visualbasic 0.2.0

Parse and inspect Visual Basic 6 compiled binaries
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349

//! Semantic classification of P-Code opcodes.
//!
//! Provides typed enums for classifying every P-Code opcode by its
//! data type and semantic operation. All classification is performed
//! at **build time** by `build.rs` — the generated opcode tables contain
//! fully typed enum values with zero runtime string parsing.

/// Data type operated on by a P-Code instruction.
///
/// Determined at build time from the opcode mnemonic suffix
/// (e.g., `"AddI4"` → `I4`, `"FLdFPR8"` → `FPR8`).
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum PCodeDataType {
    /// 8-bit unsigned integer (Byte). 1 byte, zero-extended to 4B on eval stack.
    UI1,
    /// 16-bit signed integer (Integer). 2 bytes, sign-extended to 4B on eval stack.
    I2,
    /// 32-bit signed integer (Long). 4 bytes, 1 eval stack slot.
    I4,
    /// 32-bit float (Single). On FPU stack (not eval stack).
    R4,
    /// 64-bit float (Double). On FPU stack or 2 eval stack slots.
    R8,
    /// 64-bit fixed-point Currency. 2 eval stack slots (8 bytes).
    Cy,
    /// BSTR pointer. 4 bytes, 1 eval stack slot.
    Str,
    /// 16-byte Variant. 4 eval stack slots.
    Var,
    /// VB Boolean (-1=True, 0=False). 2 bytes, stored as i32 on eval stack.
    Bool,
    /// 4-byte address/pointer (COM object, UDT, etc.).
    Ad,
    /// Date as f64. On FPU stack or 2 eval stack slots.
    Date,
    /// Single-precision float via FPU load/store path.
    FPR4,
    /// Double-precision float via FPU load/store path.
    FPR8,
    /// Variable-argument Variant (ParamArray element).
    Varg,
}

impl PCodeDataType {
    /// Returns the size in bytes of this data type on the eval stack.
    ///
    /// FPU types (`R4`, `FPR4`, `FPR8`) return 0 since they
    /// live on the x87 FPU stack, not the eval stack.
    pub fn eval_stack_bytes(self) -> u8 {
        match self {
            Self::UI1 | Self::I2 | Self::I4 | Self::Bool | Self::Str | Self::Ad => 4,
            Self::R8 | Self::Cy | Self::Date => 8,
            Self::Var | Self::Varg => 16,
            Self::R4 | Self::FPR4 | Self::FPR8 => 0,
        }
    }

    /// Returns the number of eval stack slots (4 bytes each).
    pub fn eval_stack_slots(self) -> u8 {
        match self {
            Self::UI1 | Self::I2 | Self::I4 | Self::Bool | Self::Str | Self::Ad => 1,
            Self::R8 | Self::Cy | Self::Date => 2,
            Self::Var | Self::Varg => 4,
            Self::R4 | Self::FPR4 | Self::FPR8 => 0,
        }
    }

    /// Returns true if this type uses the x87 FPU stack.
    pub fn is_fpu(self) -> bool {
        matches!(
            self,
            Self::R4 | Self::R8 | Self::FPR4 | Self::FPR8 | Self::Date
        )
    }
}

/// Semantic classification of a P-Code opcode.
///
/// Generated at build time from the CSV `category` and `mnemonic` columns.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum OpcodeSemantics {
    /// Load value (from frame, literal, memory, or indirect).
    Load {
        /// Where the value is loaded from.
        source: LoadSource,
    },
    /// Store value (to frame, memory, or indirect).
    Store {
        /// Where the value is stored to.
        target: StoreTarget,
    },
    /// Binary arithmetic operation.
    Arithmetic {
        /// Which arithmetic operation.
        op: ArithOp,
    },
    /// Unary operation (Not, negation, Abs).
    Unary {
        /// Which unary operation.
        op: ArithOp,
    },
    /// Comparison operation.
    Compare,
    /// Type conversion.
    Convert {
        /// Source data type (what is being converted from).
        from: Option<PCodeDataType>,
        /// Target data type (what is being converted to).
        to: Option<PCodeDataType>,
    },
    /// Branch (conditional or unconditional).
    Branch {
        /// True if branch depends on a condition.
        conditional: bool,
    },
    /// Subroutine/method call.
    Call {
        /// What kind of call mechanism.
        kind: CallKind,
    },
    /// Return from procedure.
    Return,
    /// Stack manipulation (free, pop, push temp, etc.).
    Stack,
    /// Debug/NOP marker (Bos, LargeBos).
    Nop,
    /// I/O operation (Print, Input, Open, Close, Get, Put).
    Io,
    /// Opcode not classified (InvalidExcode, Unknown, lead bytes).
    Unclassified,
}

/// Source of a load operation.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum LoadSource {
    /// Frame variable via EBP offset (`%a`).
    Frame,
    /// Literal constant (inline in instruction stream).
    Literal,
    /// Object member via object pointer + offset.
    Memory,
    /// Double-indirection via pointer at frame slot.
    Indirect,
}

/// Target of a store operation.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum StoreTarget {
    /// Frame variable via EBP offset (`%a`).
    Frame,
    /// Object member via object pointer + offset.
    Memory,
    /// Double-indirection via pointer at frame slot.
    Indirect,
}

