Hello_User/XenonRecomp
1
0
Fork 0
mirror of https://github.com/hedge-dev/XenonRecomp.git synced 2025-07-25 22:43:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
Sajid
2024-09-07 18:00:09 +06:00
commit 0f9a53f75a
3352 changed files with 1563708 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
thirdparty/capstone/bindings/powershell/Capstone/Capstone.Format.ps1xml vendored Normal file
View File

@@ -0,0 +1,157 @@
<?xml version="1.0" encoding="utf-8" ?>
<Configuration>
<DefaultSettings>
<EnumerableExpansions>
<EnumerableExpansion>
<Expand>Both</Expand>
</EnumerableExpansion>
</EnumerableExpansions>
</DefaultSettings>
<ViewDefinitions>
<View>
<Name>CapstoneDisassemblyViewSimple</Name>
<ViewSelectedBy>
<TypeName>CapstoneDisassembly.Simple</TypeName>
</ViewSelectedBy>
<ListControl>
<ListEntries>
<ListEntry>
<ListItems>
<ListItem>
<PropertyName>Address</PropertyName>
<FormatString>0x{0:X}</FormatString>
</ListItem>
<ListItem>
<PropertyName>Instruction</PropertyName>
</ListItem>
</ListItems>
</ListEntry>
</ListEntries>
</ListControl>
</View>
<View>
<Name>CapstoneDisassemblyViewSimple</Name>
<ViewSelectedBy>
<TypeName>CapstoneDisassembly.Simple</TypeName>
</ViewSelectedBy>
<TableControl>
<TableHeaders>
<TableColumnHeader>
<Label>Address</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>Instruction</Label>
</TableColumnHeader>
</TableHeaders>
<TableRowEntries>
<TableRowEntry>
<TableColumnItems>
<TableColumnItem>
<PropertyName>Address</PropertyName>
<FormatString>0x{0:x}</FormatString>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Instruction</PropertyName>
</TableColumnItem>
</TableColumnItems>
</TableRowEntry>
</TableRowEntries>
</TableControl>
</View>
<View>
<Name>CapstoneDisassemblyViewDetailed</Name>
<ViewSelectedBy>
<TypeName>CapstoneDisassembly.Detailed</TypeName>
</ViewSelectedBy>
<ListControl>
<ListEntries>
<ListEntry>
<ListItems>
<ListItem>
<PropertyName>Address</PropertyName>
<FormatString>0x{0:X}</FormatString>
</ListItem>
<ListItem>
<PropertyName>Mnemonic</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Operands</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Bytes</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Size</PropertyName>
</ListItem>
<ListItem>
<PropertyName>RegRead</PropertyName>
</ListItem>
<ListItem>
<PropertyName>RegWrite</PropertyName>
</ListItem>
</ListItems>
</ListEntry>
</ListEntries>
</ListControl>
</View>
<View>
<Name>CapstoneDisassemblyViewDetailed</Name>
<ViewSelectedBy>
<TypeName>CapstoneDisassembly.Detailed</TypeName>
</ViewSelectedBy>
<TableControl>
<TableHeaders>
<TableColumnHeader>
<Label>Address</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>Mnemonic</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>Operands</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>Bytes</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>Size</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>RegRead</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>RegWrite</Label>
</TableColumnHeader>
</TableHeaders>
<TableRowEntries>
<TableRowEntry>
<TableColumnItems>
<TableColumnItem>
<PropertyName>Address</PropertyName>
<FormatString>0x{0:x}</FormatString>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Mnemonic</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Operands</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Bytes</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Size</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>RegRead</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>RegWrite</PropertyName>
</TableColumnItem>
</TableColumnItems>
</TableRowEntry>
</TableRowEntries>
</TableControl>
</View>
</ViewDefinitions>
</Configuration>

118
thirdparty/capstone/bindings/powershell/Capstone/Capstone.psd1 vendored Normal file
View File

@@ -0,0 +1,118 @@
#
# Module manifest for module 'Capstone'
#
@{
# Script module or binary module file associated with this manifest.
ModuleToProcess = 'Capstone.psm1'
