op_lteq = 13 +End Enum + +'unsigned math operations +Public Declare Function ULong Lib "ucvbshim.dll" (ByVal v1 As Long, ByVal v2 As Long, ByVal operation As op) As Long + +'this is just a quick way to support x64 numbers in vb6 its lite but can be bulky to work with +'if we wanted to really work with x64 values we would compile a library such as the following into the shim layer: +' https://github.com/dzzie/libs/tree/master/vb6_utypes + +Private Type Bit64Currency + value As Currency +End Type + +Private Type Bit64Integer + LowValue As Long + HighValue As Long +End Type + +Global Const LANG_US = &H409 + +Function lng2Cur(v As Long) As Currency + Dim c As Bit64Currency + Dim dl As Bit64Integer + dl.LowValue = v + dl.HighValue = 0 + LSet c = dl + lng2Cur = c.value +End Function + +Function cur2lng(v As Currency) As Long + Dim c As Bit64Currency + Dim dl As Bit64Integer + c.value = v + LSet dl = c + cur2lng = dl.LowValue +End Function + +Function KeyExistsInCollection(c As Collection, val As String) As Boolean + On Error GoTo nope + Dim t + t = c(val) + KeyExistsInCollection = True + Exit Function +nope: KeyExistsInCollection = False +End Function + +Function FileExists(path As String) As Boolean + On Error GoTo nope + + If Len(path) = 0 Then Exit Function + If Right(path, 1) = "\" Then Exit Function + If Dir(path, vbHidden Or vbNormal Or vbReadOnly Or vbSystem) <> "" Then FileExists = True + + Exit Function +nope: FileExists = False +End Function + +Function FileNameFromPath(fullpath) As String + Dim tmp + If InStr(fullpath, "\") > 0 Then + tmp = Split(fullpath, "\") + FileNameFromPath = CStr(tmp(UBound(tmp))) + End If +End Function + +Function GetParentFolder(path) As String + Dim tmp, a As Long + + If Right(path, 1) = "\" Then + GetParentFolder = path + Else + a = InStrRev(path, "\") + If a > 0 Then + GetParentFolder = Mid(path, 1, a) + End If + End If + +End Function + +Function FolderExists(ByVal path As String) As Boolean + On Error GoTo nope + If Len(path) = 0 Then Exit Function + If Right(path, 1) <> "\" Then path = path & "\" + If Dir(path, vbDirectory) <> "" Then FolderExists = True + Exit Function +nope: FolderExists = False +End Function + +Function HexDump(bAryOrStrData, Optional hexOnly = 0, Optional ByVal startAt As Long = 1, Optional ByVal Length As Long = -1) As String + Dim s() As String, chars As String, tmp As String + On Error Resume Next + Dim ary() As Byte + Dim offset As Long + Const LANG_US = &H409 + Dim i As Long, tt, h, x + + offset = 0 + + If TypeName(bAryOrStrData) = "Byte()" Then + ary() = bAryOrStrData + Else + ary = StrConv(CStr(bAryOrStrData), vbFromUnicode, LANG_US) + End If + + If startAt < 1 Then startAt = 1 + If Length < 1 Then Length = -1 + + While startAt Mod 16 <> 0 + startAt = startAt - 1 + Wend + + startAt = startAt + 1 + + chars = " " + For i = startAt To UBound(ary) + 1 + tt = Hex(ary(i - 1)) + If Len(tt) = 1 Then tt = "0" & tt + tmp = tmp & tt & " " + x = ary(i - 1) + 'chars = chars & IIf((x > 32 And x < 127) Or x > 191, Chr(x), ".") 'x > 191 causes \x0 problems on non us systems... asc(chr(x)) = 0 + chars = chars & IIf((x > 32 And x < 127), Chr(x), ".") + If i > 1 And i Mod 16 = 0 Then + h = Hex(offset) + While Len(h) < 6: h = "0" & h: Wend + If hexOnly = 0 Then + push s, h & " " & tmp & chars + Else + push s, tmp + End If + offset = offset + 16 + tmp = Empty + chars = " " + End If + If Length <> -1 Then + Length = Length - 1 + If Length = 0 Then Exit For + End If + Next + + 'if read length was not mod 16=0 then + 'we have part of line to account for + If tmp <> Empty Then + If hexOnly = 0 Then + h = Hex(offset) + While Len(h) < 6: h = "0" & h: Wend + h = h & " " & tmp + While Len(h) <= 56: h = h & " ": Wend + push s, h & chars + Else + push s, tmp + End If + End If + + HexDump = Join(s, vbCrLf) + + If hexOnly <> 0 Then + HexDump = Replace(HexDump, " ", "") + HexDump = Replace(HexDump, vbCrLf, "") + End If + +End Function + + +Public Function toBytes(ByVal hexstr, Optional strRet As Boolean = False) + +'supports: +'11 22 33 44 spaced hex chars +'11223344 run together hex strings +'11,22,33,44 csv hex +'\x11,0x22 misc C source rips +' +'ignores common C source prefixes, operators, delimiters, and whitespace +' +'not supported +'1,2,3,4 all hex chars are must have two chars even if delimited +' +'a version which supports more formats is here: +' https://github.com/dzzie/libs/blob/master/dzrt/globals.cls + + Dim ret As String, x As String, str As String + Dim r() As Byte, b As Byte, b1 As Byte + Dim foundDecimal As Boolean, tmp, i, a, a2 + Dim pos As Long, marker As String + + On Error GoTo nope + + str = Replace(hexstr, vbCr, Empty) + str = Replace(str, vbLf, Empty) + str = Replace(str, vbTab, Empty) + str = Replace(str, Chr(0), Empty) + str = Replace(str, "{", Empty) + str = Replace(str, "}", Empty) + str = Replace(str, ";", Empty) + str = Replace(str, "+", Empty) + str = Replace(str, """""", Empty) + str = Replace(str, "'", Empty) + str = Replace(str, " ", Empty) + str = Replace(str, "0x", Empty) + str = Replace(str, "\x", Empty) + str = Replace(str, ",", Empty) + + For i = 1 To Len(str) Step 2 + x = Mid(str, i, 2) + If Not isHexChar(x, b) Then Exit Function + bpush r(), b + Next + + If strRet Then + toBytes = StrConv(r, vbUnicode, LANG_US) + Else + toBytes = r + End If + +nope: +End Function + +Private Sub bpush(bAry() As Byte, b As Byte) 'this modifies parent ary object + On Error GoTo init + Dim x As Long + + x = UBound(bAry) '<-throws Error If Not initalized + ReDim Preserve bAry(UBound(bAry) + 1) + bAry(UBound(bAry)) = b + + Exit Sub + +init: + ReDim bAry(0) + bAry(0) = b + +End Sub + +Sub push(ary, value) 'this modifies parent ary object + On Error GoTo init + Dim x + + x = UBound(ary) + ReDim Preserve ary(x + 1) + + If IsObject(value) Then + Set ary(x + 1) = value + Else + ary(x + 1) = value + End If + + Exit Sub +init: + ReDim ary(0) + If IsObject(value) Then + Set ary(0) = value + Else + ary(0) = value + End If +End Sub + + +Public Function isHexChar(hexValue As String, Optional b As Byte) As Boolean + On Error Resume Next + Dim v As Long + + If Len(hexValue) = 0 Then GoTo nope + If Len(hexValue) > 2 Then GoTo nope 'expecting hex char code like FF or 90 + + v = CLng("&h" & hexValue) + If Err.Number <> 0 Then GoTo nope 'invalid hex code + + b = CByte(v) + If Err.Number <> 0 Then GoTo nope 'shouldnt happen.. > 255 cant be with len() <=2 ? + + isHexChar = True + + Exit Function +nope: + Err.Clear + isHexChar = False +End Function + +Function hhex(b As Byte) As String + hhex = Hex(b) + If Len(hhex) = 1 Then hhex = "0" & hhex +End Function + +Function rpad(x, i, Optional c = " ") + rpad = Left(x & String(i, c), i) +End Function + +Function lbCopy(lstBox As Object) As String + + Dim i As Long + Dim tmp() As String + + For i = 0 To lstBox.ListCount + push tmp, lstBox.List(i) + Next + + lbCopy = Join(tmp, vbCrLf) + +End Function + diff --git a/bindings/vb6/msvbvm60.tlh b/bindings/vb6/msvbvm60.tlh new file mode 100644 index 00000000..45908cf5 --- /dev/null +++ b/bindings/vb6/msvbvm60.tlh @@ -0,0 +1,84 @@ +// Created by Microsoft (R) C/C++ Compiler Version 15.00.21022.08 (2358e5d7). +// +// d:\projects\col\col\debug\msvbvm60.tlh +// +// C++ source equivalent of Win32 type library C:\\windows\system32\msvbvm60.dll +// compiler-generated file created 03/21/16 at 11:45:20 - DO NOT EDIT! + +#pragma once +#pragma pack(push, 8) + +#include + +// +// Forward references and typedefs +// + +struct __declspec(uuid("000204ef-0000-0000-c000-000000000046")) +/* LIBID */ __VBA; + +struct __declspec(uuid("a4c46780-499f-101b-bb78-00aa00383cbb")) +/* dual interface */ _Collection; +struct /* coclass */ Collection; + +// +// Smart pointer typedef declarations +// + + +_COM_SMARTPTR_TYPEDEF(_Collection, __uuidof(_Collection)); + +// +// Type library items +// + +struct __declspec(uuid("a4c46780-499f-101b-bb78-00aa00383cbb")) +_Collection : IDispatch +{ + // + // Wrapper methods for error-handling + // + + _variant_t Item ( + VARIANT * Index ); + HRESULT Add ( + VARIANT * Item, + VARIANT * Key = &vtMissing, + VARIANT * Before = &vtMissing, + VARIANT * After = &vtMissing ); + long Count ( ); + HRESULT Remove ( + VARIANT * Index ); + IUnknownPtr _NewEnum ( ); + + // + // Raw methods provided by interface + // + + virtual HRESULT __stdcall raw_Item ( + /*[in]*/ VARIANT * Index, + /*[out,retval]*/ VARIANT * pvarRet ) = 0; + virtual HRESULT __stdcall raw_Add ( + /*[in]*/ VARIANT * Item, + /*[in]*/ VARIANT * Key = &vtMissing, + /*[in]*/ VARIANT * Before = &vtMissing, + /*[in]*/ VARIANT * After = &vtMissing ) = 0; + virtual HRESULT __stdcall raw_Count ( + /*[out,retval]*/ long * pi4 ) = 0; + virtual HRESULT __stdcall raw_Remove ( + /*[in]*/ VARIANT * Index ) = 0; + virtual HRESULT __stdcall raw__NewEnum ( + /*[out,retval]*/ IUnknown * * ppunk ) = 0; +}; + +struct __declspec(uuid("a4c4671c-499f-101b-bb78-00aa00383cbb")) +Collection; + // [ default ] interface _Collection + +// +// Wrapper method implementations +// + +#include "msvbvm60.tli" + +#pragma pack(pop) diff --git a/bindings/vb6/msvbvm60.tli b/bindings/vb6/msvbvm60.tli new file mode 100644 index 00000000..69e1d85e --- /dev/null +++ b/bindings/vb6/msvbvm60.tli @@ -0,0 +1,46 @@ +// Created by Microsoft (R) C/C++ Compiler Version 15.00.21022.08 (2358e5d7). +// +// d:\projects\col\col\debug\msvbvm60.tli +// +// Wrapper implementations for Win32 type library C:\\windows\system32\msvbvm60.dll +// compiler-generated file created 03/21/16 at 11:45:20 - DO NOT EDIT! + +#pragma once + +// +// interface _Collection wrapper method implementations +// + +inline _variant_t _Collection::Item ( VARIANT * Index ) { + VARIANT _result; + VariantInit(&_result); + HRESULT _hr = raw_Item(Index, &_result); + if (FAILED(_hr)) _com_issue_errorex(_hr, this, __uuidof(this)); + return _variant_t(_result, false); +} + +inline HRESULT _Collection::Add ( VARIANT * Item, VARIANT * Key, VARIANT * Before, VARIANT * After ) { + HRESULT _hr = raw_Add(Item, Key, Before, After); + if (FAILED(_hr)) _com_issue_errorex(_hr, this, __uuidof(this)); + return _hr; +} + +inline long _Collection::Count ( ) { + long _result = 0; + HRESULT _hr = raw_Count(&_result); + if (FAILED(_hr)) _com_issue_errorex(_hr, this, __uuidof(this)); + return _result; +} + +inline HRESULT _Collection::Remove ( VARIANT * Index ) { + HRESULT _hr = raw_Remove(Index); + if (FAILED(_hr)) _com_issue_errorex(_hr, this, __uuidof(this)); + return _hr; +} + +inline IUnknownPtr _Collection::_NewEnum ( ) { + IUnknown * _result = 0; + HRESULT _hr = raw__NewEnum(&_result); + if (FAILED(_hr)) _com_issue_errorex(_hr, this, __uuidof(this)); + return IUnknownPtr(_result, false); +} diff --git a/bindings/vb6/screenshot.png b/bindings/vb6/screenshot.png new file mode 100644 index 00000000..fa1cf817 Binary files /dev/null and b/bindings/vb6/screenshot.png differ diff --git a/bindings/vb6/ucIntel32.cls b/bindings/vb6/ucIntel32.cls new file mode 100644 index 00000000..b54186f7 --- /dev/null +++ b/bindings/vb6/ucIntel32.cls @@ -0,0 +1,927 @@ +VERSION 1.0 CLASS +BEGIN + MultiUse = -1 'True + Persistable = 0 'NotPersistable + DataBindingBehavior = 0 'vbNone + DataSourceBehavior = 0 'vbNone + MTSTransactionMode = 0 'NotAnMTSObject +END +Attribute VB_Name = "ucIntel32" +Attribute VB_GlobalNameSpace = False +Attribute VB_Creatable = True +Attribute VB_PredeclaredId = False +Attribute VB_Exposed = False +Option Explicit + +'Unicorn Engine x86 32bit wrapper class for vb6 + +'Contributed by: FireEye FLARE team +'Author: David Zimmer , +'License: Apache + +'we hide the extra labor of x64 conversion from the user. I could simplify +'this at the C shim layer but I might write an x64 class later +' +'since the vb long type only natively supports signed math, I have also handed off a couple +'calculations in this class to a C stub just to be safe. +' +'you can find a full unsigned and x64 safe library for vb6 here: +' https://github.com/dzzie/libs/tree/master/vb6_utypes + +Public hLib As Long +Public uc As Long +Public errMsg As String +Public Version As String +Public major As Long +Public minor As Long + +Private r32 As Variant +Private r16 As Variant +Private r8 As Variant +Private rs_ As Variant +Private rs_Name As Variant +Private r32_Name As Variant +Private r16_Name As Variant +Private r8_Name As Variant +Private hooks As New Collection +Private m_DisasmOk As Boolean + +Event CodeHook(ByVal address As Long, ByVal size As Long) +Event BlockHook(ByVal address As Long, ByVal size As Long) +Event MemAccess(ByVal t As uc_mem_type, ByVal address As Long, ByVal size As Long, ByVal value As Long) +Event InvalidMem(ByVal t As uc_mem_type, ByVal address As Long, ByVal size As Long, ByVal value As Long, ByRef continue As Boolean) +Event Interrupt(ByVal intno As Long) + +'our vb enum is 0 based then mapped to the real C values so we can loop them to dump with name lookup +'these sub enums also keep the intellisense lists short and focused when reading/writing vals +'they are accessed through reg32, reg16, reg8, rs properties, or use raw full enum through reg property +'the names of each can be looked up through the reg32n etc properties +Public Enum reg_32 + eax_r = 0 + ecx_r = 1 + edx_r = 2 + ebx_r = 3 + esp_r = 4 + ebp_r = 5 + esi_r = 6 + edi_r = 7 +End Enum + +Public Enum reg_16 + ax_r = 0 + cx_r = 1 + dx_r = 2 + bx_r = 3 + sp_r = 4 + bp_r = 5 + si_r = 6 + di_r = 7 +End Enum + +Public Enum reg_8 + ah_r = 0 + ch_r = 1 + dh_r = 2 + bh_r = 3 + al_r = 4 + cl_r = 5 + dl_r = 6 + bl_r = 7 +End Enum + +Public Enum reg_Special + CS_r = 0 + DS_r = 1 + ES_r = 2 + FS_r = 3 + GS_r = 4 + SS_r = 5 + IDTR_r = 6 + GDTR_r = 7 + LDTR_r = 8 +End Enum + +Property Get DisasmAvail() As Boolean + DisasmAvail = m_DisasmOk +End Property + +Property Get lastError() As Long + lastError = ucs_errno(uc) +End Property + +Property Get hadErr() As Boolean + If Len(errMsg) > 0 Then hadErr = True +End Property + +Property Get eip() As Long + Dim e As uc_err, value As Long + e = ucs_reg_read(uc, UC_X86_REG_EIP, value) + eip = value +End Property + +Property Let eip(v As Long) + Dim e As uc_err + e = ucs_reg_write(uc, UC_X86_REG_EIP, v) +End Property + +Property Get eflags() As Long + Dim e As uc_err, value As Long + e = ucs_reg_read(uc, UC_X86_REG_EFLAGS, value) + eflags = value +End Property + +Property Let eflags(v As Long) + Dim e As uc_err + e = ucs_reg_write(uc, UC_X86_REG_EFLAGS, v) +End Property + + +'full access to all registers if you need it.. +Property Get reg(r As uc_x86_reg) As Long + Dim e As uc_err, value As Long + e = ucs_reg_read(uc, r, value) + reg = value +End Property + +Property Let reg(r As uc_x86_reg, value As Long) + Dim e As uc_err + e = ucs_reg_write(uc, r, value) +End Property + +'32 bit registers +Property Get reg32(r As reg_32) As Long + Dim e As uc_err, value As Long + If r < 0 Or r > UBound(r32) Then Exit Property + e = ucs_reg_read(uc, r32(r), value) + reg32 = value +End Property + +Property Let reg32(r As reg_32, value As Long) + Dim e As uc_err + If r < 0 Or r > UBound(r32) Then Exit Property + e = ucs_reg_write(uc, r32(r), value) +End Property + +'16 bit registers +Property Get reg16(r As reg_16) As Long + Dim e As uc_err, value As Long + If r < 0 Or r > UBound(r16) Then Exit Property + e = ucs_reg_read(uc, r16(r), value) + reg16 = CInt(value) +End Property + +Property Let reg16(r As reg_16, ByVal value As Long) + Dim e As uc_err + value = value And &HFFFF + If r < 0 Or r > UBound(r16) Then Exit Property + e = ucs_reg_write(uc, r16(r), value) +End Property + +'8 bit registers +Property Get reg8(r As reg_8) As Long + Dim e As uc_err, value As Long + If r < 0 Or r > UBound(r8) Then Exit Property + e = ucs_reg_read(uc, r8(r), value) + reg8 = value +End Property + +Property Let reg8(r As reg_8, ByVal value As Long) + Dim e As uc_err + value = value And &HFF + If r < 0 Or r > UBound(r8) Then Exit Property + e = ucs_reg_write(uc, r8(r), value) +End Property + +'special registers +Property Get rs(r As reg_Special) As Long + Dim e As uc_err, value As Long + If r < 0 Or r > UBound(rs_) Then Exit Property + e = ucs_reg_read(uc, rs_(r), value) + rs = value +End Property + +Property Let rs(r As reg_Special, ByVal value As Long) + Dim e As uc_err + If r < 0 Or r > UBound(rs_) Then Exit Property + e = ucs_reg_write(uc, rs_(r), value) +End Property + + +'reg index to name translation for looping +Property Get reg32n(r As reg_32) As String + If r < 0 Or r > UBound(r32_Name) Then Exit Property + reg32n = r32_Name(r) +End Property + +Property Get reg16n(r As reg_16) As String + If r < 0 Or r > UBound(r16_Name) Then Exit Property + reg16n = r16_Name(r) +End Property + +Property Get reg8n(r As reg_8) As String + If r < 0 Or r > UBound(r8_Name) Then Exit Property + reg8n = r8_Name(r) +End Property + +Property Get rsn(r As reg_Special) As String + If r < 0 Or r > UBound(rs_Name) Then Exit Property + rsn = rs_Name(r) +End Property + +Function regDump(Optional includeState As Boolean = True) As String + Dim i As Long + Dim tmp As String + + For i = 0 To UBound(r32) + tmp = tmp & reg32n(i) & "=" & Hex(reg32(i)) & " " + 'if i mod 3 = 0 and i <> 0 then tmp = tmp & vbcrlf + Next + + regDump = tmp + + If includeState Then + regDump = regDump & "eip=" & Hex(Me.eip) & " " & dumpFlags() + End If + +End Function + +Function dumpFlags() As String + + Dim ret() As String + Dim n As Variant + Dim i As Long + Dim flags As Long + + 'http://www.c-jump.com/CIS77/ASM/Instructions/I77_0050_eflags.htm + n = Array("C ", 0, "P ", 0, "A ", 0, "Z ", "S ", _ + "T ", "I ", "D ", "O ", "IOPL ", "IOPL ", "NT ", 0, _ + "RF ", "VM ", "AC ", "VIF ", "VIP ", "ID ", 0) + + flags = Me.eflags + push ret, "EFL " & Hex(flags) + + For i = 0 To 21 + If flags And ULong(1, i, op_lsh) Then + If n(i) <> 0 Then push ret, n(i) + End If + Next + + dumpFlags = Join(ret, " ") + + +End Function + +Private Sub Class_Initialize() + + Dim e As uc_err + + 'mapping our simplified to real values.. + r32 = Array(UC_X86_REG_EAX, UC_X86_REG_ECX, UC_X86_REG_EDX, UC_X86_REG_EBX, UC_X86_REG_ESP, UC_X86_REG_EBP, UC_X86_REG_ESI, UC_X86_REG_EDI) + r32_Name = Array("eax", "ecx", "edx", "ebx", "esp", "ebp", "esi", "edi") + + r16 = Array(UC_X86_REG_AX, UC_X86_REG_CX, UC_X86_REG_DX, UC_X86_REG_BX, UC_X86_REG_SP, UC_X86_REG_BP, UC_X86_REG_SI, UC_X86_REG_DI) + r16_Name = Array("ax", "cx", "dx", "bx", "sp", "bp", "si", "di") + + r8 = Array(UC_X86_REG_AH, UC_X86_REG_CH, UC_X86_REG_DH, UC_X86_REG_BH, UC_X86_REG_AL, UC_X86_REG_CL, UC_X86_REG_DL, UC_X86_REG_Bl) + r8_Name = Array("ah", "ch", "dh", "bh", "al", "cl", "dl", "bl") + + rs_ = Array(UC_X86_REG_CS, UC_X86_REG_DS, UC_X86_REG_ES, UC_X86_REG_FS, UC_X86_REG_GS, UC_X86_REG_SS, UC_X86_REG_IDTR, UC_X86_REG_GDTR, UC_X86_REG_LDTR) + rs_Name = Array("cs", "ds", "es", "fs", "gs", "ss", "idtr", "gdtr", "ldtr") + + 'just to ensure IDE finds the dll before we try to use it... + Const dllName As String = "ucvbshim.dll" + + If Len(UNICORN_PATH) = 0 Then + UNICORN_PATH = vbNullString + ElseIf FolderExists(UNICORN_PATH) Then + UNICORN_PATH = UNICORN_PATH & IIf(Right(UNICORN_PATH, 1) = "\", "", "\") & "unicorn.dll" + End If + + If hLib = 0 Then + hLib = GetModuleHandle(dllName) + If hLib = 0 Then + hLib = LoadLibrary(GetParentFolder(UNICORN_PATH) & "\" & dllName) + If hLib = 0 Then + hLib = LoadLibrary(dllName) + If hLib = 0 Then + errMsg = "Could not load " & dllName + Exit Sub + End If + End If + End If + End If + + If DYNLOAD = 0 Then + DYNLOAD = ucs_dynload(UNICORN_PATH) + If DYNLOAD = 0 Then + errMsg = "Dynamic Loading of unicorn.dll failed " & IIf(Len(UNICORN_PATH) > 0, "path: " & UNICORN_PATH, "") + Exit Sub + End If + End If + + ucs_version major, minor + Version = major & "." & minor + + If ucs_arch_supported(UC_ARCH_X86) <> 1 Then + errMsg = "UC_ARCH_X86 not supported" + Exit Sub + End If + + e = ucs_open(UC_ARCH_X86, UC_MODE_32, uc) + If e <> uc_err_ok Then + errMsg = "Failed to create new x86 32bit engine instance " & err2str(e) + Exit Sub + End If + + If GetProcAddress(hLib, "disasm_addr") <> 0 Then m_DisasmOk = True + + instances.Add Me, "objptr:" & ObjPtr(Me) + +End Sub + +Private Sub Class_Terminate() + If uc = 0 Then Exit Sub + stopEmu + ucs_close uc + On Error Resume Next + instances.Remove "objptr:" & ObjPtr(Me) +End Sub + +Function mapMem(address As Long, size As Long, Optional protection As uc_prot = UC_PROT_ALL) As Boolean + + Dim addr As Currency + Dim e As uc_err + + errMsg = Empty + addr = lng2Cur(address) + + e = ucs_mem_map(uc, addr, size, protection) + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + mapMem = True + +End Function + +'address and size must be 4kb aligned, real buffer must be at least of size, and not go out of scope! +Function mapMemPtr(ByRef b() As Byte, address As Long, size As Long, Optional protection As uc_prot = UC_PROT_ALL) As Boolean + + Dim addr As Currency + Dim e As uc_err + + errMsg = Empty + addr = lng2Cur(address) + + If UBound(b) < size Then + errMsg = "Buffer is < size" + Exit Function + End If + + If size Mod &H1000 <> 0 Then + errMsg = "Size must be 4kb aligned" + Exit Function + End If + + If address Mod &H1000 <> 0 Then + errMsg = "address must be 4kb aligned" + Exit Function + End If + + e = ucs_mem_map_ptr(uc, addr, size, protection, VarPtr(b(0))) + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + mapMemPtr = True + +End Function + +Function findAlloc(address As Long, Optional inRange As Boolean = False) As CMemRegion + Dim m As CMemRegion + Dim found As Boolean + + For Each m In getMemMap() + If inRange Then + If ULong(address, m.address, op_gteq) = 1 And ULong(address, m.address, op_lteq) = 1 Then found = True + Else + If m.address = address Then found = True + End If + If found Then + Set findAlloc = m + Exit Function + End If + Next +End Function + +'we could accept a variant here instead of CMemRegion +'if typename(v) = "Long" then enum regions and find cmem, else expect CMemRegion.. +'would be convient.. or a findAlloc(base as long) as CMemRegion +Function changePermissions(m As CMemRegion, newProt As uc_prot) + Dim e As uc_err + Dim addr64 As Currency + + errMsg = Empty + + If m Is Nothing Then Exit Function + + If newProt = m.perm Then + changePermissions = True + Exit Function + End If + + addr64 = lng2Cur(m.address) + + e = ucs_mem_protect(uc, addr64, m.size, newProt) + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + m.perm = newProt + changePermissions = True + +End Function + + +Function unMapMem(base As Long) As Boolean + + Dim m As CMemRegion + Dim e As uc_err + Dim addr64 As Currency + + errMsg = Empty + addr64 = lng2Cur(base) + + For Each m In getMemMap() + If m.address = base Then + e = ucs_mem_unmap(uc, addr64, m.size) + unMapMem = (e = uc_err_ok) + If Not unMapMem Then errMsg = err2str(e) + Exit Function + End If + Next + +End Function + +'this function maps and writes (note 32bit only right now) +Function writeBlock(address As Long, buf() As Byte, Optional perm As uc_prot = UC_PROT_ALL) As Boolean + + Dim addr As Currency + Dim e As uc_err + + addr = lng2Cur(address) + + errMsg = Empty + e = mem_write_block(uc, addr, buf(0), UBound(buf) + 1, perm) + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + writeBlock = True + +End Function + +'this function requires the memory already be mapped in, use writeBlock for easier access... +Function writeMem(address As Long, buf() As Byte) As Boolean + + Dim addr As Currency + Dim e As uc_err + + errMsg = Empty + addr = lng2Cur(address) + + e = ucs_mem_write(uc, addr, buf(0), UBound(buf) + 1) + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + writeMem = True + +End Function + +Function writeByte(address As Long, b As Byte) As Boolean + + Dim addr As Currency + Dim e As uc_err + Dim buf(0) As Byte + + errMsg = Empty + addr = lng2Cur(address) + buf(0) = b + + e = ucs_mem_write(uc, addr, buf(0), 1) + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + writeByte = True + +End Function + +Function writeLong(address As Long, value As Long) As Boolean + + Dim addr As Currency + Dim e As uc_err + Dim buf(0 To 3) As Byte + + errMsg = Empty + addr = lng2Cur(address) + CopyMemory buf(0), ByVal VarPtr(value), 4 + + e = ucs_mem_write(uc, addr, buf(0), 4) + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + writeLong = True + +End Function + +Function writeInt(address As Long, value As Integer) As Boolean + + Dim addr As Currency + Dim e As uc_err + Dim buf(0 To 1) As Byte + + errMsg = Empty + addr = lng2Cur(address) + CopyMemory buf(0), ByVal VarPtr(value), 2 + + e = ucs_mem_write(uc, addr, buf(0), 2) + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + writeInt = True + +End Function + +Function readMem(address As Long, ByRef buf() As Byte, ByVal size As Long) As Boolean + + Dim addr As Currency + Dim e As uc_err + + errMsg = Empty + addr = lng2Cur(address) + ReDim buf(size - 1) '0 based.. + + e = ucs_mem_read(uc, addr, buf(0), UBound(buf) + 1) + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + readMem = True + +End Function + +Function readByte(address As Long, ByRef b As Byte) As Boolean + + Dim buf() As Byte + + readMem address, buf, 1 + If hadErr Then Exit Function + + b = buf(0) + readByte = True + +End Function + +Function readLong(address As Long, ByRef retVal As Long) As Boolean + + Dim buf() As Byte + + readMem address, buf, 4 + If hadErr Then Exit Function + + CopyMemory ByVal VarPtr(retVal), buf(0), 4 + readLong = True + +End Function + +Function readInt(address As Long, ByRef retVal As Integer) As Boolean + + Dim buf() As Byte + + readMem address, buf, 2 + If hadErr Then Exit Function + + CopyMemory ByVal VarPtr(retVal), buf(0), 2 + readInt = True + +End Function + + +Function saveContext() As Long + + Dim hContext As Long + Dim e As uc_err + + errMsg = Empty + e = ucs_context_alloc(uc, hContext) + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + e = ucs_context_save(uc, hContext) + + If e <> uc_err_ok Then + errMsg = err2str(e) + e = ucs_free(hContext) + If e <> uc_err_ok Then errMsg = errMsg & " error freeing context: " & err2str(e) + Exit Function + End If + + saveContext = hContext + +End Function + +Function restoreContext(hContext As Long) As Boolean + + Dim e As uc_err + + errMsg = Empty + e = ucs_context_restore(uc, hContext) + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + restoreContext = True + +End Function + +Function freeContext(hContext As Long) As Boolean + Dim e As uc_err + e = ucs_free(hContext) + If e <> uc_err_ok Then + errMsg = err2str(e) + Else + freeContext = True + End If +End Function + + +Function disasm(va As Long, Optional ByRef instrLen As Long) As String + + Dim buf As String, i As Long, b() As Byte + Dim dump As String + On Error Resume Next + + If Not m_DisasmOk Then + disasm = Right("00000000" & Hex(va), 8) + Exit Function + End If + + buf = String(300, Chr(0)) + + instrLen = disasm_addr(uc, va, buf, Len(buf)) + If instrLen < 1 Then + Select Case instrLen + Case -1: buf = "Buffer to small" + Case -2: buf = "Failed to read memory" + Case -3: buf = "Failed to disassemble" + Case Default: buf = "Unknown error " & instrLen + End Select + dump = "?? ?? ??" + GoTo end_of_func + End If + + i = InStr(buf, Chr(0)) + If i > 2 Then buf = VBA.Left(buf, i - 1) Else buf = Empty + + readMem va, b(), instrLen + + For i = 0 To UBound(b) + dump = dump & hhex(b(i)) & " " + Next + +end_of_func: + disasm = Right("00000000" & Hex(va), 8) & " " & rpad(dump, 25) & buf + +End Function + +Function startEmu(beginAt As Long, endAt As Long, Optional timeout As Long = 0, Optional count As Long = 0) As Boolean + + Dim e As uc_err + Dim a As Currency, b As Currency, t As Currency + + a = lng2Cur(beginAt) + b = lng2Cur(endAt) + t = lng2Cur(timeout) + + errMsg = Empty + e = ucs_emu_start(uc, a, b, t, count) + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + startEmu = True + +End Function + +Function stopEmu() As Boolean + Dim e As uc_err + errMsg = Empty + e = ucs_emu_stop(uc) + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + stopEmu = True +End Function + + + Function addHook(catagory As hookCatagory, flags As uc_hook_type, Optional beginAt As Long = 1, Optional endAt As Long = 0) As Boolean + + Dim e As uc_err + Dim hHook As Long 'handle to remove hook + Dim a As Currency, b As Currency + + e = -1 + a = lng2Cur(beginAt) + b = lng2Cur(endAt) + errMsg = Empty + + If KeyExistsInCollection(hooks, "flags:" & flags) Then + addHook = True + Exit Function + End If + + If catagory = hc_code Then e = ucs_hook_add(uc, hHook, flags, AddressOf code_hook, ObjPtr(Me), a, b, catagory) + If catagory = hc_mem Then e = ucs_hook_add(uc, hHook, flags, AddressOf mem_hook, ObjPtr(Me), a, b, catagory) + If catagory = hc_memInvalid Then e = ucs_hook_add(uc, hHook, flags, AddressOf invalid_mem_hook, ObjPtr(Me), a, b, catagory) + If catagory = hc_block Then e = ucs_hook_add(uc, hHook, flags, AddressOf block_hook, ObjPtr(Me), a, b, catagory) + If catagory = hc_int Then e = ucs_hook_add(uc, hHook, flags, AddressOf interrupt_hook, ObjPtr(Me), a, b, catagory) + + If e = -1 Then + errMsg = "Unimplemented hook catagory" + Exit Function + End If + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + hooks.Add hHook, "flags:" & flags + addHook = True + + End Function + +'actually these appear to use different prototypes for each instruction? (only in/out examples seen...) +'what about all the others? not implemented yet in c or vb callback +'Function hookInstruction(i As uc_x86_insn, Optional beginAt As Long = 1, Optional endAt As Long = 0) As Boolean +' +' Dim e As uc_err +' Dim hHook As Long 'handle to remove hook +' Dim a As Currency, b As Currency +' +' If i = UC_X86_INS_INVALID Then Exit Function +' +' e = -1 +' a = lng2Cur(beginAt) +' b = lng2Cur(endAt) +' errMsg = Empty +' +' If KeyExistsInCollection(hooks, "instr:" & i) Then +' hookInstruction = True +' Exit Function +' End If +' +' e = ucs_hook_add(uc, hHook, UC_HOOK_INSN, AddressOf instruction_hook, ObjPtr(Me), a, b, hc_inst, i) +' +' If e <> UC_ERR_OK Then +' errMsg = err2str(e) +' Exit Function +' End If +' +' hooks.Add hHook, "instr:" & i +' hookInstruction = True +' +' End Function + + +Function removeHook(ByVal flags As uc_hook_type) As Boolean + + On Error Resume Next + + Dim hHook As Long, e As uc_err, wasInstr As Boolean + + errMsg = Empty + hHook = hooks("flags:" & flags) + + If hHook = 0 Then + hHook = hooks("instr:" & flags) 'maybe it was an instruction hook? + If hHook = 0 Then + errMsg = "Hook handle not found for supplied flags." + Exit Function + Else + wasInstr = True + End If + End If + + e = ucs_hook_del(uc, hHook) + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + If wasInstr Then + hooks.Remove "instr:" & flags + Else + hooks.Remove "flags:" & flags + End If + + removeHook = True + +End Function + +Function getMemMap() As Collection 'of 32bit CMemRegion + Dim c As New Collection + Dim ret As New Collection + Dim mem As CMemRegion + Dim e As uc_err + Dim s, tmp, v + + errMsg = Empty + Set getMemMap = ret + + e = get_memMap(uc, c) + + If e <> uc_err_ok Then + errMsg = err2str(e) + Exit Function + End If + + For Each s In c '&h1000000,&h11fffff,&h7 these should always be 32bit safe values created in this class.. + If Len(s) > 0 Then + tmp = Split(s, ",") + If UBound(tmp) = 2 Then + Set mem = New CMemRegion + mem.address = CLng(tmp(0)) + mem.endsAt = CLng(tmp(1)) + mem.size = ULong(mem.endsAt, mem.address, op_sub) + 1 'vb native math is signed only..we play it safe.. + mem.perm = CLng(tmp(2)) + ret.Add mem + End If + End If + Next + +End Function + + +'these are internal functions used from the callback in the module to route the message to the event interface +'little confusing but in the end easier for the end user...also lays foundation for multiple live instances +'(although only one can run at a time since vb is single threaded) + +Friend Function internal_invalid_mem_hook(ByVal t As uc_mem_type, ByVal address As Currency, ByVal size As Long, ByVal value As Currency) As Long + Dim addr As Long, v As Long, continue As Boolean + addr = cur2lng(address) + v = cur2lng(value) + RaiseEvent InvalidMem(t, addr, size, v, continue) + internal_invalid_mem_hook = IIf(continue, 1, 0) +End Function + +Friend Sub internal_mem_hook(ByVal t As uc_mem_type, ByVal address As Currency, ByVal size As Long, ByVal value As Currency) + Dim addr As Long, v As Long + addr = cur2lng(address) + v = cur2lng(value) + RaiseEvent MemAccess(t, addr, size, v) +End Sub + +Friend Sub internal_code_hook(ByVal address As Currency, ByVal size As Long) + Dim addr As Long + addr = cur2lng(address) + RaiseEvent CodeHook(addr, size) +End Sub + +Friend Sub internal_block_hook(ByVal address As Currency, ByVal size As Long) + Dim addr As Long + addr = cur2lng(address) + RaiseEvent BlockHook(addr, size) +End Sub + +Friend Sub internal_interrupt_hook(ByVal intno As Long) + RaiseEvent Interrupt(intno) +End Sub + diff --git a/bindings/vb6/uc_def.bas b/bindings/vb6/uc_def.bas new file mode 100644 index 00000000..823819cd --- /dev/null +++ b/bindings/vb6/uc_def.bas @@ -0,0 +1,2504 @@ +Attribute VB_Name = "uc_def" +Option Explicit + +'Unicorn Engine x86 32bit wrapper class for vb6 + +'Contributed by: FireEye FLARE team +'Author: David Zimmer , +'License: Apache + +' supported api: +' ucs_version +' ucs_arch_supported +' ucs_open +' ucs_close +' uc_reg_write +' uc_reg_read +' uc_mem_write +' UC_MEM_READ +' uc_emu_start +' uc_emu_stop +' ucs_hook_add +' uc_mem_map +' uc_hook_del +' uc_mem_regions +' uc_mem_map_ptr +' uc_context_alloc +' uc_free +' uc_context_save +' uc_context_restore +' uc_mem_unmap +' uc_mem_protect +' uc_strerror +' uc_errno + +' supported hooks: +' UC_HOOK_CODE +' UC_HOOK_BLOCK +' memory READ/WRITE/FETCH +' invalid memory access +' interrupts +' +' bonus: +' disasm_addr (32bit only uses libdasm) +' mem_write_block (map and write data auto handles alignment) +' get_memMap (wrapper for uc_mem_regions) +' +' + +'sample supports multiple instances, required since callbacks must be in a shared module +Global instances As New Collection +Global UNICORN_PATH As String +Global DYNLOAD As Long + +Public Enum uc_arch + UC_ARCH_ARM = 1 ' ARM architecture (including Thumb, Thumb-2) + UC_ARCH_ARM64 = 2 ' ARM-64, also called AArch64okok + UC_ARCH_MIPS = 3 ' Mips architecture + UC_ARCH_X86 = 4 ' X86 architecture (including x86 & x86-64) + UC_ARCH_PPC = 5 ' PowerPC architecture (currently unsupported) + UC_ARCH_SPARC = 6 ' Sparc architecture + UC_ARCH_M68K = 7 ' M68K architecture + UC_ARCH_MAX = 8 +End Enum + +Public Enum uc_prot + UC_PROT_NONE = 0 + UC_PROT_READ = 1 + UC_PROT_WRITE = 2 + UC_PROT_EXEC = 4 + UC_PROT_ALL = 7 +End Enum + +Public Enum uc_err + uc_err_ok = 0 ' No error: everything was fine + UC_ERR_NOMEM = 1 ' Out-Of-Memory error: uc_open(), uc_emulate() + UC_ERR_ARCH = 2 ' Unsupported architecture: uc_open() + UC_ERR_HANDLE = 3 ' Invalid handle + UC_ERR_MODE = 4 ' Invalid/unsupported mode: uc_open() + UC_ERR_VERSION = 5 ' Unsupported version (bindings) + UC_ERR_READ_UNMAPPED = 6 ' Quit emulation due to READ on unmapped memory: uc_emu_start() + UC_ERR_WRITE_UNMAPPED = 7 ' Quit emulation due to WRITE on unmapped memory: uc_emu_start() + UC_ERR_FETCH_UNMAPPED = 8 ' Quit emulation due to FETCH on unmapped memory: uc_emu_start() + UC_ERR_HOOK = 9 ' Invalid hook type: uc_hook_add() + UC_ERR_INSN_INVALID = 10 ' Quit emulation due to invalid instruction: uc_emu_start() + UC_ERR_MAP = 11 ' Invalid memory mapping: uc_mem_map() + UC_ERR_WRITE_PROT = 12 ' Quit emulation due to UC_MEM_WRITE_PROT violation: uc_emu_start() + UC_ERR_READ_PROT = 13 ' Quit emulation due to UC_MEM_READ_PROT violation: uc_emu_start() + UC_ERR_FETCH_PROT = 14 ' Quit emulation due to UC_MEM_FETCH_PROT violation: uc_emu_start() + UC_ERR_ARG = 15 ' Inavalid argument provided to uc_xxx function (See specific function API) + UC_ERR_READ_UNALIGNED = 16 ' Unaligned read + UC_ERR_WRITE_UNALIGNED = 17 ' Unaligned write + UC_ERR_FETCH_UNALIGNED = 18 ' Unaligned fetch + UC_ERR_HOOK_EXIST = 19 ' hook for this event already existed + UC_ERR_RESOURCE = 20 ' Insufficient resource: uc_emu_start() + UC_ERR_EXCEPTION = 21 ' Unhandled CPU exception +End Enum + +' All type of memory accesses for UC_HOOK_MEM_* +Public Enum uc_mem_type + UC_MEM_READ = 16 ' Memory is read from + uc_mem_write = 17 ' Memory is written to + UC_MEM_FETCH = 18 ' Memory is fetched + UC_MEM_READ_UNMAPPED = 19 ' Unmapped memory is read from + UC_MEM_WRITE_UNMAPPED = 20 ' Unmapped memory is written to + UC_MEM_FETCH_UNMAPPED = 21 ' Unmapped memory is fetched + UC_MEM_WRITE_PROT = 22 ' Write to write protected, but mapped, memory + UC_MEM_READ_PROT = 23 ' Read from read protected, but mapped, memory + UC_MEM_FETCH_PROT = 24 ' Fetch from non-executable, but mapped, memory + UC_MEM_READ_AFTER = 25 ' Memory is read from (successful access) +End Enum + +Public Enum uc_mode 'from /bindings/dotnet/common.fs + UC_MODE_LITTLE_ENDIAN = 0 'little-endian mode (default mode) + UC_MODE_BIG_ENDIAN = 1073741824 'big-endian mode +' UC_MODE_ARM = 0 'ARM mode +' UC_MODE_THUMB = 16 'THUMB mode (including Thumb-2) +' UC_MODE_MCLASS = 32 'ARM's Cortex-M series (currently unsupported) +' UC_MODE_V8 = 64 'ARMv8 A32 encodings for ARM (currently unsupported) +' UC_MODE_MICRO = 16 'MicroMips mode (currently unsupported) +' UC_MODE_MIPS3 = 32 'Mips III ISA (currently unsupported) +' UC_MODE_MIPS32R6 = 64 'Mips32r6 ISA (currently unsupported) +' UC_MODE_MIPS32 = 4 'Mips32 ISA +' UC_MODE_MIPS64 = 8 'Mips64 ISA + UC_MODE_16 = 2 '16-bit mode + UC_MODE_32 = 4 '32-bit mode + UC_MODE_64 = 8 '64-bit mode +' UC_MODE_PPC32 = 4 '32-bit mode (currently unsupported) +' UC_MODE_PPC64 = 8 '64-bit mode (currently unsupported) +' UC_MODE_QPX = 16 'Quad Processing eXtensions mode (currently unsupported) +' UC_MODE_SPARC32 = 4 '32-bit mode +' UC_MODE_SPARC64 = 8 '64-bit mode +' UC_MODE_V9 = 16 'SparcV9 mode (currently unsupported) +End Enum + +Public Enum uc_hook_type 'from /bindings/dotnet/common.fs + UC_HOOK_INTR = 1 ' Hook all interrupt/syscall events + UC_HOOK_INSN = 2 ' Hook a particular instruction + UC_HOOK_CODE = 4 ' Hook a range of code + UC_HOOK_BLOCK = 8 ' Hook basic blocks + UC_HOOK_MEM_READ_UNMAPPED = 16 ' Hook for memory read on unmapped memory + UC_HOOK_MEM_WRITE_UNMAPPED = 32 ' Hook for invalid memory write events + UC_HOOK_MEM_FETCH_UNMAPPED = 64 ' Hook for invalid memory fetch for execution events + UC_HOOK_MEM_READ_PROT = 128 ' Hook for memory read on read-protected memory + UC_HOOK_MEM_WRITE_PROT = 256 ' Hook for memory write on write-protected memory + UC_HOOK_MEM_FETCH_PROT = 512 ' Hook for memory fetch on non-executable memory + UC_HOOK_MEM_READ = 1024 ' Hook memory read events. + UC_HOOK_MEM_WRITE = 2048 ' Hook memory write events. + UC_HOOK_MEM_FETCH = 4096 ' Hook memory fetch for execution events + UC_HOOK_MEM_READ_AFTER = 8192 ' Hook memory read events, but only successful access.(triggered after successful read.) + UC_HOOK_MEM_UNMAPPED = 112 + UC_HOOK_MEM_PROT = 896 + UC_HOOK_MEM_READ_INVALID = 144 + UC_HOOK_MEM_WRITE_INVALID = 288 + UC_HOOK_MEM_FETCH_INVALID = 576 + UC_HOOK_MEM_INVALID = 1008 + UC_HOOK_MEM_VALID = 7168 +End Enum + +Public Enum hookCatagory + hc_code = 0 + hc_block = 1 + hc_inst = 2 + hc_int = 3 + hc_mem = 4 + hc_memInvalid = 5 +End Enum + +Public Enum uc_x86_reg + UC_X86_REG_INVALID = 0 + UC_X86_REG_AH = 1 + UC_X86_REG_AL = 2 + UC_X86_REG_AX = 3 + UC_X86_REG_BH = 4 + UC_X86_REG_Bl = 5 + UC_X86_REG_BP = 6 + UC_X86_REG_BPL = 7 + UC_X86_REG_BX = 8 + UC_X86_REG_CH = 9 + UC_X86_REG_CL = 10 + UC_X86_REG_CS = 11 + UC_X86_REG_CX = 12 + UC_X86_REG_DH = 13 + UC_X86_REG_DI = 14 + UC_X86_REG_DIL = 15 + UC_X86_REG_DL = 16 + UC_X86_REG_DS = 17 + UC_X86_REG_DX = 18 + UC_X86_REG_EAX = 19 + UC_X86_REG_EBP = 20 + UC_X86_REG_EBX = 21 + UC_X86_REG_ECX = 22 + UC_X86_REG_EDI = 23 + UC_X86_REG_EDX = 24 + UC_X86_REG_EFLAGS = 25 + UC_X86_REG_EIP = 26 + UC_X86_REG_EIZ = 27 + UC_X86_REG_ES = 28 + UC_X86_REG_ESI = 29 + UC_X86_REG_ESP = 30 + UC_X86_REG_FPSW = 31 + UC_X86_REG_FS = 32 + UC_X86_REG_GS = 33 + UC_X86_REG_IP = 34 + UC_X86_REG_RAX = 35 + UC_X86_REG_RBP = 36 + UC_X86_REG_RBX = 37 + UC_X86_REG_RCX = 38 + UC_X86_REG_RDI = 39 + UC_X86_REG_RDX = 40 + UC_X86_REG_RIP = 41 + UC_X86_REG_RIZ = 42 + UC_X86_REG_RSI = 43 + UC_X86_REG_RSP = 44 + UC_X86_REG_SI = 45 + UC_X86_REG_SIL = 46 + UC_X86_REG_SP = 47 + UC_X86_REG_SPL = 48 + UC_X86_REG_SS = 49 + UC_X86_REG_CR0 = 50 + UC_X86_REG_CR1 = 51 + UC_X86_REG_CR2 = 52 + UC_X86_REG_CR3 = 53 + UC_X86_REG_CR4 = 54 + UC_X86_REG_CR5 = 55 + UC_X86_REG_CR6 = 56 + UC_X86_REG_CR7 = 57 + UC_X86_REG_CR8 = 58 + UC_X86_REG_CR9 = 59 + UC_X86_REG_CR10 = 60 + UC_X86_REG_CR11 = 61 + UC_X86_REG_CR12 = 62 + UC_X86_REG_CR13 = 63 + UC_X86_REG_CR14 = 64 + UC_X86_REG_CR15 = 65 + UC_X86_REG_DR0 = 66 + UC_X86_REG_DR1 = 67 + UC_X86_REG_DR2 = 68 + UC_X86_REG_DR3 = 69 + UC_X86_REG_DR4 = 70 + UC_X86_REG_DR5 = 71 + UC_X86_REG_DR6 = 72 + UC_X86_REG_DR7 = 73 + UC_X86_REG_DR8 = 74 + UC_X86_REG_DR9 = 75 + UC_X86_REG_DR10 = 76 + UC_X86_REG_DR11 = 77 + UC_X86_REG_DR12 = 78 + UC_X86_REG_DR13 = 79 + UC_X86_REG_DR14 = 80 + UC_X86_REG_DR15 = 81 + UC_X86_REG_FP0 = 82 + UC_X86_REG_FP1 = 83 + UC_X86_REG_FP2 = 84 + UC_X86_REG_FP3 = 85 + UC_X86_REG_FP4 = 86 + UC_X86_REG_FP5 = 87 + UC_X86_REG_FP6 = 88 + UC_X86_REG_FP7 = 89 + UC_X86_REG_K0 = 90 + UC_X86_REG_K1 = 91 + UC_X86_REG_K2 = 92 + UC_X86_REG_K3 = 93 + UC_X86_REG_K4 = 94 + UC_X86_REG_K5 = 95 + UC_X86_REG_K6 = 96 + UC_X86_REG_K7 = 97 + UC_X86_REG_MM0 = 98 + UC_X86_REG_MM1 = 99 + UC_X86_REG_MM2 = 100 + UC_X86_REG_MM3 = 101 + UC_X86_REG_MM4 = 102 + UC_X86_REG_MM5 = 103 + UC_X86_REG_MM6 = 104 + UC_X86_REG_MM7 = 105 + UC_X86_REG_R8 = 106 + UC_X86_REG_R9 = 107 + UC_X86_REG_R10 = 108 + UC_X86_REG_R11 = 109 + UC_X86_REG_R12 = 110 + UC_X86_REG_R13 = 111 + UC_X86_REG_R14 = 112 + UC_X86_REG_R15 = 113 + UC_X86_REG_ST0 = 114 + UC_X86_REG_ST1 = 115 + UC_X86_REG_ST2 = 116 + UC_X86_REG_ST3 = 117 + UC_X86_REG_ST4 = 118 + UC_X86_REG_ST5 = 119 + UC_X86_REG_ST6 = 120 + UC_X86_REG_ST7 = 121 + UC_X86_REG_XMM0 = 122 + UC_X86_REG_XMM1 = 123 + UC_X86_REG_XMM2 = 124 + UC_X86_REG_XMM3 = 125 + UC_X86_REG_XMM4 = 126 + UC_X86_REG_XMM5 = 127 + UC_X86_REG_XMM6 = 128 + UC_X86_REG_XMM7 = 129 + UC_X86_REG_XMM8 = 130 + UC_X86_REG_XMM9 = 131 + UC_X86_REG_XMM10 = 132 + UC_X86_REG_XMM11 = 133 + UC_X86_REG_XMM12 = 134 + UC_X86_REG_XMM13 = 135 + UC_X86_REG_XMM14 = 136 + UC_X86_REG_XMM15 = 137 + UC_X86_REG_XMM16 = 138 + UC_X86_REG_XMM17 = 139 + UC_X86_REG_XMM18 = 140 + UC_X86_REG_XMM19 = 141 + UC_X86_REG_XMM20 = 142 + UC_X86_REG_XMM21 = 143 + UC_X86_REG_XMM22 = 144 + UC_X86_REG_XMM23 = 145 + UC_X86_REG_XMM24 = 146 + UC_X86_REG_XMM25 = 147 + UC_X86_REG_XMM26 = 148 + UC_X86_REG_XMM27 = 149 + UC_X86_REG_XMM28 = 150 + UC_X86_REG_XMM29 = 151 + UC_X86_REG_XMM30 = 152 + UC_X86_REG_XMM31 = 153 + UC_X86_REG_YMM0 = 154 + UC_X86_REG_YMM1 = 155 + UC_X86_REG_YMM2 = 156 + UC_X86_REG_YMM3 = 157 + UC_X86_REG_YMM4 = 158 + UC_X86_REG_YMM5 = 159 + UC_X86_REG_YMM6 = 160 + UC_X86_REG_YMM7 = 161 + UC_X86_REG_YMM8 = 162 + UC_X86_REG_YMM9 = 163 + UC_X86_REG_YMM10 = 164 + UC_X86_REG_YMM11 = 165 + UC_X86_REG_YMM12 = 166 + UC_X86_REG_YMM13 = 167 + UC_X86_REG_YMM14 = 168 + UC_X86_REG_YMM15 = 169 + UC_X86_REG_YMM16 = 170 + UC_X86_REG_YMM17 = 171 + UC_X86_REG_YMM18 = 172 + UC_X86_REG_YMM19 = 173 + UC_X86_REG_YMM20 = 174 + UC_X86_REG_YMM21 = 175 + UC_X86_REG_YMM22 = 176 + UC_X86_REG_YMM23 = 177 + UC_X86_REG_YMM24 = 178 + UC_X86_REG_YMM25 = 179 + UC_X86_REG_YMM26 = 180 + UC_X86_REG_YMM27 = 181 + UC_X86_REG_YMM28 = 182 + UC_X86_REG_YMM29 = 183 + UC_X86_REG_YMM30 = 184 + UC_X86_REG_YMM31 = 185 + UC_X86_REG_ZMM0 = 186 + UC_X86_REG_ZMM1 = 187 + UC_X86_REG_ZMM2 = 188 + UC_X86_REG_ZMM3 = 189 + UC_X86_REG_ZMM4 = 190 + UC_X86_REG_ZMM5 = 191 + UC_X86_REG_ZMM6 = 192 + UC_X86_REG_ZMM7 = 193 + UC_X86_REG_ZMM8 = 194 + UC_X86_REG_ZMM9 = 195 + UC_X86_REG_ZMM10 = 196 + UC_X86_REG_ZMM11 = 197 + UC_X86_REG_ZMM12 = 198 + UC_X86_REG_ZMM13 = 199 + UC_X86_REG_ZMM14 = 200 + UC_X86_REG_ZMM15 = 201 + UC_X86_REG_ZMM16 = 202 + UC_X86_REG_ZMM17 = 203 + UC_X86_REG_ZMM18 = 204 + UC_X86_REG_ZMM19 = 205 + UC_X86_REG_ZMM20 = 206 + UC_X86_REG_ZMM21 = 207 + UC_X86_REG_ZMM22 = 208 + UC_X86_REG_ZMM23 = 209 + UC_X86_REG_ZMM24 = 210 + UC_X86_REG_ZMM25 = 211 + UC_X86_REG_ZMM26 = 212 + UC_X86_REG_ZMM27 = 213 + UC_X86_REG_ZMM28 = 214 + UC_X86_REG_ZMM29 = 215 + UC_X86_REG_ZMM30 = 216 + UC_X86_REG_ZMM31 = 217 + UC_X86_REG_R8B = 218 + UC_X86_REG_R9B = 219 + UC_X86_REG_R10B = 220 + UC_X86_REG_R11B = 221 + UC_X86_REG_R12B = 222 + UC_X86_REG_R13B = 223 + UC_X86_REG_R14B = 224 + UC_X86_REG_R15B = 225 + UC_X86_REG_R8D = 226 + UC_X86_REG_R9D = 227 + UC_X86_REG_R10D = 228 + UC_X86_REG_R11D = 229 + UC_X86_REG_R12D = 230 + UC_X86_REG_R13D = 231 + UC_X86_REG_R14D = 232 + UC_X86_REG_R15D = 233 + UC_X86_REG_R8W = 234 + UC_X86_REG_R9W = 235 + UC_X86_REG_R10W = 236 + UC_X86_REG_R11W = 237 + UC_X86_REG_R12W = 238 + UC_X86_REG_R13W = 239 + UC_X86_REG_R14W = 240 + UC_X86_REG_R15W = 241 + UC_X86_REG_IDTR = 242 + UC_X86_REG_GDTR = 243 + UC_X86_REG_LDTR = 244 + UC_X86_REG_TR = 245 + UC_X86_REG_FPCW = 246 + UC_X86_REG_FPTAG = 247 + UC_X86_REG_ENDING = 248 +End Enum + +'Public Enum uc_x86_insn +' UC_X86_INS_INVALID = 0 +' UC_X86_INS_AAA = 1 +' UC_X86_INS_AAD = 2 +' UC_X86_INS_AAM = 3 +' UC_X86_INS_AAS = 4 +' UC_X86_INS_FABS = 5 +' UC_X86_INS_ADC = 6 +' UC_X86_INS_ADCX = 7 +' UC_X86_INS_ADD = 8 +' UC_X86_INS_ADDPD = 9 +' UC_X86_INS_ADDPS = 10 +' UC_X86_INS_ADDSD = 11 +' UC_X86_INS_ADDSS = 12 +' UC_X86_INS_ADDSUBPD = 13 +' UC_X86_INS_ADDSUBPS = 14 +' UC_X86_INS_FADD = 15 +' UC_X86_INS_FIADD = 16 +' UC_X86_INS_FADDP = 17 +' UC_X86_INS_ADOX = 18 +' UC_X86_INS_AESDECLAST = 19 +' UC_X86_INS_AESDEC = 20 +' UC_X86_INS_AESENCLAST = 21 +' UC_X86_INS_AESENC = 22 +' UC_X86_INS_AESIMC = 23 +' UC_X86_INS_AESKEYGENASSIST = 24 +' UC_X86_INS_AND = 25 +' UC_X86_INS_ANDN = 26 +' UC_X86_INS_ANDNPD = 27 +' UC_X86_INS_ANDNPS = 28 +' UC_X86_INS_ANDPD = 29 +' UC_X86_INS_ANDPS = 30 +' UC_X86_INS_ARPL = 31 +' UC_X86_INS_BEXTR = 32 +' UC_X86_INS_BLCFILL = 33 +' UC_X86_INS_BLCI = 34 +' UC_X86_INS_BLCIC = 35 +' UC_X86_INS_BLCMSK = 36 +' UC_X86_INS_BLCS = 37 +' UC_X86_INS_BLENDPD = 38 +' UC_X86_INS_BLENDPS = 39 +' UC_X86_INS_BLENDVPD = 40 +' UC_X86_INS_BLENDVPS = 41 +' UC_X86_INS_BLSFILL = 42 +' UC_X86_INS_BLSI = 43 +' UC_X86_INS_BLSIC = 44 +' UC_X86_INS_BLSMSK = 45 +' UC_X86_INS_BLSR = 46 +' UC_X86_INS_BOUND = 47 +' UC_X86_INS_BSF = 48 +' UC_X86_INS_BSR = 49 +' UC_X86_INS_BSWAP = 50 +' UC_X86_INS_BT = 51 +' UC_X86_INS_BTC = 52 +' UC_X86_INS_BTR = 53 +' UC_X86_INS_BTS = 54 +' UC_X86_INS_BZHI = 55 +' UC_X86_INS_CALL = 56 +' UC_X86_INS_CBW = 57 +' UC_X86_INS_CDQ = 58 +' UC_X86_INS_CDQE = 59 +' UC_X86_INS_FCHS = 60 +' UC_X86_INS_CLAC = 61 +' UC_X86_INS_CLC = 62 +' UC_X86_INS_CLD = 63 +' UC_X86_INS_CLFLUSH = 64 +' UC_X86_INS_CLFLUSHOPT = 65 +' UC_X86_INS_CLGI = 66 +' UC_X86_INS_CLI = 67 +' UC_X86_INS_CLTS = 68 +' UC_X86_INS_CLWB = 69 +' UC_X86_INS_CMC = 70 +' UC_X86_INS_CMOVA = 71 +' UC_X86_INS_CMOVAE = 72 +' UC_X86_INS_CMOVB = 73 +' UC_X86_INS_CMOVBE = 74 +' UC_X86_INS_FCMOVBE = 75 +' UC_X86_INS_FCMOVB = 76 +' UC_X86_INS_CMOVE = 77 +' UC_X86_INS_FCMOVE = 78 +' UC_X86_INS_CMOVG = 79 +' UC_X86_INS_CMOVGE = 80 +' UC_X86_INS_CMOVL = 81 +' UC_X86_INS_CMOVLE = 82 +' UC_X86_INS_FCMOVNBE = 83 +' UC_X86_INS_FCMOVNB = 84 +' UC_X86_INS_CMOVNE = 85 +' UC_X86_INS_FCMOVNE = 86 +' UC_X86_INS_CMOVNO = 87 +' UC_X86_INS_CMOVNP = 88 +' UC_X86_INS_FCMOVNU = 89 +' UC_X86_INS_CMOVNS = 90 +' UC_X86_INS_CMOVO = 91 +' UC_X86_INS_CMOVP = 92 +' UC_X86_INS_FCMOVU = 93 +' UC_X86_INS_CMOVS = 94 +' UC_X86_INS_CMP = 95 +' UC_X86_INS_CMPPD = 96 +' UC_X86_INS_CMPPS = 97 +' UC_X86_INS_CMPSB = 98 +' UC_X86_INS_CMPSD = 99 +' UC_X86_INS_CMPSQ = 100 +' UC_X86_INS_CMPSS = 101 +' UC_X86_INS_CMPSW = 102 +' UC_X86_INS_CMPXCHG16B = 103 +' UC_X86_INS_CMPXCHG = 104 +' UC_X86_INS_CMPXCHG8B = 105 +' UC_X86_INS_COMISD = 106 +' UC_X86_INS_COMISS = 107 +' UC_X86_INS_FCOMP = 108 +' UC_X86_INS_FCOMPI = 109 +' UC_X86_INS_FCOMI = 110 +' UC_X86_INS_FCOM = 111 +' UC_X86_INS_FCOS = 112 +' UC_X86_INS_CPUID = 113 +' UC_X86_INS_CQO = 114 +' UC_X86_INS_CRC32 = 115 +' UC_X86_INS_CVTDQ2PD = 116 +' UC_X86_INS_CVTDQ2PS = 117 +' UC_X86_INS_CVTPD2DQ = 118 +' UC_X86_INS_CVTPD2PS = 119 +' UC_X86_INS_CVTPS2DQ = 120 +' UC_X86_INS_CVTPS2PD = 121 +' UC_X86_INS_CVTSD2SI = 122 +' UC_X86_INS_CVTSD2SS = 123 +' UC_X86_INS_CVTSI2SD = 124 +' UC_X86_INS_CVTSI2SS = 125 +' UC_X86_INS_CVTSS2SD = 126 +' UC_X86_INS_CVTSS2SI = 127 +' UC_X86_INS_CVTTPD2DQ = 128 +' UC_X86_INS_CVTTPS2DQ = 129 +' UC_X86_INS_CVTTSD2SI = 130 +' UC_X86_INS_CVTTSS2SI = 131 +' UC_X86_INS_CWD = 132 +' UC_X86_INS_CWDE = 133 +' UC_X86_INS_DAA = 134 +' UC_X86_INS_DAS = 135 +' UC_X86_INS_DATA16 = 136 +' UC_X86_INS_DEC = 137 +' UC_X86_INS_DIV = 138 +' UC_X86_INS_DIVPD = 139 +' UC_X86_INS_DIVPS = 140 +' UC_X86_INS_FDIVR = 141 +' UC_X86_INS_FIDIVR = 142 +' UC_X86_INS_FDIVRP = 143 +' UC_X86_INS_DIVSD = 144 +' UC_X86_INS_DIVSS = 145 +' UC_X86_INS_FDIV = 146 +' UC_X86_INS_FIDIV = 147 +' UC_X86_INS_FDIVP = 148 +' UC_X86_INS_DPPD = 149 +' UC_X86_INS_DPPS = 150 +' UC_X86_INS_RET = 151 +' UC_X86_INS_ENCLS = 152 +' UC_X86_INS_ENCLU = 153 +' UC_X86_INS_ENTER = 154 +' UC_X86_INS_EXTRACTPS = 155 +' UC_X86_INS_EXTRQ = 156 +' UC_X86_INS_F2XM1 = 157 +' UC_X86_INS_LCALL = 158 +' UC_X86_INS_LJMP = 159 +' UC_X86_INS_FBLD = 160 +' UC_X86_INS_FBSTP = 161 +' UC_X86_INS_FCOMPP = 162 +' UC_X86_INS_FDECSTP = 163 +' UC_X86_INS_FEMMS = 164 +' UC_X86_INS_FFREE = 165 +' UC_X86_INS_FICOM = 166 +' UC_X86_INS_FICOMP = 167 +' UC_X86_INS_FINCSTP = 168 +' UC_X86_INS_FLDCW = 169 +' UC_X86_INS_FLDENV = 170 +' UC_X86_INS_FLDL2E = 171 +' UC_X86_INS_FLDL2T = 172 +' UC_X86_INS_FLDLG2 = 173 +' UC_X86_INS_FLDLN2 = 174 +' UC_X86_INS_FLDPI = 175 +' UC_X86_INS_FNCLEX = 176 +' UC_X86_INS_FNINIT = 177 +' UC_X86_INS_FNOP = 178 +' UC_X86_INS_FNSTCW = 179 +' UC_X86_INS_FNSTSW = 180 +' UC_X86_INS_FPATAN = 181 +' UC_X86_INS_FPREM = 182 +' UC_X86_INS_FPREM1 = 183 +' UC_X86_INS_FPTAN = 184 +' UC_X86_INS_FFREEP = 185 +' UC_X86_INS_FRNDINT = 186 +' UC_X86_INS_FRSTOR = 187 +' UC_X86_INS_FNSAVE = 188 +' UC_X86_INS_FSCALE = 189 +' UC_X86_INS_FSETPM = 190 +' UC_X86_INS_FSINCOS = 191 +' UC_X86_INS_FNSTENV = 192 +' UC_X86_INS_FXAM = 193 +' UC_X86_INS_FXRSTOR = 194 +' UC_X86_INS_FXRSTOR64 = 195 +' UC_X86_INS_FXSAVE = 196 +' UC_X86_INS_FXSAVE64 = 197 +' UC_X86_INS_FXTRACT = 198 +' UC_X86_INS_FYL2X = 199 +' UC_X86_INS_FYL2XP1 = 200 +' UC_X86_INS_MOVAPD = 201 +' UC_X86_INS_MOVAPS = 202 +' UC_X86_INS_ORPD = 203 +' UC_X86_INS_ORPS = 204 +' UC_X86_INS_VMOVAPD = 205 +' UC_X86_INS_VMOVAPS = 206 +' UC_X86_INS_XORPD = 207 +' UC_X86_INS_XORPS = 208 +' UC_X86_INS_GETSEC = 209 +' UC_X86_INS_HADDPD = 210 +' UC_X86_INS_HADDPS = 211 +' UC_X86_INS_HLT = 212 +' UC_X86_INS_HSUBPD = 213 +' UC_X86_INS_HSUBPS = 214 +' UC_X86_INS_IDIV = 215 +' UC_X86_INS_FILD = 216 +' UC_X86_INS_IMUL = 217 +' UC_X86_INS_IN = 218 +' UC_X86_INS_INC = 219 +' UC_X86_INS_INSB = 220 +' UC_X86_INS_INSERTPS = 221 +' UC_X86_INS_INSERTQ = 222 +' UC_X86_INS_INSD = 223 +' UC_X86_INS_INSW = 224 +' UC_X86_INS_INT = 225 +' UC_X86_INS_INT1 = 226 +' UC_X86_INS_INT3 = 227 +' UC_X86_INS_INTO = 228 +' UC_X86_INS_INVD = 229 +' UC_X86_INS_INVEPT = 230 +' UC_X86_INS_INVLPG = 231 +' UC_X86_INS_INVLPGA = 232 +' UC_X86_INS_INVPCID = 233 +' UC_X86_INS_INVVPID = 234 +' UC_X86_INS_IRET = 235 +' UC_X86_INS_IRETD = 236 +' UC_X86_INS_IRETQ = 237 +' UC_X86_INS_FISTTP = 238 +' UC_X86_INS_FIST = 239 +' UC_X86_INS_FISTP = 240 +' UC_X86_INS_UCOMISD = 241 +' UC_X86_INS_UCOMISS = 242 +' UC_X86_INS_VCOMISD = 243 +' UC_X86_INS_VCOMISS = 244 +' UC_X86_INS_VCVTSD2SS = 245 +' UC_X86_INS_VCVTSI2SD = 246 +' UC_X86_INS_VCVTSI2SS = 247 +' UC_X86_INS_VCVTSS2SD = 248 +' UC_X86_INS_VCVTTSD2SI = 249 +' UC_X86_INS_VCVTTSD2USI = 250 +' UC_X86_INS_VCVTTSS2SI = 251 +' UC_X86_INS_VCVTTSS2USI = 252 +' UC_X86_INS_VCVTUSI2SD = 253 +' UC_X86_INS_VCVTUSI2SS = 254 +' UC_X86_INS_VUCOMISD = 255 +' UC_X86_INS_VUCOMISS = 256 +' UC_X86_INS_JAE = 257 +' UC_X86_INS_JA = 258 +' UC_X86_INS_JBE = 259 +' UC_X86_INS_JB = 260 +' UC_X86_INS_JCXZ = 261 +' UC_X86_INS_JECXZ = 262 +' UC_X86_INS_JE = 263 +' UC_X86_INS_JGE = 264 +' UC_X86_INS_JG = 265 +' UC_X86_INS_JLE = 266 +' UC_X86_INS_JL = 267 +' UC_X86_INS_JMP = 268 +' UC_X86_INS_JNE = 269 +' UC_X86_INS_JNO = 270 +' UC_X86_INS_JNP = 271 +' UC_X86_INS_JNS = 272 +' UC_X86_INS_JO = 273 +' UC_X86_INS_JP = 274 +' UC_X86_INS_JRCXZ = 275 +' UC_X86_INS_JS = 276 +' UC_X86_INS_KANDB = 277 +' UC_X86_INS_KANDD = 278 +' UC_X86_INS_KANDNB = 279 +' UC_X86_INS_KANDND = 280 +' UC_X86_INS_KANDNQ = 281 +' UC_X86_INS_KANDNW = 282 +' UC_X86_INS_KANDQ = 283 +' UC_X86_INS_KANDW = 284 +' UC_X86_INS_KMOVB = 285 +' UC_X86_INS_KMOVD = 286 +' UC_X86_INS_KMOVQ = 287 +' UC_X86_INS_KMOVW = 288 +' UC_X86_INS_KNOTB = 289 +' UC_X86_INS_KNOTD = 290 +' UC_X86_INS_KNOTQ = 291 +' UC_X86_INS_KNOTW = 292 +' UC_X86_INS_KORB = 293 +' UC_X86_INS_KORD = 294 +' UC_X86_INS_KORQ = 295 +' UC_X86_INS_KORTESTB = 296 +' UC_X86_INS_KORTESTD = 297 +' UC_X86_INS_KORTESTQ = 298 +' UC_X86_INS_KORTESTW = 299 +' UC_X86_INS_KORW = 300 +' UC_X86_INS_KSHIFTLB = 301 +' UC_X86_INS_KSHIFTLD = 302 +' UC_X86_INS_KSHIFTLQ = 303 +' UC_X86_INS_KSHIFTLW = 304 +' UC_X86_INS_KSHIFTRB = 305 +' UC_X86_INS_KSHIFTRD = 306 +' UC_X86_INS_KSHIFTRQ = 307 +' UC_X86_INS_KSHIFTRW = 308 +' UC_X86_INS_KUNPCKBW = 309 +' UC_X86_INS_KXNORB = 310 +' UC_X86_INS_KXNORD = 311 +' UC_X86_INS_KXNORQ = 312 +' UC_X86_INS_KXNORW = 313 +' UC_X86_INS_KXORB = 314 +' UC_X86_INS_KXORD = 315 +' UC_X86_INS_KXORQ = 316 +' UC_X86_INS_KXORW = 317 +' UC_X86_INS_LAHF = 318 +' UC_X86_INS_LAR = 319 +' UC_X86_INS_LDDQU = 320 +' UC_X86_INS_LDMXCSR = 321 +' UC_X86_INS_LDS = 322 +' UC_X86_INS_FLDZ = 323 +' UC_X86_INS_FLD1 = 324 +' UC_X86_INS_FLD = 325 +' UC_X86_INS_LEA = 326 +' UC_X86_INS_LEAVE = 327 +' UC_X86_INS_LES = 328 +' UC_X86_INS_LFENCE = 329 +' UC_X86_INS_LFS = 330 +' UC_X86_INS_LGDT = 331 +' UC_X86_INS_LGS = 332 +' UC_X86_INS_LIDT = 333 +' UC_X86_INS_LLDT = 334 +' UC_X86_INS_LMSW = 335 +' UC_X86_INS_OR = 336 +' UC_X86_INS_SUB = 337 +' UC_X86_INS_XOR = 338 +' UC_X86_INS_LODSB = 339 +' UC_X86_INS_LODSD = 340 +' UC_X86_INS_LODSQ = 341 +' UC_X86_INS_LODSW = 342 +' UC_X86_INS_LOOP = 343 +' UC_X86_INS_LOOPE = 344 +' UC_X86_INS_LOOPNE = 345 +' UC_X86_INS_RETF = 346 +' UC_X86_INS_RETFQ = 347 +' UC_X86_INS_LSL = 348 +' UC_X86_INS_LSS = 349 +' UC_X86_INS_LTR = 350 +' UC_X86_INS_XADD = 351 +' UC_X86_INS_LZCNT = 352 +' UC_X86_INS_MASKMOVDQU = 353 +' UC_X86_INS_MAXPD = 354 +' UC_X86_INS_MAXPS = 355 +' UC_X86_INS_MAXSD = 356 +' UC_X86_INS_MAXSS = 357 +' UC_X86_INS_MFENCE = 358 +' UC_X86_INS_MINPD = 359 +' UC_X86_INS_MINPS = 360 +' UC_X86_INS_MINSD = 361 +' UC_X86_INS_MINSS = 362 +' UC_X86_INS_CVTPD2PI = 363 +' UC_X86_INS_CVTPI2PD = 364 +' UC_X86_INS_CVTPI2PS = 365 +' UC_X86_INS_CVTPS2PI = 366 +' UC_X86_INS_CVTTPD2PI = 367 +' UC_X86_INS_CVTTPS2PI = 368 +' UC_X86_INS_EMMS = 369 +' UC_X86_INS_MASKMOVQ = 370 +' UC_X86_INS_MOVD = 371 +' UC_X86_INS_MOVDQ2Q = 372 +' UC_X86_INS_MOVNTQ = 373 +' UC_X86_INS_MOVQ2DQ = 374 +' UC_X86_INS_MOVQ = 375 +' UC_X86_INS_PABSB = 376 +' UC_X86_INS_PABSD = 377 +' UC_X86_INS_PABSW = 378 +' UC_X86_INS_PACKSSDW = 379 +' UC_X86_INS_PACKSSWB = 380 +' UC_X86_INS_PACKUSWB = 381 +' UC_X86_INS_PADDB = 382 +' UC_X86_INS_PADDD = 383 +' UC_X86_INS_PADDQ = 384 +' UC_X86_INS_PADDSB = 385 +' UC_X86_INS_PADDSW = 386 +' UC_X86_INS_PADDUSB = 387 +' UC_X86_INS_PADDUSW = 388 +' UC_X86_INS_PADDW = 389 +' UC_X86_INS_PALIGNR = 390 +' UC_X86_INS_PANDN = 391 +' UC_X86_INS_PAND = 392 +' UC_X86_INS_PAVGB = 393 +' UC_X86_INS_PAVGW = 394 +' UC_X86_INS_PCMPEQB = 395 +' UC_X86_INS_PCMPEQD = 396 +' UC_X86_INS_PCMPEQW = 397 +' UC_X86_INS_PCMPGTB = 398 +' UC_X86_INS_PCMPGTD = 399 +' UC_X86_INS_PCMPGTW = 400 +' UC_X86_INS_PEXTRW = 401 +' UC_X86_INS_PHADDSW = 402 +' UC_X86_INS_PHADDW = 403 +' UC_X86_INS_PHADDD = 404 +' UC_X86_INS_PHSUBD = 405 +' UC_X86_INS_PHSUBSW = 406 +' UC_X86_INS_PHSUBW = 407 +' UC_X86_INS_PINSRW = 408 +' UC_X86_INS_PMADDUBSW = 409 +' UC_X86_INS_PMADDWD = 410 +' UC_X86_INS_PMAXSW = 411 +' UC_X86_INS_PMAXUB = 412 +' UC_X86_INS_PMINSW = 413 +' UC_X86_INS_PMINUB = 414 +' UC_X86_INS_PMOVMSKB = 415 +' UC_X86_INS_PMULHRSW = 416 +' UC_X86_INS_PMULHUW = 417 +' UC_X86_INS_PMULHW = 418 +' UC_X86_INS_PMULLW = 419 +' UC_X86_INS_PMULUDQ = 420 +' UC_X86_INS_POR = 421 +' UC_X86_INS_PSADBW = 422 +' UC_X86_INS_PSHUFB = 423 +' UC_X86_INS_PSHUFW = 424 +' UC_X86_INS_PSIGNB = 425 +' UC_X86_INS_PSIGND = 426 +' UC_X86_INS_PSIGNW = 427 +' UC_X86_INS_PSLLD = 428 +' UC_X86_INS_PSLLQ = 429 +' UC_X86_INS_PSLLW = 430 +' UC_X86_INS_PSRAD = 431 +' UC_X86_INS_PSRAW = 432 +' UC_X86_INS_PSRLD = 433 +' UC_X86_INS_PSRLQ = 434 +' UC_X86_INS_PSRLW = 435 +' UC_X86_INS_PSUBB = 436 +' UC_X86_INS_PSUBD = 437 +' UC_X86_INS_PSUBQ = 438 +' UC_X86_INS_PSUBSB = 439 +' UC_X86_INS_PSUBSW = 440 +' UC_X86_INS_PSUBUSB = 441 +' UC_X86_INS_PSUBUSW = 442 +' UC_X86_INS_PSUBW = 443 +' UC_X86_INS_PUNPCKHBW = 444 +' UC_X86_INS_PUNPCKHDQ = 445 +' UC_X86_INS_PUNPCKHWD = 446 +' UC_X86_INS_PUNPCKLBW = 447 +' UC_X86_INS_PUNPCKLDQ = 448 +' UC_X86_INS_PUNPCKLWD = 449 +' UC_X86_INS_PXOR = 450 +' UC_X86_INS_MONITOR = 451 +' UC_X86_INS_MONTMUL = 452 +' UC_X86_INS_MOV = 453 +' UC_X86_INS_MOVABS = 454 +' UC_X86_INS_MOVBE = 455 +' UC_X86_INS_MOVDDUP = 456 +' UC_X86_INS_MOVDQA = 457 +' UC_X86_INS_MOVDQU = 458 +' UC_X86_INS_MOVHLPS = 459 +' UC_X86_INS_MOVHPD = 460 +' UC_X86_INS_MOVHPS = 461 +' UC_X86_INS_MOVLHPS = 462 +' UC_X86_INS_MOVLPD = 463 +' UC_X86_INS_MOVLPS = 464 +' UC_X86_INS_MOVMSKPD = 465 +' UC_X86_INS_MOVMSKPS = 466 +' UC_X86_INS_MOVNTDQA = 467 +' UC_X86_INS_MOVNTDQ = 468 +' UC_X86_INS_MOVNTI = 469 +' UC_X86_INS_MOVNTPD = 470 +' UC_X86_INS_MOVNTPS = 471 +' UC_X86_INS_MOVNTSD = 472 +' UC_X86_INS_MOVNTSS = 473 +' UC_X86_INS_MOVSB = 474 +' UC_X86_INS_MOVSD = 475 +' UC_X86_INS_MOVSHDUP = 476 +' UC_X86_INS_MOVSLDUP = 477 +' UC_X86_INS_MOVSQ = 478 +' UC_X86_INS_MOVSS = 479 +' UC_X86_INS_MOVSW = 480 +' UC_X86_INS_MOVSX = 481 +' UC_X86_INS_MOVSXD = 482 +' UC_X86_INS_MOVUPD = 483 +' UC_X86_INS_MOVUPS = 484 +' UC_X86_INS_MOVZX = 485 +' UC_X86_INS_MPSADBW = 486 +' UC_X86_INS_MUL = 487 +' UC_X86_INS_MULPD = 488 +' UC_X86_INS_MULPS = 489 +' UC_X86_INS_MULSD = 490 +' UC_X86_INS_MULSS = 491 +' UC_X86_INS_MULX = 492 +' UC_X86_INS_FMUL = 493 +' UC_X86_INS_FIMUL = 494 +' UC_X86_INS_FMULP = 495 +' UC_X86_INS_MWAIT = 496 +' UC_X86_INS_NEG = 497 +' UC_X86_INS_NOP = 498 +' UC_X86_INS_NOT = 499 +' UC_X86_INS_OUT = 500 +' UC_X86_INS_OUTSB = 501 +' UC_X86_INS_OUTSD = 502 +' UC_X86_INS_OUTSW = 503 +' UC_X86_INS_PACKUSDW = 504 +' UC_X86_INS_PAUSE = 505 +' UC_X86_INS_PAVGUSB = 506 +' UC_X86_INS_PBLENDVB = 507 +' UC_X86_INS_PBLENDW = 508 +' UC_X86_INS_PCLMULQDQ = 509 +' UC_X86_INS_PCMPEQQ = 510 +' UC_X86_INS_PCMPESTRI = 511 +' UC_X86_INS_PCMPESTRM = 512 +' UC_X86_INS_PCMPGTQ = 513 +' UC_X86_INS_PCMPISTRI = 514 +' UC_X86_INS_PCMPISTRM = 515 +' UC_X86_INS_PCOMMIT = 516 +' UC_X86_INS_PDEP = 517 +' UC_X86_INS_PEXT = 518 +' UC_X86_INS_PEXTRB = 519 +' UC_X86_INS_PEXTRD = 520 +' UC_X86_INS_PEXTRQ = 521 +' UC_X86_INS_PF2ID = 522 +' UC_X86_INS_PF2IW = 523 +' UC_X86_INS_PFACC = 524 +' UC_X86_INS_PFADD = 525 +' UC_X86_INS_PFCMPEQ = 526 +' UC_X86_INS_PFCMPGE = 527 +' UC_X86_INS_PFCMPGT = 528 +' UC_X86_INS_PFMAX = 529 +' UC_X86_INS_PFMIN = 530 +' UC_X86_INS_PFMUL = 531 +' UC_X86_INS_PFNACC = 532 +' UC_X86_INS_PFPNACC = 533 +' UC_X86_INS_PFRCPIT1 = 534 +' UC_X86_INS_PFRCPIT2 = 535 +' UC_X86_INS_PFRCP = 536 +' UC_X86_INS_PFRSQIT1 = 537 +' UC_X86_INS_PFRSQRT = 538 +' UC_X86_INS_PFSUBR = 539 +' UC_X86_INS_PFSUB = 540 +' UC_X86_INS_PHMINPOSUW = 541 +' UC_X86_INS_PI2FD = 542 +' UC_X86_INS_PI2FW = 543 +' UC_X86_INS_PINSRB = 544 +' UC_X86_INS_PINSRD = 545 +' UC_X86_INS_PINSRQ = 546 +' UC_X86_INS_PMAXSB = 547 +' UC_X86_INS_PMAXSD = 548 +' UC_X86_INS_PMAXUD = 549 +' UC_X86_INS_PMAXUW = 550 +' UC_X86_INS_PMINSB = 551 +' UC_X86_INS_PMINSD = 552 +' UC_X86_INS_PMINUD = 553 +' UC_X86_INS_PMINUW = 554 +' UC_X86_INS_PMOVSXBD = 555 +' UC_X86_INS_PMOVSXBQ = 556 +' UC_X86_INS_PMOVSXBW = 557 +' UC_X86_INS_PMOVSXDQ = 558 +' UC_X86_INS_PMOVSXWD = 559 +' UC_X86_INS_PMOVSXWQ = 560 +' UC_X86_INS_PMOVZXBD = 561 +' UC_X86_INS_PMOVZXBQ = 562 +' UC_X86_INS_PMOVZXBW = 563 +' UC_X86_INS_PMOVZXDQ = 564 +' UC_X86_INS_PMOVZXWD = 565 +' UC_X86_INS_PMOVZXWQ = 566 +' UC_X86_INS_PMULDQ = 567 +' UC_X86_INS_PMULHRW = 568 +' UC_X86_INS_PMULLD = 569 +' UC_X86_INS_POP = 570 +' UC_X86_INS_POPAW = 571 +' UC_X86_INS_POPAL = 572 +' UC_X86_INS_POPCNT = 573 +' UC_X86_INS_POPF = 574 +' UC_X86_INS_POPFD = 575 +' UC_X86_INS_POPFQ = 576 +' UC_X86_INS_PREFETCH = 577 +' UC_X86_INS_PREFETCHNTA = 578 +' UC_X86_INS_PREFETCHT0 = 579 +' UC_X86_INS_PREFETCHT1 = 580 +' UC_X86_INS_PREFETCHT2 = 581 +' UC_X86_INS_PREFETCHW = 582 +' UC_X86_INS_PSHUFD = 583 +' UC_X86_INS_PSHUFHW = 584 +' UC_X86_INS_PSHUFLW = 585 +' UC_X86_INS_PSLLDQ = 586 +' UC_X86_INS_PSRLDQ = 587 +' UC_X86_INS_PSWAPD = 588 +' UC_X86_INS_PTEST = 589 +' UC_X86_INS_PUNPCKHQDQ = 590 +' UC_X86_INS_PUNPCKLQDQ = 591 +' UC_X86_INS_PUSH = 592 +' UC_X86_INS_PUSHAW = 593 +' UC_X86_INS_PUSHAL = 594 +' UC_X86_INS_PUSHF = 595 +' UC_X86_INS_PUSHFD = 596 +' UC_X86_INS_PUSHFQ = 597 +' UC_X86_INS_RCL = 598 +' UC_X86_INS_RCPPS = 599 +' UC_X86_INS_RCPSS = 600 +' UC_X86_INS_RCR = 601 +' UC_X86_INS_RDFSBASE = 602 +' UC_X86_INS_RDGSBASE = 603 +' UC_X86_INS_RDMSR = 604 +' UC_X86_INS_RDPMC = 605 +' UC_X86_INS_RDRAND = 606 +' UC_X86_INS_RDSEED = 607 +' UC_X86_INS_RDTSC = 608 +' UC_X86_INS_RDTSCP = 609 +' UC_X86_INS_ROL = 610 +' UC_X86_INS_ROR = 611 +' UC_X86_INS_RORX = 612 +' UC_X86_INS_ROUNDPD = 613 +' UC_X86_INS_ROUNDPS = 614 +' UC_X86_INS_ROUNDSD = 615 +' UC_X86_INS_ROUNDSS = 616 +' UC_X86_INS_RSM = 617 +' UC_X86_INS_RSQRTPS = 618 +' UC_X86_INS_RSQRTSS = 619 +' UC_X86_INS_SAHF = 620 +' UC_X86_INS_SAL = 621 +' UC_X86_INS_SALC = 622 +' UC_X86_INS_SAR = 623 +' UC_X86_INS_SARX = 624 +' UC_X86_INS_SBB = 625 +' UC_X86_INS_SCASB = 626 +' UC_X86_INS_SCASD = 627 +' UC_X86_INS_SCASQ = 628 +' UC_X86_INS_SCASW = 629 +' UC_X86_INS_SETAE = 630 +' UC_X86_INS_SETA = 631 +' UC_X86_INS_SETBE = 632 +' UC_X86_INS_SETB = 633 +' UC_X86_INS_SETE = 634 +' UC_X86_INS_SETGE = 635 +' UC_X86_INS_SETG = 636 +' UC_X86_INS_SETLE = 637 +' UC_X86_INS_SETL = 638 +' UC_X86_INS_SETNE = 639 +' UC_X86_INS_SETNO = 640 +' UC_X86_INS_SETNP = 641 +' UC_X86_INS_SETNS = 642 +' UC_X86_INS_SETO = 643 +' UC_X86_INS_SETP = 644 +' UC_X86_INS_SETS = 645 +' UC_X86_INS_SFENCE = 646 +' UC_X86_INS_SGDT = 647 +' UC_X86_INS_SHA1MSG1 = 648 +' UC_X86_INS_SHA1MSG2 = 649 +' UC_X86_INS_SHA1NEXTE = 650 +' UC_X86_INS_SHA1RNDS4 = 651 +' UC_X86_INS_SHA256MSG1 = 652 +' UC_X86_INS_SHA256MSG2 = 653 +' UC_X86_INS_SHA256RNDS2 = 654 +' UC_X86_INS_SHL = 655 +' UC_X86_INS_SHLD = 656 +' UC_X86_INS_SHLX = 657 +' UC_X86_INS_SHR = 658 +' UC_X86_INS_SHRD = 659 +' UC_X86_INS_SHRX = 660 +' UC_X86_INS_SHUFPD = 661 +' UC_X86_INS_SHUFPS = 662 +' UC_X86_INS_SIDT = 663 +' UC_X86_INS_FSIN = 664 +' UC_X86_INS_SKINIT = 665 +' UC_X86_INS_SLDT = 666 +' UC_X86_INS_SMSW = 667 +' UC_X86_INS_SQRTPD = 668 +' UC_X86_INS_SQRTPS = 669 +' UC_X86_INS_SQRTSD = 670 +' UC_X86_INS_SQRTSS = 671 +' UC_X86_INS_FSQRT = 672 +' UC_X86_INS_STAC = 673 +' UC_X86_INS_STC = 674 +' UC_X86_INS_STD = 675 +' UC_X86_INS_STGI = 676 +' UC_X86_INS_STI = 677 +' UC_X86_INS_STMXCSR = 678 +' UC_X86_INS_STOSB = 679 +' UC_X86_INS_STOSD = 680 +' UC_X86_INS_STOSQ = 681 +' UC_X86_INS_STOSW = 682 +' UC_X86_INS_STR = 683 +' UC_X86_INS_FST = 684 +' UC_X86_INS_FSTP = 685 +' UC_X86_INS_FSTPNCE = 686 +' UC_X86_INS_FXCH = 687 +' UC_X86_INS_SUBPD = 688 +' UC_X86_INS_SUBPS = 689 +' UC_X86_INS_FSUBR = 690 +' UC_X86_INS_FISUBR = 691 +' UC_X86_INS_FSUBRP = 692 +' UC_X86_INS_SUBSD = 693 +' UC_X86_INS_SUBSS = 694 +' UC_X86_INS_FSUB = 695 +' UC_X86_INS_FISUB = 696 +' UC_X86_INS_FSUBP = 697 +' UC_X86_INS_SWAPGS = 698 +' UC_X86_INS_SYSCALL = 699 +' UC_X86_INS_SYSENTER = 700 +' UC_X86_INS_SYSEXIT = 701 +' UC_X86_INS_SYSRET = 702 +' UC_X86_INS_T1MSKC = 703 +' UC_X86_INS_TEST = 704 +' UC_X86_INS_UD2 = 705 +' UC_X86_INS_FTST = 706 +' UC_X86_INS_TZCNT = 707 +' UC_X86_INS_TZMSK = 708 +' UC_X86_INS_FUCOMPI = 709 +' UC_X86_INS_FUCOMI = 710 +' UC_X86_INS_FUCOMPP = 711 +' UC_X86_INS_FUCOMP = 712 +' UC_X86_INS_FUCOM = 713 +' UC_X86_INS_UD2B = 714 +' UC_X86_INS_UNPCKHPD = 715 +' UC_X86_INS_UNPCKHPS = 716 +' UC_X86_INS_UNPCKLPD = 717 +' UC_X86_INS_UNPCKLPS = 718 +' UC_X86_INS_VADDPD = 719 +' UC_X86_INS_VADDPS = 720 +' UC_X86_INS_VADDSD = 721 +' UC_X86_INS_VADDSS = 722 +' UC_X86_INS_VADDSUBPD = 723 +' UC_X86_INS_VADDSUBPS = 724 +' UC_X86_INS_VAESDECLAST = 725 +' UC_X86_INS_VAESDEC = 726 +' UC_X86_INS_VAESENCLAST = 727 +' UC_X86_INS_VAESENC = 728 +' UC_X86_INS_VAESIMC = 729 +' UC_X86_INS_VAESKEYGENASSIST = 730 +' UC_X86_INS_VALIGND = 731 +' UC_X86_INS_VALIGNQ = 732 +' UC_X86_INS_VANDNPD = 733 +' UC_X86_INS_VANDNPS = 734 +' UC_X86_INS_VANDPD = 735 +' UC_X86_INS_VANDPS = 736 +' UC_X86_INS_VBLENDMPD = 737 +' UC_X86_INS_VBLENDMPS = 738 +' UC_X86_INS_VBLENDPD = 739 +' UC_X86_INS_VBLENDPS = 740 +' UC_X86_INS_VBLENDVPD = 741 +' UC_X86_INS_VBLENDVPS = 742 +' UC_X86_INS_VBROADCASTF128 = 743 +' UC_X86_INS_VBROADCASTI32X4 = 744 +' UC_X86_INS_VBROADCASTI64X4 = 745 +' UC_X86_INS_VBROADCASTSD = 746 +' UC_X86_INS_VBROADCASTSS = 747 +' UC_X86_INS_VCMPPD = 748 +' UC_X86_INS_VCMPPS = 749 +' UC_X86_INS_VCMPSD = 750 +' UC_X86_INS_VCMPSS = 751 +' UC_X86_INS_VCOMPRESSPD = 752 +' UC_X86_INS_VCOMPRESSPS = 753 +' UC_X86_INS_VCVTDQ2PD = 754 +' UC_X86_INS_VCVTDQ2PS = 755 +' UC_X86_INS_VCVTPD2DQX = 756 +' UC_X86_INS_VCVTPD2DQ = 757 +' UC_X86_INS_VCVTPD2PSX = 758 +' UC_X86_INS_VCVTPD2PS = 759 +' UC_X86_INS_VCVTPD2UDQ = 760 +' UC_X86_INS_VCVTPH2PS = 761 +' UC_X86_INS_VCVTPS2DQ = 762 +' UC_X86_INS_VCVTPS2PD = 763 +' UC_X86_INS_VCVTPS2PH = 764 +' UC_X86_INS_VCVTPS2UDQ = 765 +' UC_X86_INS_VCVTSD2SI = 766 +' UC_X86_INS_VCVTSD2USI = 767 +' UC_X86_INS_VCVTSS2SI = 768 +' UC_X86_INS_VCVTSS2USI = 769 +' UC_X86_INS_VCVTTPD2DQX = 770 +' UC_X86_INS_VCVTTPD2DQ = 771 +' UC_X86_INS_VCVTTPD2UDQ = 772 +' UC_X86_INS_VCVTTPS2DQ = 773 +' UC_X86_INS_VCVTTPS2UDQ = 774 +' UC_X86_INS_VCVTUDQ2PD = 775 +' UC_X86_INS_VCVTUDQ2PS = 776 +' UC_X86_INS_VDIVPD = 777 +' UC_X86_INS_VDIVPS = 778 +' UC_X86_INS_VDIVSD = 779 +' UC_X86_INS_VDIVSS = 780 +' UC_X86_INS_VDPPD = 781 +' UC_X86_INS_VDPPS = 782 +' UC_X86_INS_VERR = 783 +' UC_X86_INS_VERW = 784 +' UC_X86_INS_VEXP2PD = 785 +' UC_X86_INS_VEXP2PS = 786 +' UC_X86_INS_VEXPANDPD = 787 +' UC_X86_INS_VEXPANDPS = 788 +' UC_X86_INS_VEXTRACTF128 = 789 +' UC_X86_INS_VEXTRACTF32X4 = 790 +' UC_X86_INS_VEXTRACTF64X4 = 791 +' UC_X86_INS_VEXTRACTI128 = 792 +' UC_X86_INS_VEXTRACTI32X4 = 793 +' UC_X86_INS_VEXTRACTI64X4 = 794 +' UC_X86_INS_VEXTRACTPS = 795 +' UC_X86_INS_VFMADD132PD = 796 +' UC_X86_INS_VFMADD132PS = 797 +' UC_X86_INS_VFMADDPD = 798 +' UC_X86_INS_VFMADD213PD = 799 +' UC_X86_INS_VFMADD231PD = 800 +' UC_X86_INS_VFMADDPS = 801 +' UC_X86_INS_VFMADD213PS = 802 +' UC_X86_INS_VFMADD231PS = 803 +' UC_X86_INS_VFMADDSD = 804 +' UC_X86_INS_VFMADD213SD = 805 +' UC_X86_INS_VFMADD132SD = 806 +' UC_X86_INS_VFMADD231SD = 807 +' UC_X86_INS_VFMADDSS = 808 +' UC_X86_INS_VFMADD213SS = 809 +' UC_X86_INS_VFMADD132SS = 810 +' UC_X86_INS_VFMADD231SS = 811 +' UC_X86_INS_VFMADDSUB132PD = 812 +' UC_X86_INS_VFMADDSUB132PS = 813 +' UC_X86_INS_VFMADDSUBPD = 814 +' UC_X86_INS_VFMADDSUB213PD = 815 +' UC_X86_INS_VFMADDSUB231PD = 816 +' UC_X86_INS_VFMADDSUBPS = 817 +' UC_X86_INS_VFMADDSUB213PS = 818 +' UC_X86_INS_VFMADDSUB231PS = 819 +' UC_X86_INS_VFMSUB132PD = 820 +' UC_X86_INS_VFMSUB132PS = 821 +' UC_X86_INS_VFMSUBADD132PD = 822 +' UC_X86_INS_VFMSUBADD132PS = 823 +' UC_X86_INS_VFMSUBADDPD = 824 +' UC_X86_INS_VFMSUBADD213PD = 825 +' UC_X86_INS_VFMSUBADD231PD = 826 +' UC_X86_INS_VFMSUBADDPS = 827 +' UC_X86_INS_VFMSUBADD213PS = 828 +' UC_X86_INS_VFMSUBADD231PS = 829 +' UC_X86_INS_VFMSUBPD = 830 +' UC_X86_INS_VFMSUB213PD = 831 +' UC_X86_INS_VFMSUB231PD = 832 +' UC_X86_INS_VFMSUBPS = 833 +' UC_X86_INS_VFMSUB213PS = 834 +' UC_X86_INS_VFMSUB231PS = 835 +' UC_X86_INS_VFMSUBSD = 836 +' UC_X86_INS_VFMSUB213SD = 837 +' UC_X86_INS_VFMSUB132SD = 838 +' UC_X86_INS_VFMSUB231SD = 839 +' UC_X86_INS_VFMSUBSS = 840 +' UC_X86_INS_VFMSUB213SS = 841 +' UC_X86_INS_VFMSUB132SS = 842 +' UC_X86_INS_VFMSUB231SS = 843 +' UC_X86_INS_VFNMADD132PD = 844 +' UC_X86_INS_VFNMADD132PS = 845 +' UC_X86_INS_VFNMADDPD = 846 +' UC_X86_INS_VFNMADD213PD = 847 +' UC_X86_INS_VFNMADD231PD = 848 +' UC_X86_INS_VFNMADDPS = 849 +' UC_X86_INS_VFNMADD213PS = 850 +' UC_X86_INS_VFNMADD231PS = 851 +' UC_X86_INS_VFNMADDSD = 852 +' UC_X86_INS_VFNMADD213SD = 853 +' UC_X86_INS_VFNMADD132SD = 854 +' UC_X86_INS_VFNMADD231SD = 855 +' UC_X86_INS_VFNMADDSS = 856 +' UC_X86_INS_VFNMADD213SS = 857 +' UC_X86_INS_VFNMADD132SS = 858 +' UC_X86_INS_VFNMADD231SS = 859 +' UC_X86_INS_VFNMSUB132PD = 860 +' UC_X86_INS_VFNMSUB132PS = 861 +' UC_X86_INS_VFNMSUBPD = 862 +' UC_X86_INS_VFNMSUB213PD = 863 +' UC_X86_INS_VFNMSUB231PD = 864 +' UC_X86_INS_VFNMSUBPS = 865 +' UC_X86_INS_VFNMSUB213PS = 866 +' UC_X86_INS_VFNMSUB231PS = 867 +' UC_X86_INS_VFNMSUBSD = 868 +' UC_X86_INS_VFNMSUB213SD = 869 +' UC_X86_INS_VFNMSUB132SD = 870 +' UC_X86_INS_VFNMSUB231SD = 871 +' UC_X86_INS_VFNMSUBSS = 872 +' UC_X86_INS_VFNMSUB213SS = 873 +' UC_X86_INS_VFNMSUB132SS = 874 +' UC_X86_INS_VFNMSUB231SS = 875 +' UC_X86_INS_VFRCZPD = 876 +' UC_X86_INS_VFRCZPS = 877 +' UC_X86_INS_VFRCZSD = 878 +' UC_X86_INS_VFRCZSS = 879 +' UC_X86_INS_VORPD = 880 +' UC_X86_INS_VORPS = 881 +' UC_X86_INS_VXORPD = 882 +' UC_X86_INS_VXORPS = 883 +' UC_X86_INS_VGATHERDPD = 884 +' UC_X86_INS_VGATHERDPS = 885 +' UC_X86_INS_VGATHERPF0DPD = 886 +' UC_X86_INS_VGATHERPF0DPS = 887 +' UC_X86_INS_VGATHERPF0QPD = 888 +' UC_X86_INS_VGATHERPF0QPS = 889 +' UC_X86_INS_VGATHERPF1DPD = 890 +' UC_X86_INS_VGATHERPF1DPS = 891 +' UC_X86_INS_VGATHERPF1QPD = 892 +' UC_X86_INS_VGATHERPF1QPS = 893 +' UC_X86_INS_VGATHERQPD = 894 +' UC_X86_INS_VGATHERQPS = 895 +' UC_X86_INS_VHADDPD = 896 +' UC_X86_INS_VHADDPS = 897 +' UC_X86_INS_VHSUBPD = 898 +' UC_X86_INS_VHSUBPS = 899 +' UC_X86_INS_VINSERTF128 = 900 +' UC_X86_INS_VINSERTF32X4 = 901 +' UC_X86_INS_VINSERTF32X8 = 902 +' UC_X86_INS_VINSERTF64X2 = 903 +' UC_X86_INS_VINSERTF64X4 = 904 +' UC_X86_INS_VINSERTI128 = 905 +' UC_X86_INS_VINSERTI32X4 = 906 +' UC_X86_INS_VINSERTI32X8 = 907 +' UC_X86_INS_VINSERTI64X2 = 908 +' UC_X86_INS_VINSERTI64X4 = 909 +' UC_X86_INS_VINSERTPS = 910 +' UC_X86_INS_VLDDQU = 911 +' UC_X86_INS_VLDMXCSR = 912 +' UC_X86_INS_VMASKMOVDQU = 913 +' UC_X86_INS_VMASKMOVPD = 914 +' UC_X86_INS_VMASKMOVPS = 915 +' UC_X86_INS_VMAXPD = 916 +' UC_X86_INS_VMAXPS = 917 +' UC_X86_INS_VMAXSD = 918 +' UC_X86_INS_VMAXSS = 919 +' UC_X86_INS_VMCALL = 920 +' UC_X86_INS_VMCLEAR = 921 +' UC_X86_INS_VMFUNC = 922 +' UC_X86_INS_VMINPD = 923 +' UC_X86_INS_VMINPS = 924 +' UC_X86_INS_VMINSD = 925 +' UC_X86_INS_VMINSS = 926 +' UC_X86_INS_VMLAUNCH = 927 +' UC_X86_INS_VMLOAD = 928 +' UC_X86_INS_VMMCALL = 929 +' UC_X86_INS_VMOVQ = 930 +' UC_X86_INS_VMOVDDUP = 931 +' UC_X86_INS_VMOVD = 932 +' UC_X86_INS_VMOVDQA32 = 933 +' UC_X86_INS_VMOVDQA64 = 934 +' UC_X86_INS_VMOVDQA = 935 +' UC_X86_INS_VMOVDQU16 = 936 +' UC_X86_INS_VMOVDQU32 = 937 +' UC_X86_INS_VMOVDQU64 = 938 +' UC_X86_INS_VMOVDQU8 = 939 +' UC_X86_INS_VMOVDQU = 940 +' UC_X86_INS_VMOVHLPS = 941 +' UC_X86_INS_VMOVHPD = 942 +' UC_X86_INS_VMOVHPS = 943 +' UC_X86_INS_VMOVLHPS = 944 +' UC_X86_INS_VMOVLPD = 945 +' UC_X86_INS_VMOVLPS = 946 +' UC_X86_INS_VMOVMSKPD = 947 +' UC_X86_INS_VMOVMSKPS = 948 +' UC_X86_INS_VMOVNTDQA = 949 +' UC_X86_INS_VMOVNTDQ = 950 +' UC_X86_INS_VMOVNTPD = 951 +' UC_X86_INS_VMOVNTPS = 952 +' UC_X86_INS_VMOVSD = 953 +' UC_X86_INS_VMOVSHDUP = 954 +' UC_X86_INS_VMOVSLDUP = 955 +' UC_X86_INS_VMOVSS = 956 +' UC_X86_INS_VMOVUPD = 957 +' UC_X86_INS_VMOVUPS = 958 +' UC_X86_INS_VMPSADBW = 959 +' UC_X86_INS_VMPTRLD = 960 +' UC_X86_INS_VMPTRST = 961 +' UC_X86_INS_VMREAD = 962 +' UC_X86_INS_VMRESUME = 963 +' UC_X86_INS_VMRUN = 964 +' UC_X86_INS_VMSAVE = 965 +' UC_X86_INS_VMULPD = 966 +' UC_X86_INS_VMULPS = 967 +' UC_X86_INS_VMULSD = 968 +' UC_X86_INS_VMULSS = 969 +' UC_X86_INS_VMWRITE = 970 +' UC_X86_INS_VMXOFF = 971 +' UC_X86_INS_VMXON = 972 +' UC_X86_INS_VPABSB = 973 +' UC_X86_INS_VPABSD = 974 +' UC_X86_INS_VPABSQ = 975 +' UC_X86_INS_VPABSW = 976 +' UC_X86_INS_VPACKSSDW = 977 +' UC_X86_INS_VPACKSSWB = 978 +' UC_X86_INS_VPACKUSDW = 979 +' UC_X86_INS_VPACKUSWB = 980 +' UC_X86_INS_VPADDB = 981 +' UC_X86_INS_VPADDD = 982 +' UC_X86_INS_VPADDQ = 983 +' UC_X86_INS_VPADDSB = 984 +' UC_X86_INS_VPADDSW = 985 +' UC_X86_INS_VPADDUSB = 986 +' UC_X86_INS_VPADDUSW = 987 +' UC_X86_INS_VPADDW = 988 +' UC_X86_INS_VPALIGNR = 989 +' UC_X86_INS_VPANDD = 990 +' UC_X86_INS_VPANDND = 991 +' UC_X86_INS_VPANDNQ = 992 +' UC_X86_INS_VPANDN = 993 +' UC_X86_INS_VPANDQ = 994 +' UC_X86_INS_VPAND = 995 +' UC_X86_INS_VPAVGB = 996 +' UC_X86_INS_VPAVGW = 997 +' UC_X86_INS_VPBLENDD = 998 +' UC_X86_INS_VPBLENDMB = 999 +' UC_X86_INS_VPBLENDMD = 1000 +' UC_X86_INS_VPBLENDMQ = 1001 +' UC_X86_INS_VPBLENDMW = 1002 +' UC_X86_INS_VPBLENDVB = 1003 +' UC_X86_INS_VPBLENDW = 1004 +' UC_X86_INS_VPBROADCASTB = 1005 +' UC_X86_INS_VPBROADCASTD = 1006 +' UC_X86_INS_VPBROADCASTMB2Q = 1007 +' UC_X86_INS_VPBROADCASTMW2D = 1008 +' UC_X86_INS_VPBROADCASTQ = 1009 +' UC_X86_INS_VPBROADCASTW = 1010 +' UC_X86_INS_VPCLMULQDQ = 1011 +' UC_X86_INS_VPCMOV = 1012 +' UC_X86_INS_VPCMPB = 1013 +' UC_X86_INS_VPCMPD = 1014 +' UC_X86_INS_VPCMPEQB = 1015 +' UC_X86_INS_VPCMPEQD = 1016 +' UC_X86_INS_VPCMPEQQ = 1017 +' UC_X86_INS_VPCMPEQW = 1018 +' UC_X86_INS_VPCMPESTRI = 1019 +' UC_X86_INS_VPCMPESTRM = 1020 +' UC_X86_INS_VPCMPGTB = 1021 +' UC_X86_INS_VPCMPGTD = 1022 +' UC_X86_INS_VPCMPGTQ = 1023 +' UC_X86_INS_VPCMPGTW = 1024 +' UC_X86_INS_VPCMPISTRI = 1025 +' UC_X86_INS_VPCMPISTRM = 1026 +' UC_X86_INS_VPCMPQ = 1027 +' UC_X86_INS_VPCMPUB = 1028 +' UC_X86_INS_VPCMPUD = 1029 +' UC_X86_INS_VPCMPUQ = 1030 +' UC_X86_INS_VPCMPUW = 1031 +' UC_X86_INS_VPCMPW = 1032 +' UC_X86_INS_VPCOMB = 1033 +' UC_X86_INS_VPCOMD = 1034 +' UC_X86_INS_VPCOMPRESSD = 1035 +' UC_X86_INS_VPCOMPRESSQ = 1036 +' UC_X86_INS_VPCOMQ = 1037 +' UC_X86_INS_VPCOMUB = 1038 +' UC_X86_INS_VPCOMUD = 1039 +' UC_X86_INS_VPCOMUQ = 1040 +' UC_X86_INS_VPCOMUW = 1041 +' UC_X86_INS_VPCOMW = 1042 +' UC_X86_INS_VPCONFLICTD = 1043 +' UC_X86_INS_VPCONFLICTQ = 1044 +' UC_X86_INS_VPERM2F128 = 1045 +' UC_X86_INS_VPERM2I128 = 1046 +' UC_X86_INS_VPERMD = 1047 +' UC_X86_INS_VPERMI2D = 1048 +' UC_X86_INS_VPERMI2PD = 1049 +' UC_X86_INS_VPERMI2PS = 1050 +' UC_X86_INS_VPERMI2Q = 1051 +' UC_X86_INS_VPERMIL2PD = 1052 +' UC_X86_INS_VPERMIL2PS = 1053 +' UC_X86_INS_VPERMILPD = 1054 +' UC_X86_INS_VPERMILPS = 1055 +' UC_X86_INS_VPERMPD = 1056 +' UC_X86_INS_VPERMPS = 1057 +' UC_X86_INS_VPERMQ = 1058 +' UC_X86_INS_VPERMT2D = 1059 +' UC_X86_INS_VPERMT2PD = 1060 +' UC_X86_INS_VPERMT2PS = 1061 +' UC_X86_INS_VPERMT2Q = 1062 +' UC_X86_INS_VPEXPANDD = 1063 +' UC_X86_INS_VPEXPANDQ = 1064 +' UC_X86_INS_VPEXTRB = 1065 +' UC_X86_INS_VPEXTRD = 1066 +' UC_X86_INS_VPEXTRQ = 1067 +' UC_X86_INS_VPEXTRW = 1068 +' UC_X86_INS_VPGATHERDD = 1069 +' UC_X86_INS_VPGATHERDQ = 1070 +' UC_X86_INS_VPGATHERQD = 1071 +' UC_X86_INS_VPGATHERQQ = 1072 +' UC_X86_INS_VPHADDBD = 1073 +' UC_X86_INS_VPHADDBQ = 1074 +' UC_X86_INS_VPHADDBW = 1075 +' UC_X86_INS_VPHADDDQ = 1076 +' UC_X86_INS_VPHADDD = 1077 +' UC_X86_INS_VPHADDSW = 1078 +' UC_X86_INS_VPHADDUBD = 1079 +' UC_X86_INS_VPHADDUBQ = 1080 +' UC_X86_INS_VPHADDUBW = 1081 +' UC_X86_INS_VPHADDUDQ = 1082 +' UC_X86_INS_VPHADDUWD = 1083 +' UC_X86_INS_VPHADDUWQ = 1084 +' UC_X86_INS_VPHADDWD = 1085 +' UC_X86_INS_VPHADDWQ = 1086 +' UC_X86_INS_VPHADDW = 1087 +' UC_X86_INS_VPHMINPOSUW = 1088 +' UC_X86_INS_VPHSUBBW = 1089 +' UC_X86_INS_VPHSUBDQ = 1090 +' UC_X86_INS_VPHSUBD = 1091 +' UC_X86_INS_VPHSUBSW = 1092 +' UC_X86_INS_VPHSUBWD = 1093 +' UC_X86_INS_VPHSUBW = 1094 +' UC_X86_INS_VPINSRB = 1095 +' UC_X86_INS_VPINSRD = 1096 +' UC_X86_INS_VPINSRQ = 1097 +' UC_X86_INS_VPINSRW = 1098 +' UC_X86_INS_VPLZCNTD = 1099 +' UC_X86_INS_VPLZCNTQ = 1100 +' UC_X86_INS_VPMACSDD = 1101 +' UC_X86_INS_VPMACSDQH = 1102 +' UC_X86_INS_VPMACSDQL = 1103 +' UC_X86_INS_VPMACSSDD = 1104 +' UC_X86_INS_VPMACSSDQH = 1105 +' UC_X86_INS_VPMACSSDQL = 1106 +' UC_X86_INS_VPMACSSWD = 1107 +' UC_X86_INS_VPMACSSWW = 1108 +' UC_X86_INS_VPMACSWD = 1109 +' UC_X86_INS_VPMACSWW = 1110 +' UC_X86_INS_VPMADCSSWD = 1111 +' UC_X86_INS_VPMADCSWD = 1112 +' UC_X86_INS_VPMADDUBSW = 1113 +' UC_X86_INS_VPMADDWD = 1114 +' UC_X86_INS_VPMASKMOVD = 1115 +' UC_X86_INS_VPMASKMOVQ = 1116 +' UC_X86_INS_VPMAXSB = 1117 +' UC_X86_INS_VPMAXSD = 1118 +' UC_X86_INS_VPMAXSQ = 1119 +' UC_X86_INS_VPMAXSW = 1120 +' UC_X86_INS_VPMAXUB = 1121 +' UC_X86_INS_VPMAXUD = 1122 +' UC_X86_INS_VPMAXUQ = 1123 +' UC_X86_INS_VPMAXUW = 1124 +' UC_X86_INS_VPMINSB = 1125 +' UC_X86_INS_VPMINSD = 1126 +' UC_X86_INS_VPMINSQ = 1127 +' UC_X86_INS_VPMINSW = 1128 +' UC_X86_INS_VPMINUB = 1129 +' UC_X86_INS_VPMINUD = 1130 +' UC_X86_INS_VPMINUQ = 1131 +' UC_X86_INS_VPMINUW = 1132 +' UC_X86_INS_VPMOVDB = 1133 +' UC_X86_INS_VPMOVDW = 1134 +' UC_X86_INS_VPMOVM2B = 1135 +' UC_X86_INS_VPMOVM2D = 1136 +' UC_X86_INS_VPMOVM2Q = 1137 +' UC_X86_INS_VPMOVM2W = 1138 +' UC_X86_INS_VPMOVMSKB = 1139 +' UC_X86_INS_VPMOVQB = 1140 +' UC_X86_INS_VPMOVQD = 1141 +' UC_X86_INS_VPMOVQW = 1142 +' UC_X86_INS_VPMOVSDB = 1143 +' UC_X86_INS_VPMOVSDW = 1144 +' UC_X86_INS_VPMOVSQB = 1145 +' UC_X86_INS_VPMOVSQD = 1146 +' UC_X86_INS_VPMOVSQW = 1147 +' UC_X86_INS_VPMOVSXBD = 1148 +' UC_X86_INS_VPMOVSXBQ = 1149 +' UC_X86_INS_VPMOVSXBW = 1150 +' UC_X86_INS_VPMOVSXDQ = 1151 +' UC_X86_INS_VPMOVSXWD = 1152 +' UC_X86_INS_VPMOVSXWQ = 1153 +' UC_X86_INS_VPMOVUSDB = 1154 +' UC_X86_INS_VPMOVUSDW = 1155 +' UC_X86_INS_VPMOVUSQB = 1156 +' UC_X86_INS_VPMOVUSQD = 1157 +' UC_X86_INS_VPMOVUSQW = 1158 +' UC_X86_INS_VPMOVZXBD = 1159 +' UC_X86_INS_VPMOVZXBQ = 1160 +' UC_X86_INS_VPMOVZXBW = 1161 +' UC_X86_INS_VPMOVZXDQ = 1162 +' UC_X86_INS_VPMOVZXWD = 1163 +' UC_X86_INS_VPMOVZXWQ = 1164 +' UC_X86_INS_VPMULDQ = 1165 +' UC_X86_INS_VPMULHRSW = 1166 +' UC_X86_INS_VPMULHUW = 1167 +' UC_X86_INS_VPMULHW = 1168 +' UC_X86_INS_VPMULLD = 1169 +' UC_X86_INS_VPMULLQ = 1170 +' UC_X86_INS_VPMULLW = 1171 +' UC_X86_INS_VPMULUDQ = 1172 +' UC_X86_INS_VPORD = 1173 +' UC_X86_INS_VPORQ = 1174 +' UC_X86_INS_VPOR = 1175 +' UC_X86_INS_VPPERM = 1176 +' UC_X86_INS_VPROTB = 1177 +' UC_X86_INS_VPROTD = 1178 +' UC_X86_INS_VPROTQ = 1179 +' UC_X86_INS_VPROTW = 1180 +' UC_X86_INS_VPSADBW = 1181 +' UC_X86_INS_VPSCATTERDD = 1182 +' UC_X86_INS_VPSCATTERDQ = 1183 +' UC_X86_INS_VPSCATTERQD = 1184 +' UC_X86_INS_VPSCATTERQQ = 1185 +' UC_X86_INS_VPSHAB = 1186 +' UC_X86_INS_VPSHAD = 1187 +' UC_X86_INS_VPSHAQ = 1188 +' UC_X86_INS_VPSHAW = 1189 +' UC_X86_INS_VPSHLB = 1190 +' UC_X86_INS_VPSHLD = 1191 +' UC_X86_INS_VPSHLQ = 1192 +' UC_X86_INS_VPSHLW = 1193 +' UC_X86_INS_VPSHUFB = 1194 +' UC_X86_INS_VPSHUFD = 1195 +' UC_X86_INS_VPSHUFHW = 1196 +' UC_X86_INS_VPSHUFLW = 1197 +' UC_X86_INS_VPSIGNB = 1198 +' UC_X86_INS_VPSIGND = 1199 +' UC_X86_INS_VPSIGNW = 1200 +' UC_X86_INS_VPSLLDQ = 1201 +' UC_X86_INS_VPSLLD = 1202 +' UC_X86_INS_VPSLLQ = 1203 +' UC_X86_INS_VPSLLVD = 1204 +' UC_X86_INS_VPSLLVQ = 1205 +' UC_X86_INS_VPSLLW = 1206 +' UC_X86_INS_VPSRAD = 1207 +' UC_X86_INS_VPSRAQ = 1208 +' UC_X86_INS_VPSRAVD = 1209 +' UC_X86_INS_VPSRAVQ = 1210 +' UC_X86_INS_VPSRAW = 1211 +' UC_X86_INS_VPSRLDQ = 1212 +' UC_X86_INS_VPSRLD = 1213 +' UC_X86_INS_VPSRLQ = 1214 +' UC_X86_INS_VPSRLVD = 1215 +' UC_X86_INS_VPSRLVQ = 1216 +' UC_X86_INS_VPSRLW = 1217 +' UC_X86_INS_VPSUBB = 1218 +' UC_X86_INS_VPSUBD = 1219 +' UC_X86_INS_VPSUBQ = 1220 +' UC_X86_INS_VPSUBSB = 1221 +' UC_X86_INS_VPSUBSW = 1222 +' UC_X86_INS_VPSUBUSB = 1223 +' UC_X86_INS_VPSUBUSW = 1224 +' UC_X86_INS_VPSUBW = 1225 +' UC_X86_INS_VPTESTMD = 1226 +' UC_X86_INS_VPTESTMQ = 1227 +' UC_X86_INS_VPTESTNMD = 1228 +' UC_X86_INS_VPTESTNMQ = 1229 +' UC_X86_INS_VPTEST = 1230 +' UC_X86_INS_VPUNPCKHBW = 1231 +' UC_X86_INS_VPUNPCKHDQ = 1232 +' UC_X86_INS_VPUNPCKHQDQ = 1233 +' UC_X86_INS_VPUNPCKHWD = 1234 +' UC_X86_INS_VPUNPCKLBW = 1235 +' UC_X86_INS_VPUNPCKLDQ = 1236 +' UC_X86_INS_VPUNPCKLQDQ = 1237 +' UC_X86_INS_VPUNPCKLWD = 1238 +' UC_X86_INS_VPXORD = 1239 +' UC_X86_INS_VPXORQ = 1240 +' UC_X86_INS_VPXOR = 1241 +' UC_X86_INS_VRCP14PD = 1242 +' UC_X86_INS_VRCP14PS = 1243 +' UC_X86_INS_VRCP14SD = 1244 +' UC_X86_INS_VRCP14SS = 1245 +' UC_X86_INS_VRCP28PD = 1246 +' UC_X86_INS_VRCP28PS = 1247 +' UC_X86_INS_VRCP28SD = 1248 +' UC_X86_INS_VRCP28SS = 1249 +' UC_X86_INS_VRCPPS = 1250 +' UC_X86_INS_VRCPSS = 1251 +' UC_X86_INS_VRNDSCALEPD = 1252 +' UC_X86_INS_VRNDSCALEPS = 1253 +' UC_X86_INS_VRNDSCALESD = 1254 +' UC_X86_INS_VRNDSCALESS = 1255 +' UC_X86_INS_VROUNDPD = 1256 +' UC_X86_INS_VROUNDPS = 1257 +' UC_X86_INS_VROUNDSD = 1258 +' UC_X86_INS_VROUNDSS = 1259 +' UC_X86_INS_VRSQRT14PD = 1260 +' UC_X86_INS_VRSQRT14PS = 1261 +' UC_X86_INS_VRSQRT14SD = 1262 +' UC_X86_INS_VRSQRT14SS = 1263 +' UC_X86_INS_VRSQRT28PD = 1264 +' UC_X86_INS_VRSQRT28PS = 1265 +' UC_X86_INS_VRSQRT28SD = 1266 +' UC_X86_INS_VRSQRT28SS = 1267 +' UC_X86_INS_VRSQRTPS = 1268 +' UC_X86_INS_VRSQRTSS = 1269 +' UC_X86_INS_VSCATTERDPD = 1270 +' UC_X86_INS_VSCATTERDPS = 1271 +' UC_X86_INS_VSCATTERPF0DPD = 1272 +' UC_X86_INS_VSCATTERPF0DPS = 1273 +' UC_X86_INS_VSCATTERPF0QPD = 1274 +' UC_X86_INS_VSCATTERPF0QPS = 1275 +' UC_X86_INS_VSCATTERPF1DPD = 1276 +' UC_X86_INS_VSCATTERPF1DPS = 1277 +' UC_X86_INS_VSCATTERPF1QPD = 1278 +' UC_X86_INS_VSCATTERPF1QPS = 1279 +' UC_X86_INS_VSCATTERQPD = 1280 +' UC_X86_INS_VSCATTERQPS = 1281 +' UC_X86_INS_VSHUFPD = 1282 +' UC_X86_INS_VSHUFPS = 1283 +' UC_X86_INS_VSQRTPD = 1284 +' UC_X86_INS_VSQRTPS = 1285 +' UC_X86_INS_VSQRTSD = 1286 +' UC_X86_INS_VSQRTSS = 1287 +' UC_X86_INS_VSTMXCSR = 1288 +' UC_X86_INS_VSUBPD = 1289 +' UC_X86_INS_VSUBPS = 1290 +' UC_X86_INS_VSUBSD = 1291 +' UC_X86_INS_VSUBSS = 1292 +' UC_X86_INS_VTESTPD = 1293 +' UC_X86_INS_VTESTPS = 1294 +' UC_X86_INS_VUNPCKHPD = 1295 +' UC_X86_INS_VUNPCKHPS = 1296 +' UC_X86_INS_VUNPCKLPD = 1297 +' UC_X86_INS_VUNPCKLPS = 1298 +' UC_X86_INS_VZEROALL = 1299 +' UC_X86_INS_VZEROUPPER = 1300 +' UC_X86_INS_WAIT = 1301 +' UC_X86_INS_WBINVD = 1302 +' UC_X86_INS_WRFSBASE = 1303 +' UC_X86_INS_WRGSBASE = 1304 +' UC_X86_INS_WRMSR = 1305 +' UC_X86_INS_XABORT = 1306 +' UC_X86_INS_XACQUIRE = 1307 +' UC_X86_INS_XBEGIN = 1308 +' UC_X86_INS_XCHG = 1309 +' UC_X86_INS_XCRYPTCBC = 1310 +' UC_X86_INS_XCRYPTCFB = 1311 +' UC_X86_INS_XCRYPTCTR = 1312 +' UC_X86_INS_XCRYPTECB = 1313 +' UC_X86_INS_XCRYPTOFB = 1314 +' UC_X86_INS_XEND = 1315 +' UC_X86_INS_XGETBV = 1316 +' UC_X86_INS_XLATB = 1317 +' UC_X86_INS_XRELEASE = 1318 +' UC_X86_INS_XRSTOR = 1319 +' UC_X86_INS_XRSTOR64 = 1320 +' UC_X86_INS_XRSTORS = 1321 +' UC_X86_INS_XRSTORS64 = 1322 +' UC_X86_INS_XSAVE = 1323 +' UC_X86_INS_XSAVE64 = 1324 +' UC_X86_INS_XSAVEC = 1325 +' UC_X86_INS_XSAVEC64 = 1326 +' UC_X86_INS_XSAVEOPT = 1327 +' UC_X86_INS_XSAVEOPT64 = 1328 +' UC_X86_INS_XSAVES = 1329 +' UC_X86_INS_XSAVES64 = 1330 +' UC_X86_INS_XSETBV = 1331 +' UC_X86_INS_XSHA1 = 1332 +' UC_X86_INS_XSHA256 = 1333 +' UC_X86_INS_XSTORE = 1334 +' UC_X86_INS_XTEST = 1335 +' UC_X86_INS_FDISI8087_NOP = 1336 +' UC_X86_INS_FENI8087_NOP = 1337 +' UC_X86_INS_ENDING = 1338 +'End Enum + +'-- [x86 specific] --------------- + +'// Memory-Management Register for instructions IDTR, GDTR, LDTR, TR. +'// Borrow from SegmentCache in qemu/target-i386/cpu.h +'typedef struct uc_x86_mmr { +' uint16_t selector; /* not used by GDTR and IDTR */ +' uint64_t base; /* handle 32 or 64 bit CPUs */ +' uint32_t limit; +' uint32_t flags; /* not used by GDTR and IDTR */ +'} uc_x86_mmr; +' +'// Callback function for tracing SYSCALL/SYSENTER (for uc_hook_intr()) +'// @user_data: user data passed to tracing APIs. +'typedef void (*uc_cb_insn_syscall_t)(struct uc_struct *uc, void *user_data); + +'-------------------------------- + +'// Hook type for all events of unmapped memory access +'#define UC_HOOK_MEM_UNMAPPED (UC_HOOK_MEM_READ_UNMAPPED + UC_HOOK_MEM_WRITE_UNMAPPED + UC_HOOK_MEM_FETCH_UNMAPPED) +'// Hook type for all events of illegal protected memory access +'#define UC_HOOK_MEM_PROT (UC_HOOK_MEM_READ_PROT + UC_HOOK_MEM_WRITE_PROT + UC_HOOK_MEM_FETCH_PROT) +'// Hook type for all events of illegal read