/// Arithmetic/logical operation type.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum ArithOp {
    /// Addition.
    Add,
    /// Subtraction.
    Sub,
    /// Multiplication.
    Mul,
    /// Floating-point division (`/`).
    Div,
    /// Integer division (`\`).
    IDiv,
    /// Modulo.
    Mod,
    /// Exponentiation (`^`).
    Pow,
    /// Unary negation.
    Neg,
    /// String concatenation (`&`).
    Concat,
    /// Bitwise AND.
    And,
    /// Bitwise OR.
    Or,
    /// Bitwise XOR.
    Xor,
    /// Bitwise NOT.
    Not,
    /// Bitwise EQV (equivalence).
    Eqv,
    /// Bitwise IMP (implication).
    Imp,
    /// Absolute value.
    Abs,
    /// Unrecognized arithmetic.
    Other,
}

/// Kind of call operation.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum CallKind {
    /// COM vtable call (`VCall*`).
    VCall,
    /// COM vtable call on `Me` (`ThisVCall*`).
    ThisVCall,
    /// Import address call (`ImpAdCall*`).
    ImpAdCall,
    /// Late-bound IDispatch call (`Late*`).
    LateCall,
    /// Other call type.
    Other,
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::pcode::opcode::{
        LEAD0_TABLE, LEAD1_TABLE, LEAD2_TABLE, LEAD3_TABLE, LEAD4_TABLE, PRIMARY_TABLE,
    };

    #[test]
    fn test_data_type_sizes() {
        assert_eq!(PCodeDataType::I4.eval_stack_slots(), 1);
        assert_eq!(PCodeDataType::R8.eval_stack_slots(), 2);
        assert_eq!(PCodeDataType::Var.eval_stack_slots(), 4);
        assert_eq!(PCodeDataType::FPR4.eval_stack_slots(), 0);
        assert!(PCodeDataType::FPR8.is_fpu());
        assert!(!PCodeDataType::I4.is_fpu());
    }

    #[test]
    fn test_data_type_from_opcode() {
        // AddI4 should have data_type = Some(I4)
        let info = &PRIMARY_TABLE[0xAA]; // AddI4
        assert_eq!(info.mnemonic, "AddI4");
        assert_eq!(info.data_type, Some(PCodeDataType::I4));

        // FLdFPR8 should have data_type = Some(FPR8)
        let info = &PRIMARY_TABLE[0x6F]; // FLdFPR8
        assert_eq!(info.data_type, Some(PCodeDataType::FPR8));

        // Branch has no data type
        let info = &PRIMARY_TABLE[0x1E]; // Branch
        assert_eq!(info.data_type, None);

        // InvalidExcode has no data type
        let info = &PRIMARY_TABLE[0x01];
        assert_eq!(info.data_type, None);
    }

    #[test]
    fn test_semantics_from_opcode() {
        // AddI4 → Arithmetic/Add
        let info = &PRIMARY_TABLE[0xAA];
        assert_eq!(
            info.semantics,
            OpcodeSemantics::Arithmetic { op: ArithOp::Add }
        );

        // FLdRfVar → Load/Frame
        let info = &PRIMARY_TABLE[0x04];
        assert_eq!(
            info.semantics,
            OpcodeSemantics::Load {
                source: LoadSource::Frame
            }
        );

        // Branch → Branch/unconditional
        let info = &PRIMARY_TABLE[0x1E];
        assert_eq!(
            info.semantics,
            OpcodeSemantics::Branch { conditional: false }
        );

        // BranchF → Branch/conditional
        let info = &PRIMARY_TABLE[0x1C];
        assert_eq!(
            info.semantics,
            OpcodeSemantics::Branch { conditional: true }
        );

        // VCallHresult → Call/VCall
        let info = &PRIMARY_TABLE[0x0D];
        assert_eq!(
            info.semantics,
            OpcodeSemantics::Call {
                kind: CallKind::VCall
            }
        );

        // LargeBos → Nop
        let info = &PRIMARY_TABLE[0x00];
        assert_eq!(info.semantics, OpcodeSemantics::Nop);

        // InvalidExcode → Unclassified
        let info = &PRIMARY_TABLE[0x01];
        assert_eq!(info.semantics, OpcodeSemantics::Unclassified);
    }

    #[test]
    fn test_convert_types() {
        // CStrR8 → Convert from R8 to Str
        let info = &LEAD1_TABLE[0x00]; // CStrR8
        assert_eq!(info.mnemonic, "CStrR8");
        let OpcodeSemantics::Convert { from, to } = info.semantics else {
            panic!("expected Convert, got {:?}", info.semantics);
        };
        assert_eq!(from, Some(PCodeDataType::R8));
        assert_eq!(to, Some(PCodeDataType::Str));
    }

    #[test]
    fn test_all_implemented_opcodes_have_semantics() {
        let tables: [&[crate::pcode::opcode::OpcodeInfo; 256]; 6] = [
            &PRIMARY_TABLE,
            &LEAD0_TABLE,
            &LEAD1_TABLE,
            &LEAD2_TABLE,
            &LEAD3_TABLE,
            &LEAD4_TABLE,
        ];

        let mut classified = 0;

        for table in &tables {
            for info in table.iter() {
                if info.is_implemented() && !info.is_lead_byte() {
                    if info.semantics != OpcodeSemantics::Unclassified {
                        classified += 1;
                    } else {
                        // Only opcodes with empty category should be unclassified
                        assert!(
                            info.category.is_empty(),
                            "Implemented opcode {} (table {:?}, 0x{:02X}) with category '{}' is Unclassified",
                            info.mnemonic,
                            info.table,
                            info.index,
                            info.category
                        );
                    }
                }
            }
        }

        assert!(
            classified > 1000,
            "Expected >1000 classified opcodes, got {}",
            classified
        );
    }
}