# Version number of this module.
ModuleVersion = '0.0.0.2'
# Supported PSEditions
# CompatiblePSEditions = @()
# ID used to uniquely identify this module
GUID = 'd34db33f-9958-436d-a2d8-a77844a2bda5'
# Author of this module
Author = 'Ruben Boonen, beatcracker'
# Company or vendor of this module
# CompanyName = 'Unknown'
# Copyright statement for this module
Copyright = 'BSD 3-Clause'
# Description of the functionality provided by this module
Description = 'Capstone Engine Binding Module'
# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '2.0'
# Name of the Windows PowerShell host required by this module
# PowerShellHostName = ''
# Minimum version of the Windows PowerShell host required by this module
# PowerShellHostVersion = ''
# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
# DotNetFrameworkVersion = ''
# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
# CLRVersion = ''
# Processor architecture (None, X86, Amd64) required by this module
# ProcessorArchitecture = ''
# Modules that must be imported into the global environment prior to importing this module
# RequiredModules = @()
# Assemblies that must be loaded prior to importing this module
# RequiredAssemblies = @()
# Script files (.ps1) that are run in the caller's environment prior to importing this module.
# ScriptsToProcess = @()
# Type files (.ps1xml) to be loaded when importing this module
# TypesToProcess = @()
# Format files (.ps1xml) to be loaded when importing this module
FormatsToProcess = 'Capstone.Format.ps1xml'
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
# NestedModules = @()
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = 'Get-CapstoneVersion', 'Get-CapstoneDisassembly'
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
CmdletsToExport = @()
# Variables to export from this module
VariablesToExport = @()
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
AliasesToExport = @()
# DSC resources to export from this module
# DscResourcesToExport = @()
# List of all modules packaged with this module
# ModuleList = @()
# List of all files packaged with this module
# FileList = @()
# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{
PSData = @{
# Tags applied to this module. These help with module discovery in online galleries.
# Tags = @()
# A URL to the license for this module.
# LicenseUri = ''
# A URL to the main website for this project.
# ProjectUri = ''
# A URL to an icon representing this module.
# IconUri = ''
# ReleaseNotes of this module
# ReleaseNotes = ''
} # End of PSData hashtable
} # End of PrivateData hashtable
# HelpInfo URI of this module
# HelpInfoURI = ''
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''
}

500
thirdparty/capstone/bindings/powershell/Capstone/Capstone.psm1 vendored Normal file
View File

@@ -0,0 +1,500 @@
<#
.SYNOPSIS
Get Capstone version as Version object
#>
function Get-CapstoneVersion {
$Version = [System.BitConverter]::GetBytes(
[Capstone]::cs_version($null, $null)
)
New-Object -TypeName version -ArgumentList @(
$Version[1]
$Version[0]
0
0
)
}
<#
.SYNOPSIS
Create C# bindings for capstone.dll
.PARAMETER DllPath
Path to capstone.dll
#>
function Initialize-Capstone {
[CmdletBinding()]
Param (
[Parameter(Mandatory = $true)]
[ValidateScript( {
try {
Test-Path -Path $_ -PathType Leaf -ErrorAction Stop
} catch {
throw "Capstone DLL is missing: $DllPath"
}
})]
[ValidateNotNullOrEmpty()]
[string]$DllPath
)
# Escape path for use in inline C#
$DllPath = $DllPath.Replace('\', '\\')
# Inline C# to parse the unmanaged capstone DLL
# http://stackoverflow.com/questions/16552801/how-do-i-conditionally-add-a-class-with-add-type-typedefinition-if-it-isnt-add
if (-not ([System.Management.Automation.PSTypeName]'Capstone').Type) {
Add-Type -TypeDefinition @"
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Principal;
[StructLayout(LayoutKind.Sequential)]
public struct cs_insn
{
public uint id;
public ulong address;
public ushort size;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 24)]
public byte[] bytes;
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 32)]
public string mnemonic;
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 160)]
public string operands;
public IntPtr detail;
}
/// Partial, only architecture-independent internal data
[StructLayout(LayoutKind.Sequential)]
public struct cs_detail
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public byte[] regs_read;
public byte regs_read_count;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 20)]
public byte[] regs_write;
public byte regs_write_count;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public byte[] groups;
public byte groups_count;
}
public enum cs_err : int
{
CS_ERR_OK = 0, /// No error: everything was fine
CS_ERR_MEM, /// Out-Of-Memory error: cs_open(), cs_disasm(), cs_disasm_iter()
CS_ERR_ARCH, /// Unsupported architecture: cs_open()
CS_ERR_HANDLE, /// Invalid handle: cs_op_count(), cs_op_index()
CS_ERR_CSH, /// Invalid csh argument: cs_close(), cs_errno(), cs_option()
CS_ERR_MODE, /// Invalid/unsupported mode: cs_open()
CS_ERR_OPTION, /// Invalid/unsupported option: cs_option()
CS_ERR_DETAIL, /// Information is unavailable because detail option is OFF
CS_ERR_MEMSETUP, /// Dynamic memory management uninitialized (see CS_OPT_MEM)
CS_ERR_VERSION, /// Unsupported version (bindings)
CS_ERR_DIET, /// Access irrelevant data in "diet" engine
CS_ERR_SKIPDATA, /// Access irrelevant data for "data" instruction in SKIPDATA mode
CS_ERR_X86_ATT, /// X86 AT&T syntax is unsupported (opt-out at compile time)
CS_ERR_X86_INTEL, /// X86 Intel syntax is unsupported (opt-out at compile time)
}
public enum cs_arch : int
{
CS_ARCH_ARM = 0, /// ARM architecture (including Thumb, Thumb-2)
CS_ARCH_ARM64, /// ARM-64, also called AArch64
CS_ARCH_MIPS, /// Mips architecture
CS_ARCH_X86, /// X86 architecture (including x86 & x86-64)
CS_ARCH_PPC, /// PowerPC architecture
CS_ARCH_SPARC, /// Sparc architecture
CS_ARCH_SYSZ, /// SystemZ architecture
CS_ARCH_XCORE, /// XCore architecture
CS_ARCH_MAX,
CS_ARCH_ALL = 0xFFFF, /// All architectures - for cs_support()
}
public enum cs_mode : int
{
CS_MODE_LITTLE_ENDIAN = 0, /// little-endian mode (default mode)
CS_MODE_ARM = 0, /// 32-bit ARM
CS_MODE_16 = 1 << 1, /// 16-bit mode (X86)
CS_MODE_32 = 1 << 2, /// 32-bit mode (X86)
CS_MODE_64 = 1 << 3, /// 64-bit mode (X86, PPC)
CS_MODE_THUMB = 1 << 4, /// ARM's Thumb mode, including Thumb-2
CS_MODE_MCLASS = 1 << 5, /// ARM's Cortex-M series
CS_MODE_V8 = 1 << 6, /// ARMv8 A32 encodings for ARM
CS_MODE_MICRO = 1 << 4, /// MicroMips mode (MIPS)
CS_MODE_MIPS3 = 1 << 5, /// Mips III ISA
CS_MODE_MIPS32R6 = 1 << 6, /// Mips32r6 ISA
CS_MODE_MIPSGP64 = 1 << 7, /// General Purpose Registers are 64-bit wide (MIPS)
CS_MODE_V9 = 1 << 4, /// SparcV9 mode (Sparc)
CS_MODE_BIG_ENDIAN = 1 << 31, /// big-endian mode
CS_MODE_MIPS32 = CS_MODE_32, /// Mips32 ISA (Mips)
CS_MODE_MIPS64 = CS_MODE_64, /// Mips64 ISA (Mips)
}
public static class Capstone
{
[DllImport("$DllPath")]
public static extern cs_err cs_open(
cs_arch arch,
cs_mode mode,
ref IntPtr handle);
[DllImport("$DllPath")]
public static extern UInt32 cs_disasm(
IntPtr handle,
byte[] code,
int code_size,
ulong address,
int count,
ref IntPtr insn);
[DllImport("$DllPath")]
public static extern bool cs_free(
IntPtr insn,
int count);
[DllImport("$DllPath")]
public static extern cs_err cs_close(
ref IntPtr handle);
[DllImport("$DllPath")]
public static extern cs_err cs_option(
IntPtr handle,
int type,
int value);
[DllImport("$DllPath", CallingConvention = CallingConvention.Cdecl)]
public static extern IntPtr cs_reg_name(
IntPtr handle,
uint reg_id);
[DllImport("$DllPath")]
public static extern int cs_version(
uint major,
uint minor);
}
"@
} else {
Write-Verbose 'C# bindings are already compiled'
}
}
function Get-CapstoneDisassembly {
<#
.SYNOPSIS
Powershell wrapper for Capstone (using inline C#).