memory access +'#define UC_HOOK_MEM_READ_INVALID (UC_HOOK_MEM_READ_PROT + UC_HOOK_MEM_READ_UNMAPPED) +'// Hook type for all events of illegal write memory access +'#define UC_HOOK_MEM_WRITE_INVALID (UC_HOOK_MEM_WRITE_PROT + UC_HOOK_MEM_WRITE_UNMAPPED) +'// Hook type for all events of illegal fetch memory access +'#define UC_HOOK_MEM_FETCH_INVALID (UC_HOOK_MEM_FETCH_PROT + UC_HOOK_MEM_FETCH_UNMAPPED) +'// Hook type for all events of illegal memory access +'#define UC_HOOK_MEM_INVALID (UC_HOOK_MEM_UNMAPPED + UC_HOOK_MEM_PROT) +'// Hook type for all events of valid memory access +'#define UC_HOOK_MEM_VALID (UC_HOOK_MEM_READ + UC_HOOK_MEM_WRITE + UC_HOOK_MEM_FETCH) + + + +'/* +' Callback function for tracing code (UC_HOOK_CODE & UC_HOOK_BLOCK) +' +' @address: address where the code is being executed +' @size: size of machine instruction(s) being executed, or 0 when size is unknown +' @user_data: user data passed to tracing APIs. +'*/ +'typedef void (*uc_cb_hookcode_t)(uc_engine *uc, uint64_t address, uint32_t size, void *user_data); +' public sub code_hook(byval uc as long , byval address as currency, byval size as long, byval user_data as long) +' +'/* +' Callback function for tracing interrupts (for uc_hook_intr()) +' +' @intno: interrupt number +' @user_data: user data passed to tracing APIs. +'*/ +'typedef void (*uc_cb_hookintr_t)(uc_engine *uc, uint32_t intno, void *user_data); +' +'/* +' Callback function for tracing IN instruction of X86 +' +' @port: port number +' @size: data size (1/2/4) to be read from this port +' @user_data: user data passed to tracing APIs. +'*/ +'typedef uint32_t (*uc_cb_insn_in_t)(uc_engine *uc, uint32_t port, int size, void *user_data); +' +'/* +' Callback function for OUT instruction of X86 +' +' @port: port number +' @size: data size (1/2/4) to be written to this port +' @value: data value to be written to this port +'*/ +'typedef void (*uc_cb_insn_out_t)(uc_engine *uc, uint32_t port, int size, uint32_t value, void *user_data); +' +'/* +' Callback function for hooking memory (UC_MEM_READ, UC_MEM_WRITE & UC_MEM_FETCH) +' +' @type: this memory is being READ, or WRITE +' @address: address where the code is being executed +' @size: size of data being read or written +' @value: value of data being written to memory, or irrelevant if type = READ. +' @user_data: user data passed to tracing APIs +'*/ +'typedef void (*uc_cb_hookmem_t)(uc_engine *uc, uc_mem_type type, +' uint64_t address, int size, int64_t value, void *user_data); +' +'/* +' Callback function for handling invalid memory access events (UC_MEM_*_UNMAPPED and +' UC_MEM_*PROT events) +' +' @type: this memory is being READ, or WRITE +' @address: address where the code is being executed +' @size: size of data being read or written +' @value: value of data being written to memory, or irrelevant if type = READ. +' @user_data: user data passed to tracing APIs +' +' @return: return true to continue, or false to stop program (due to invalid memory). +'*/ +'typedef bool (*uc_cb_eventmem_t)(uc_engine *uc, uc_mem_type type, +' uint64_t address, int size, int64_t value, void *user_data); + +'/* +' Memory region mapped by uc_mem_map() and uc_mem_map_ptr() +' Retrieve the list of memory regions with uc_mem_regions() +'*/ +'typedef struct uc_mem_region { +' uint64_t begin; // begin address of the region (inclusive) +' uint64_t end; // end address of the region (inclusive) +' uint32_t perms; // memory permissions of the region +'} uc_mem_region; +' +'// All type of queries for uc_query() API. +'typedef enum uc_query_type { +' // Dynamically query current hardware mode. +' UC_QUERY_MODE = 1, +' UC_QUERY_PAGE_SIZE, +'} uc_query_type; + + + +Public Declare Function ucs_dynload Lib "ucvbshim.dll" (ByVal path As String) As Long + + + +'/* +' Return combined API version & major and minor version numbers. +' +' @major: major number of API version +' @minor: minor number of API version +' +' @return hexical number as (major << 8 | minor), which encodes both +' major & minor versions. +' NOTE: This returned value can be compared with version number made +' with macro UC_MAKE_VERSION +' +' For example, second API version would return 1 in @major, and 1 in @minor +' The return value would be 0x0101 +' +' NOTE: if you only care about returned value, but not major and minor values, +' set both @major & @minor arguments to NULL. +'*/ +'UNICORN_EXPORT +'unsigned int uc_version(unsigned int *major, unsigned int *minor); +Public Declare Function ucs_version Lib "ucvbshim.dll" (ByRef major As Long, ByRef minor As Long) As Long + + +' +' +'/* +' Determine if the given architecture is supported by this library. +' +' @arch: architecture type (UC_ARCH_*) +' +' @return True if this library supports the given arch. +'*/ +'UNICORN_EXPORT +'bool uc_arch_supported(uc_arch arch); +Public Declare Function ucs_arch_supported Lib "ucvbshim.dll" (ByVal arch As uc_arch) As Long + + +'/* +' Create new instance of unicorn engine. +' +' @arch: architecture type (UC_ARCH_*) +' @mode: hardware mode. This is combined of UC_MODE_* +' @uc: pointer to uc_engine, which will be updated at return time +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_open(uc_arch arch, uc_mode mode, uc_engine **uc); +Public Declare Function ucs_open Lib "ucvbshim.dll" (ByVal arch As uc_arch, ByVal mode As uc_mode, ByRef hEngine As Long) As uc_err + + +'/* +' Close UC instance: MUST do to release the handle when it is not used anymore. +' NOTE: this must be called only when there is no longer usage of Unicorn. +' The reason is the this API releases some cached memory, thus access to any +' Unicorn API after uc_close() might crash your application. +' After this, @uc is invalid, and nolonger usable. +' +' @uc: pointer to a handle returned by uc_open() +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_close(uc_engine *uc); +Public Declare Function ucs_close Lib "ucvbshim.dll" (ByVal hEngine As Long) As uc_err + +' +'/* +' Query internal status of engine. +' +' @uc: handle returned by uc_open() +' @type: query type. See uc_query_type +' +' @result: save the internal status queried +' +' @return: error code of uc_err enum type (UC_ERR_*, see above) +'*/ +'// All type of queries for uc_query() API. +'typedef enum uc_query_type { +' // Dynamically query current hardware mode. +' UC_QUERY_MODE = 1, +' UC_QUERY_PAGE_SIZE, +'} uc_query_type; +'UNICORN_EXPORT +'uc_err uc_query(uc_engine *uc, uc_query_type type, size_t *result); + + + +'/* +' Report the last error number when some API function fail. +' Like glibc's errno, uc_errno might not retain its old value once accessed. +' +' @uc: handle returned by uc_open() +' +' @return: error code of uc_err enum type (UC_ERR_*, see above) +'*/ +'UNICORN_EXPORT +'uc_err uc_errno(uc_engine *uc); +Public Declare Function ucs_errno Lib "ucvbshim.dll" (ByVal hEngine As Long) As uc_err + + +' +'/* +' Return a string describing given error code. +' +' @code: error code (see UC_ERR_* above) +' +' @return: returns a pointer to a string that describes the error code +' passed in the argument @code +' */ +'UNICORN_EXPORT +'const char *uc_strerror(uc_err code); +Public Declare Function ucs_strerror Lib "ucvbshim.dll" (ByVal code As uc_err) As Long + + + +'/* +' Write to register. +' +' @uc: handle returned by uc_open() +' @regid: register ID that is to be modified. +' @value: pointer to the value that will set to register @regid +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_reg_write(uc_engine *uc, int regid, const void *value); +Public Declare Function ucs_reg_write Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal regid As uc_x86_reg, ByRef value As Long) As uc_err + + +'/* +' Read register value. +' +' @uc: handle returned by uc_open() +' @regid: register ID that is to be retrieved. +' @value: pointer to a variable storing the register value. +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_reg_read(uc_engine *uc, int regid, void *value); +Public Declare Function ucs_reg_read Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal regid As uc_x86_reg, ByRef value As Long) As uc_err + + + +'/* +' Write multiple register values. +' +' @uc: handle returned by uc_open() +' @rges: array of register IDs to store +' @value: pointer to array of register values +' @count: length of both *regs and *vals +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_reg_write_batch(uc_engine *uc, int *regs, void *const *vals, int count); + + + +' +'/* +' Read multiple register values. +' +' @uc: handle returned by uc_open() +' @rges: array of register IDs to retrieve +' @value: pointer to array of values to hold registers +' @count: length of both *regs and *vals +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_reg_read_batch(uc_engine *uc, int *regs, void **vals, int count); + + + +'/* +' Write to a range of bytes in memory. +' +' @uc: handle returned by uc_open() +' @address: starting memory address of bytes to set. +' @bytes: pointer to a variable containing data to be written to memory. +' @size: size of memory to write to. +' +' NOTE: @bytes must be big enough to contain @size bytes. +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_mem_write(uc_engine *uc, uint64_t address, const void *bytes, size_t size); +Public Declare Function ucs_mem_write Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal addr As Currency, ByRef b As Byte, ByVal size As Long) As uc_err + + + +'/* +' Read a range of bytes in memory. +' +' @uc: handle returned by uc_open() +' @address: starting memory address of bytes to get. +' @bytes: pointer to a variable containing data copied from memory. +' @size: size of memory to read. +' +' NOTE: @bytes must be big enough to contain @size bytes. +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_mem_read(uc_engine *uc, uint64_t address, void *bytes, size_t size); +Public Declare Function ucs_mem_read Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal addr As Currency, ByRef b As Byte, ByVal size As Long) As uc_err + + + + +'/* +' Emulate machine code in a specific duration of time. +' +' @uc: handle returned by uc_open() +' @begin: address where emulation starts +' @until: address where emulation stops (i.e when this address is hit) +' @timeout: duration to emulate the code (in microseconds). When this value is 0, +' we will emulate the code in infinite time, until the code is finished. +' @count: the number of instructions to be emulated. When this value is 0, +' we will emulate all the code available, until the code is finished. +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_emu_start(uc_engine *uc, uint64_t begin, uint64_t until, uint64_t timeout, size_t count); +Public Declare Function ucs_emu_start Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal startAt As Currency, ByVal endAt As Currency, ByVal timeout As Currency, ByVal count As Long) As uc_err + + +' +'/* +' Stop emulation (which was started by uc_emu_start() API. +' This is typically called from callback functions registered via tracing APIs. +' NOTE: for now, this will stop the execution only after the current block. +' +' @uc: handle returned by uc_open() +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_emu_stop(uc_engine *uc); +Public Declare Function ucs_emu_stop Lib "ucvbshim.dll" (ByVal hEngine As Long) As uc_err + + + +'/* +' Register callback for a hook event. +' The callback will be run when the hook event is hit. +' +' @uc: handle returned by uc_open() +' @hh: hook handle returned from this registration. To be used in uc_hook_del() API +' @type: hook type +' @callback: callback to be run when instruction is hit +' @user_data: user-defined data. This will be passed to callback function in its +' last argument @user_data +' @begin: start address of the area where the callback is effect (inclusive) +' @end: end address of the area where the callback is effect (inclusive) +' NOTE 1: the callback is called only if related address is in range [@begin, @end] +' NOTE 2: if @begin > @end, callback is called whenever this hook type is triggered +' @...: variable arguments (depending on @type) +' NOTE: if @type = UC_HOOK_INSN, this is the instruction ID (ex: UC_X86_INS_OUT) +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err __stdcall ucs_hook_add(uc_engine *uc, uc_hook *hh, int type, void *callback, void *user_data, uint64_t begin, uint64_t end, ...) +' +'note vb6 does not support variable length arguments to api declares so UC_HOOK_INSN would require a seperate declare and stub +'also note that the callback is not used directly, it is proxied through a cdecl stub +'since the hook flags can be different combos, we pass in a catagory for simplicity in selecting which c callback to use..