.DESCRIPTION
Author: Ruben Boonen (@FuzzySec), @beatcracker
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
.PARAMETER Architecture
Architecture type.
.PARAMETER Mode
Mode type.
.PARAMETER Bytes
Byte array to be disassembled.
.PARAMETER Syntax
Syntax for output assembly.
.PARAMETER Address
Assign address for the first instruction to be disassembled.
.PARAMETER Detailed
Return detailed output.
.PARAMETER Version
Print ASCII version banner.
.EXAMPLE
C:\PS> $Bytes = [byte[]] @( 0x10, 0xf1, 0x10, 0xe7, 0x11, 0xf2, 0x31, 0xe7, 0xdc, 0xa1, 0x2e, 0xf3, 0xe8, 0x4e, 0x62, 0xf3 )
C:\PS> Get-CapstoneDisassembly -Architecture CS_ARCH_ARM -Mode CS_MODE_ARM -Bytes $Bytes
Address : 0x100000
Instruction : sdiv r0, r0, r1
Address : 0x100004
Instruction : udiv r1, r1, r2
Address : 0x100008
Instruction : vbit q5, q15, q6
Address : 0x10000C
Instruction : vcgt.f32 q10, q9, q12
.EXAMPLE
# Detailed mode & ATT syntax
C:\PS> $Bytes = [byte[]] @( 0xB8, 0x0A, 0x00, 0x00, 0x00, 0xF7, 0xF3 )
C:\PS> Get-CapstoneDisassembly -Architecture CS_ARCH_X86 -Mode CS_MODE_32 -Bytes $Bytes -Syntax ATT -Detailed
Address : 0x100000
Mnemonic : movl
Operands : $0xa, %eax
Bytes : {184, 10, 0, 0...}
Size : 5
RegRead :
RegWrite :
Address : 0x100005
Mnemonic : divl
Operands : %ebx
Bytes : {247, 243}
Size : 2
RegRead : {eax, edx}
RegWrite : {eax, edx, eflags}
.EXAMPLE
# Get-CapstoneDisassembly emits objects
C:\PS> $Bytes = [byte[]] @( 0xB8, 0x0A, 0x00, 0x00, 0x00, 0xF7, 0xF3 )
C:\PS> $Object = Get-CapstoneDisassembly -Architecture CS_ARCH_X86 -Mode CS_MODE_32 -Bytes $Bytes -Detailed
C:\PS> $Object | Select-Object -Property Size, Mnemonic, Operands
Size Mnemonic Operands
---- -------- --------
5 mov eax, 0xa
2 div ebx
#>
[CmdletBinding(DefaultParameterSetName = 'Capstone')]
Param (
[Parameter(ParameterSetName = 'Capstone', Mandatory = $true)]
[ValidateSet(
'CS_ARCH_ARM',
'CS_ARCH_ARM64',
'CS_ARCH_MIPS',
'CS_ARCH_X86',
'CS_ARCH_PPC',
'CS_ARCH_SPARC',
'CS_ARCH_SYSZ',
'CS_ARCH_XCORE',
'CS_ARCH_MAX',
'CS_ARCH_ALL'
)]
[string]$Architecture,
[Parameter(ParameterSetName = 'Capstone', Mandatory = $true)]
[ValidateSet(
'CS_MODE_LITTLE_ENDIAN',
'CS_MODE_ARM',
'CS_MODE_16',
'CS_MODE_32',
'CS_MODE_64',
'CS_MODE_THUMB',
'CS_MODE_MCLASS',
'CS_MODE_V8',
'CS_MODE_MICRO',
'CS_MODE_MIPS3',
'CS_MODE_MIPS32R6',
'CS_MODE_MIPSGP64',
'CS_MODE_V9',
'CS_MODE_BIG_ENDIAN',
'CS_MODE_MIPS32',
'CS_MODE_MIPS64'
)]
[string]$Mode,
[Parameter(ParameterSetName = 'Capstone', Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[byte[]]$Bytes,
[Parameter(ParameterSetName = 'Capstone')]
[ValidateSet(
'Intel',
'ATT'
)]
[string]$Syntax = 'Intel',
[Parameter(ParameterSetName = 'Capstone')]
[uint64]$Address = 0x100000,
[Parameter(ParameterSetName = 'Capstone')]
[switch]$Detailed,
[Parameter(ParameterSetName = 'Version')]
[switch]$Version
)
if ($Version) {
$Banner = @'
(((;
(; "((((\
;((((((; "((((;
((((""\(((( "((((
((((" ((\ "(((( "(((\
;(((/ ((((((( "(((( \(((
((((" (((* "(((( \(((;"(((\
((((";((("/(( \(((;"(((\"(((\
(((( (((( ((((" "(((\ ((() (((\
;((("(((( (((* **"" ((()"(((;
(((" ((( (((( ((((((((((((((:*(((
(((( (((*)((( ********"""" ;;(((((;
(((* ((( (((((((((((((((((((((*"" (
((("(((( """***********"""" ;;(((((
"" (((((((((((((((((((((((((((*""
"""****(((((****"""
-=[Capstone Engine v{0}]=-
'@ -f (Get-CapstoneVersion).ToString(2)
# Mmm ASCII version banner!
return $Banner
}
# Disasm Handle
$DisAsmHandle = [System.IntPtr]::Zero
# Initialize Capstone with cs_open()
$CallResult = [Capstone]::cs_open($Architecture, $Mode, [ref]$DisAsmHandle)
if ($CallResult -ne 'CS_ERR_OK') {
if ($CallResult -eq 'CS_ERR_MODE') {
throw "Invalid Architecture/Mode combination: $Architecture/$Mode"
} else {
throw "cs_open error: $CallResult"
}
}
# Set disassembly syntax
#---
# cs_opt_type -> CS_OPT_SYNTAX = 1
#---
# cs_opt_value -> CS_OPT_SYNTAX_INTEL = 1
# -> CS_OPT_SYNTAX_ATT = 2
if ($Syntax -eq 'Intel') {
$CS_OPT_SYNTAX = 1
} else {
$CS_OPT_SYNTAX = 2
}
$CallResult = [Capstone]::cs_option($DisAsmHandle, 1, $CS_OPT_SYNTAX)
if ($CallResult -ne 'CS_ERR_OK') {
$CallResult = [Capstone]::cs_close([ref]$DisAsmHandle)
throw "cs_option error: $CallResult"
}
# Set disassembly detail
#---
# cs_opt_type -> CS_OPT_DETAIL = 2
#---
# cs_opt_value -> CS_OPT_ON = 3
# -> CS_OPT_OFF = 0
if ($Detailed) {
$CS_OPT = 3
} else {
$CS_OPT = 0
}
$CallResult = [Capstone]::cs_option($DisAsmHandle, 2, $CS_OPT)
if ($CallResult -ne 'CS_ERR_OK') {
$CallResult = [Capstone]::cs_close([ref]$DisAsmHandle)
throw "cs_option error: $CallResult"
}
# Out Buffer Handle
$InsnHandle = [System.IntPtr]::Zero
# Disassemble bytes
$Count = [Capstone]::cs_disasm($DisAsmHandle, $Bytes, $Bytes.Count, $Address, 0, [ref]$InsnHandle)
if ($Count -gt 0) {
# Result struct
$cs_insn = if ($PSVersionTable.PSVersion.Major -gt 2) {
[cs_insn]@{}
} else {
New-Object -TypeName cs_insn
}
$cs_insn_size = [System.Runtime.InteropServices.Marshal]::SizeOf($cs_insn)
$cs_insn = $cs_insn.GetType()
# Result detail struct
$cs_detail = if ($PSVersionTable.PSVersion.Major -gt 2) {
[cs_detail]@{}
} else {
New-Object -TypeName cs_detail
}
$cs_detail = $cs_detail.GetType()
# Result buffer offset
$BuffOffset = $InsnHandle.ToInt64()
for ($i = 0 ; $i -lt $Count ; $i++) {
# Cast Offset to cs_insn
$Cast = [System.Runtime.InteropServices.Marshal]::PtrToStructure([System.Intptr]$BuffOffset, [type]$cs_insn)
if ($CS_OPT -eq 0) {
$Disassembly = @{
Address = $Cast.address
Instruction = '{0} {1}' -f $Cast.mnemonic, $Cast.operands
}
if ($PSVersionTable.PSVersion.Major -gt 2) {
# Add TypeName for PS formatting and output result
$Disassembly.PSTypeName ='CapstoneDisassembly.Simple'
[pscustomobject]$Disassembly
} else {
$Disassembly = New-Object -TypeName PSObject -Property $Disassembly
# Add TypeName for PS formatting and output result
$Disassembly.PSObject.TypeNames.Insert(0, 'CapstoneDisassembly.Simple')
$Disassembly
}
} else {
$DetailCast = [System.Runtime.InteropServices.Marshal]::PtrToStructure($Cast.detail, [type]$cs_detail)
if ($DetailCast.regs_read_count -gt 0) {
$RegRead = for ($r = 0 ; $r -lt $DetailCast.regs_read_count ; $r++) {
$NamePointer = [Capstone]::cs_reg_name($DisAsmHandle, $DetailCast.regs_read[$r])
[System.Runtime.InteropServices.Marshal]::PtrToStringAnsi($NamePointer)
}
}
if ($DetailCast.regs_write_count -gt 0) {
$RegWrite = for ($r = 0 ; $r -lt $DetailCast.regs_write_count ; $r++) {
$NamePointer = [Capstone]::cs_reg_name($DisAsmHandle, $DetailCast.regs_write[$r])
[System.Runtime.InteropServices.Marshal]::PtrToStringAnsi($NamePointer)
}
}
$Disassembly = @{
Address = $Cast.address
Mnemonic = $Cast.mnemonic
Operands = $Cast.operands
Bytes = $Cast.bytes[0..($Cast.size - 1)]
Size = $Cast.size
RegRead = $RegRead
RegWrite = $RegWrite
}
if ($PSVersionTable.PSVersion.Major -gt 2) {
# Add TypeName for PS formatting and output result
$Disassembly.PSTypeName = 'CapstoneDisassembly.Detailed'
[pscustomobject]$Disassembly
} else {
$Disassembly = New-Object -TypeName PSObject -Property $Disassembly
# Add TypeName for PS formatting and output result
$Disassembly.PSObject.TypeNames.Insert(0, 'CapstoneDisassembly.Detailed')
$Disassembly
}
}
$BuffOffset = $BuffOffset + $cs_insn_size
}
} else {
$CallResult = [Capstone]::cs_close([ref]$DisAsmHandle)
throw 'Disassembly Failed'
}
# Free Buffer Handle
$CallResult = [Capstone]::cs_free($InsnHandle, $Count)
}
#region Init
Initialize-Capstone -DllPath (
Join-Path -Path $PSScriptRoot -ChildPath 'Lib\Capstone\capstone.dll'
) -ErrorAction Stop
#endregion

0
thirdparty/capstone/bindings/powershell/Capstone/Lib/Capstone/.gitignore vendored Normal file
View File

30
thirdparty/capstone/bindings/powershell/README.md vendored Normal file
View File

@@ -0,0 +1,30 @@
This documentation explains how to install & use the PowerShell binding for Capstone.
Install
------
Compile the relevant version (x86/x64) of `capstone.dll` and place it in
`./Capstone/Lib/Capstone/`.
Alternatively, pre-compiled DLLs can be obtained from the Capstone homepage
at http://capstone-engine.org/download
Usage
-----
To use the PowerShell binding, the entire Capstone folder should be added to
one of the PowerShell module directories:
# Global PSModulePath path
%Windir%\System32\WindowsPowerShell\v1.0\Modules
# User PSModulePath path
%UserProfile%\Documents\WindowsPowerShell\Modules
Once this is done the module can be initialized by typing “Import-Module Capstone”
in a new PowerShell terminal. Further information on the usage of the binding
can be obtained with the following command:
Get-Help Get-CapstoneDisassembly -Full