(bit sloppy but easy) +Public Declare Function ucs_hook_add Lib "ucvbshim.dll" (ByVal hEngine As Long, ByRef hHook As Long, ByVal hType As uc_hook_type, ByVal callback As Long, ByVal user_data As Long, ByVal beginAt As Currency, ByVal endAt As Currency, ByVal catagory As Long, Optional ByVal inst_id As Long = 0) As uc_err + + +'/* +' Unregister (remove) a hook callback. +' This API removes the hook callback registered by uc_hook_add(). +' NOTE: this should be called only when you no longer want to trace. +' After this, @hh is invalid, and nolonger usable. +' +' @uc: handle returned by uc_open() +' @hh: handle returned by uc_hook_add() +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_hook_del(uc_engine *uc, uc_hook hh); +Public Declare Function ucs_hook_del Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal hHook As Long) As uc_err + + + +'/* +' Map memory in for emulation. +' This API adds a memory region that can be used by emulation. +' +' @uc: handle returned by uc_open() +' @address: starting address of the new memory region to be mapped in. +' This address must be aligned to 4KB, or this will return with UC_ERR_ARG error. +' @size: size of the new memory region to be mapped in. +' This size must be multiple of 4KB, or this will return with UC_ERR_ARG error. +' @perms: Permissions for the newly mapped region. +' This must be some combination of UC_PROT_READ | UC_PROT_WRITE | UC_PROT_EXEC, +' or this will return with UC_ERR_ARG error. +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_mem_map(uc_engine *uc, uint64_t address, size_t size, uint32_t perms); +Public Declare Function ucs_mem_map Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal addr As Currency, ByVal size As Long, ByVal perms As uc_prot) As uc_err + + + +'/* +' Map existing host memory in for emulation. +' This API adds a memory region that can be used by emulation. +' +' @uc: handle returned by uc_open() +' @address: starting address of the new memory region to be mapped in. +' This address must be aligned to 4KB, or this will return with UC_ERR_ARG error. +' @size: size of the new memory region to be mapped in. +' This size must be multiple of 4KB, or this will return with UC_ERR_ARG error. +' @perms: Permissions for the newly mapped region. +' This must be some combination of UC_PROT_READ | UC_PROT_WRITE | UC_PROT_EXEC, +' or this will return with UC_ERR_ARG error. +' @ptr: pointer to host memory backing the newly mapped memory. This host memory is +' expected to be an equal or larger size than provided, and be mapped with at +' least PROT_READ | PROT_WRITE. If it is not, the resulting behavior is undefined. +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_mem_map_ptr(uc_engine *uc, uint64_t address, size_t size, uint32_t perms, void *ptr); +Public Declare Function ucs_mem_map_ptr Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal addr As Currency, ByVal size As Long, ByVal perms As uc_prot, ByVal ptr As Long) As uc_err + + + +'/* +' Unmap a region of emulation memory. +' This API deletes a memory mapping from the emulation memory space. +' +' @uc: handle returned by uc_open() +' @address: starting address of the memory region to be unmapped. +' This address must be aligned to 4KB, or this will return with UC_ERR_ARG error. +' @size: size of the memory region to be modified. +' This size must be multiple of 4KB, or this will return with UC_ERR_ARG error. +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_mem_unmap(uc_engine *uc, uint64_t address, size_t size); +Public Declare Function ucs_mem_unmap Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal addr As Currency, ByVal size As Long) As uc_err + + +'/* +' Set memory permissions for emulation memory. +' This API changes permissions on an existing memory region. +' +' @uc: handle returned by uc_open() +' @address: starting address of the memory region to be modified. +' This address must be aligned to 4KB, or this will return with UC_ERR_ARG error. +' @size: size of the memory region to be modified. +' This size must be multiple of 4KB, or this will return with UC_ERR_ARG error. +' @perms: New permissions for the mapped region. +' This must be some combination of UC_PROT_READ | UC_PROT_WRITE | UC_PROT_EXEC, +' or this will return with UC_ERR_ARG error. +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_mem_protect(uc_engine *uc, uint64_t address, size_t size, uint32_t perms); +Public Declare Function ucs_mem_protect Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal addr As Currency, ByVal size As Long, ByVal perm As uc_prot) As uc_err + + + +'/* +' Retrieve all memory regions mapped by uc_mem_map() and uc_mem_map_ptr() +' This API allocates memory for @regions, and user must free this memory later +' by free() to avoid leaking memory. +' NOTE: memory regions may be splitted by uc_mem_unmap() +' +' @uc: handle returned by uc_open() +' @regions: pointer to an array of uc_mem_region struct. This is allocated by +' Unicorn, and must be freed by user later +' @count: pointer to number of struct uc_mem_region contained in @regions +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_mem_regions(uc_engine *uc, uc_mem_region **regions, uint32_t *count); +'simplofied for vb use: uc_err __stdcall getMemMap(uc_engine *uc, _CollectionPtr *pColl){ + +'fills a collection with csv values of all memory regions.. +Public Declare Function get_memMap Lib "ucvbshim.dll" (ByVal hEngine As Long, ByRef col As Collection) As uc_err + + +'/* +' Allocate a region that can be used with uc_context_{save,restore} to perform +' quick save/rollback of the CPU context, which includes registers and some +' internal metadata. Contexts may not be shared across engine instances with +' differing arches or modes. +' +' @uc: handle returned by uc_open() +' @context: pointer to a uc_engine*. This will be updated with the pointer to +' the new context on successful return of this function. +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_context_alloc(uc_engine *uc, uc_context **context); +Public Declare Function ucs_context_alloc Lib "ucvbshim.dll" (ByVal hEngine As Long, ByRef context As Long) As uc_err + + + +'/* +' Free the resource allocated by uc_context_alloc. +' +' @context: handle returned by uc_context_alloc() +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_free(void* mem); +Public Declare Function ucs_free Lib "ucvbshim.dll" (ByVal mem As Long) As uc_err + + + +'/* +' Save a copy of the internal CPU context. +' This API should be used to efficiently make or update a saved copy of the +' internal CPU state. +' +' @uc: handle returned by uc_open() +' @context: handle returned by uc_context_alloc() +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_context_save(uc_engine *uc, uc_context *context); +Public Declare Function ucs_context_save Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal context As Long) As uc_err + + + +'/* +' Restore the current CPU context from a saved copy. +' This API should be used to roll the CPU context back to a previous +' state saved by uc_context_save(). +' +' @uc: handle returned by uc_open() +' @buffer: handle returned by uc_context_alloc that has been used with uc_context_save +' +' @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum +' for detailed error). +'*/ +'UNICORN_EXPORT +'uc_err uc_context_restore(uc_engine *uc, uc_context *context); +Public Declare Function ucs_context_restore Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal context As Long) As uc_err + + + +'uses libdasm to retrieve the 32bit disassembly at a specified va +'int __stdcall disasm_addr(uc_engine *uc, int va, char *str, int bufLen){ +Public Declare Function disasm_addr Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal addr As Long, ByVal buf As String, ByVal size As Long) As Long + + +'simplified access to map and write data to emu memory +'uc_err __stdcall mem_write_block(uc_engine *uc, uint64_t address, void* data, uint32_t size, uint32_t perm){ +Public Declare Function mem_write_block Lib "ucvbshim.dll" (ByVal hEngine As Long, ByVal addr As Currency, ByRef data As Byte, ByVal size As Long, ByVal perm As Long) As uc_err + +Private Declare Function lstrcpy Lib "kernel32" Alias "lstrcpyA" (ByVal lpString1 As String, ByVal lpString2 As String) As Long +Private Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As Long) As Long + +'api version of the below.. +'Function err2str(e As uc_err) As String +' Dim lpStr As Long +' Dim length As Long +' Dim buf() As Byte +' +' lpStr = ucs_strerror(e) +' If lpStr = 0 Then Exit Function +' +' length = lstrlen(lpStr) +' If length = 0 Then Exit Function +' +' ReDim buf(1 To length) +' CopyMemory buf(1), ByVal lpStr, length +' +' err2str2 = StrConv(buf, vbUnicode, &H409) +' +'End Function + +Function err2str(e As uc_err) As String + + err2str = "Unknown error code: " & e + + If e = uc_err_ok Then err2str = "No error: everything was fine" + If e = UC_ERR_NOMEM Then err2str = "Out-Of-Memory error: uc_open(), uc_emulate()" + If e = UC_ERR_ARCH Then err2str = "Unsupported architecture: uc_open()" + If e = UC_ERR_HANDLE Then err2str = "Invalid handle" + If e = UC_ERR_MODE Then err2str = "Invalid/unsupported mode: uc_open()" + If e = UC_ERR_VERSION Then err2str = "Unsupported version (bindings)" + If e = UC_ERR_READ_UNMAPPED Then err2str = "Quit emulation due to READ on unmapped memory: uc_emu_start()" + If e = UC_ERR_WRITE_UNMAPPED Then err2str = "Quit emulation due to WRITE on unmapped memory: uc_emu_start()" + If e = UC_ERR_FETCH_UNMAPPED Then err2str = "Quit emulation due to FETCH on unmapped memory: uc_emu_start()" + If e = UC_ERR_HOOK Then err2str = "Invalid hook type: uc_hook_add()" + If e = UC_ERR_INSN_INVALID Then err2str = "Quit emulation due to invalid instruction: uc_emu_start()" + If e = UC_ERR_MAP Then err2str = "Invalid memory mapping: uc_mem_map()" + If e = UC_ERR_WRITE_PROT Then err2str = "Quit emulation due to UC_MEM_WRITE_PROT violation: uc_emu_start()" + If e = UC_ERR_READ_PROT Then err2str = "Quit emulation due to UC_MEM_READ_PROT violation: uc_emu_start()" + If e = UC_ERR_FETCH_PROT Then err2str = "Quit emulation due to UC_MEM_FETCH_PROT violation: uc_emu_start()" + If e = UC_ERR_ARG Then err2str = "Inavalid argument provided to uc_xxx function (See specific function API)" + If e = UC_ERR_READ_UNALIGNED Then err2str = "Unaligned read" + If e = UC_ERR_WRITE_UNALIGNED Then err2str = "Unaligned write" + If e = UC_ERR_FETCH_UNALIGNED Then err2str = "Unaligned fetch" + If e = UC_ERR_HOOK_EXIST Then err2str = "hook for this event already existed" + If e = UC_ERR_RESOURCE Then err2str = "Insufficient resource: uc_emu_start()" + If e = UC_ERR_EXCEPTION Then err2str = "Unhandled CPU exception" + +End Function + +Function memType2str(t As uc_mem_type) + + memType2str = "Unknown memType: " & t + + If t = UC_MEM_READ Then memType2str = "Memory is read from" + If t = uc_mem_write Then memType2str = "Memory is written to" + If t = UC_MEM_FETCH Then memType2str = "Memory is fetched" + If t = UC_MEM_READ_UNMAPPED Then memType2str = "Unmapped memory is read from" + If t = UC_MEM_WRITE_UNMAPPED Then memType2str = "Unmapped memory is written to" + If t = UC_MEM_FETCH_UNMAPPED Then memType2str = "Unmapped memory is fetched" + If t = UC_MEM_WRITE_PROT Then memType2str = "Write to write protected, but mapped, memory" + If t = UC_MEM_READ_PROT Then memType2str = "Read from read protected, but mapped, memory" + If t = UC_MEM_FETCH_PROT Then memType2str = "Fetch from non-executable, but mapped, memory" + If t = UC_MEM_READ_AFTER Then memType2str = "Memory is read from (successful access)" + +End Function + + + + + + + +'--------------------- [ callback support ] --------------------------------------------- + +'so the callbacks must live in a module (vb6 language limitation/safety feature) +'we use a simple lookup mechanism to support multiple instances + +Function findInstance(ptr As Long) As ucIntel32 + On Error Resume Next + Set findInstance = instances("objptr:" & ptr) +End Function + +'in case we want to keep userdata for something else..this is just as easy.. +Function findInstanceByUc(uc As Long) As ucIntel32 + Dim u As ucIntel32 + For Each u In instances + If u.uc = uc Then + Set findInstanceByUc = u + Exit Function + End If + Next +End Function + +'typedef void (__stdcall *vb_cb_hookcode_t) (uc_engine *uc, uint64_t address, uint32_t size, void *user_data); +Public Sub code_hook(ByVal uc As Long, ByVal address As Currency, ByVal size As Long, ByVal user_data As Long) + Dim u As ucIntel32 + Set u = findInstance(user_data) + If u Is Nothing Then Exit Sub + u.internal_code_hook address, size +End Sub + +Public Sub block_hook(ByVal uc As Long, ByVal address As Currency, ByVal size As Long, ByVal user_data As Long) + Dim u As ucIntel32 + Set u = findInstance(user_data) + If u Is Nothing Then Exit Sub + u.internal_block_hook address, size +End Sub + +'typedef void (*uc_cb_hookmem_t)(uc_engine *uc, uc_mem_type type, uint64_t address, int size, int64_t value, void *user_data); +Public Sub mem_hook(ByVal uc As Long, ByVal t As uc_mem_type, ByVal address As Currency, ByVal size As Long, ByVal value As Currency, ByVal user_data As Long) + Dim u As ucIntel32 + Set u = findInstance(user_data) + If u Is Nothing Then Exit Sub + u.internal_mem_hook t, address, size, value +End Sub + +'typedef bool (*uc_cb_eventmem_t)(uc_engine *uc, uc_mem_type type, uint64_t address, int size, int64_t value, void *user_data); +Public Function invalid_mem_hook(ByVal uc As Long, ByVal t As uc_mem_type, ByVal address As Currency, ByVal size As Long, ByVal value As Currency, ByVal user_data As Long) As Long + 'return 0 to stop emulation, 1 to continue + Dim u As ucIntel32 + Set u = findInstance(user_data) + If u Is Nothing Then Exit Function + invalid_mem_hook = u.internal_invalid_mem_hook(t, address, size, value) +End Function + +'typedef void (*vb_cb_hookintr_t)(uc_engine *uc,uint32_t intno, void *user_data); +Public Sub interrupt_hook(ByVal uc As Long, ByVal intno As Long, ByVal user_data As Long) + Dim u As ucIntel32 + Set u = findInstance(user_data) + If u Is Nothing Then Exit Sub + u.internal_interrupt_hook intno +End Sub + diff --git a/bindings/vb6/ucvbshim.sln b/bindings/vb6/ucvbshim.sln new file mode 100644 index 00000000..dd7f0172 --- /dev/null +++ b/bindings/vb6/ucvbshim.sln @@ -0,0 +1,20 @@ + +Microsoft Visual Studio Solution File, Format Version 10.00 +# Visual Studio 2008 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ucvbshim", "ucvbshim.vcproj", "{6FC797B7-2985-49C8-92CD-CA985AF3511C}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Release|Win32 = Release|Win32 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {6FC797B7-2985-49C8-92CD-CA985AF3511C}.Debug|Win32.ActiveCfg = Debug|Win32 + {6FC797B7-2985-49C8-92CD-CA985AF3511C}.Debug|Win32.Build.0 = Debug|Win32 + {6FC797B7-2985-49C8-92CD-CA985AF3511C}.Release|Win32.ActiveCfg = Release|Win32 + {6FC797B7-2985-49C8-92CD-CA985AF3511C}.Release|Win32.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/bindings/vb6/ucvbshim.vcproj b/bindings/vb6/ucvbshim.vcproj new file mode 100644 index 00000000..27c4a379 --- /dev/null +++ b/bindings/vb6/ucvbshim.vcproj @@ -0,0 +1,212 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +