diff --git a/Sources/vbSparkle.Console/Program.cs b/Sources/vbSparkle.Console/Program.cs index 6cdb2c0..07c93ef 100644 --- a/Sources/vbSparkle.Console/Program.cs +++ b/Sources/vbSparkle.Console/Program.cs @@ -43,10 +43,7 @@ static void Main(string[] args) private static void InitializeConsoleHeader() { - Console.ForegroundColor = Color.WhiteSmoke; string version = Assembly.GetExecutingAssembly().GetName().Version.ToString(); - Console.ResetColor(); - Console.ReplaceAllColorsWithDefaults(); Console.Title = "vbSparkle " + version; Console.WriteLine( diff --git a/Sources/vbSparkle.Console/vbSparkle.CLI.csproj b/Sources/vbSparkle.Console/vbSparkle.CLI.csproj index 92c3bb2..d200b6c 100644 --- a/Sources/vbSparkle.Console/vbSparkle.CLI.csproj +++ b/Sources/vbSparkle.Console/vbSparkle.CLI.csproj @@ -2,7 +2,7 @@ Exe - netcoreapp3.1 + net6.0 vbSparkle.CLI.Program False Sylvain Bruyere, Airbus CERT diff --git a/Sources/vbSparkle/EvaluationObjects/DComplexStringExpression.cs b/Sources/vbSparkle/EvaluationObjects/DComplexStringExpression.cs index 12e05f3..2190ee1 100644 --- a/Sources/vbSparkle/EvaluationObjects/DComplexStringExpression.cs +++ b/Sources/vbSparkle/EvaluationObjects/DComplexStringExpression.cs @@ -3,12 +3,14 @@ using System.Text; using MathNet.Symbolics; using vbSparkle; +using vbSparkle.Options; namespace vbSparkle.EvaluationObjects { internal class DComplexStringExpression : DExpression, IStringExpression { + public List ConcatExpressions { get; set; } = new List(); public override bool HasSideEffet { get; set; } = false; @@ -16,7 +18,6 @@ internal class DComplexStringExpression public DComplexStringExpression() { - } public DComplexStringExpression(DExpression leftExp) @@ -80,7 +81,9 @@ public void Concat(DExpression expression) if (curRightExp is DSimpleStringExpression && expression.IsValuable) { - ConcatExpressions[ConcatExpressions.Count - 1] = new DSimpleStringExpression(curRightExp.ToValueString() + expression.ToValueString(), Encoding.Unicode); + var options = (curRightExp as DSimpleStringExpression).Options; + + ConcatExpressions[ConcatExpressions.Count - 1] = new DSimpleStringExpression(curRightExp.ToValueString() + expression.ToValueString(), Encoding.Unicode, options); //((DSimpleStringExpression)curRightExp).SetValue(curRightExp.ToValueString() + expression.ToValueString()); <= this was causing side effect return; } diff --git a/Sources/vbSparkle/EvaluationObjects/DStringExpression.cs b/Sources/vbSparkle/EvaluationObjects/DStringExpression.cs index 88bda23..bf175e4 100644 --- a/Sources/vbSparkle/EvaluationObjects/DStringExpression.cs +++ b/Sources/vbSparkle/EvaluationObjects/DStringExpression.cs @@ -2,6 +2,7 @@ using System.Text; using MathNet.Symbolics; using vbSparkle; +using vbSparkle.Options; namespace vbSparkle.EvaluationObjects { @@ -9,6 +10,7 @@ namespace vbSparkle.EvaluationObjects internal class DSimpleStringExpression : DExpression, IStringExpression { + internal EvaluatorOptions Options { get; set; } = null; string var; public override bool HasSideEffet { get => false; set => throw new NotImplementedException(); } @@ -16,14 +18,25 @@ internal class DSimpleStringExpression public override bool IsValuable { get => true; set => throw new NotImplementedException(); } public Encoding Encoding { get; set; } - public DSimpleStringExpression(string value, Encoding encoding) + public DSimpleStringExpression(string value, Encoding encoding, EvaluatorOptions options) { + if (options == null) + (0).ToString(); + + Options = options; var = value; Encoding = encoding; } public override string ToExpressionString() { + if (Options != null && + Options.LargeStringAllocationObserver != null && + Options.LargeStringAllocationObserver.MinSize < var.Length) + { + Options.LargeStringAllocationObserver.LargeStringAllocated.Add(var.Replace("\"\"","\"")); + } + return VbUtils.StrValToExp(var); } diff --git a/Sources/vbSparkle/LanguageStatements/CallStatements/VB_ICS_B_ProcedureCall.cs b/Sources/vbSparkle/LanguageStatements/CallStatements/VB_ICS_B_ProcedureCall.cs index f00b902..5ee1940 100644 --- a/Sources/vbSparkle/LanguageStatements/CallStatements/VB_ICS_B_ProcedureCall.cs +++ b/Sources/vbSparkle/LanguageStatements/CallStatements/VB_ICS_B_ProcedureCall.cs @@ -38,6 +38,14 @@ public VbIdentifiedObject IdentifiedObject public override DExpression Prettify(bool partialEvaluation = false) { + var identifiedObject = IdentifiedObject; + + if (identifiedObject is VbNativeFunction) + { + var funcArgs = CallArgs.ToArray(); + return (identifiedObject as VbNativeFunction).TryEvaluate(funcArgs); + } + if (CallArgs.Any()) return new DCodeBlock($"{IdentifiedObject.Name} {string.Join(", ", CallArgs.Select(v => v.Exp(partialEvaluation)))}"); else diff --git a/Sources/vbSparkle/LanguageStatements/Functions/VBMethod.cs b/Sources/vbSparkle/LanguageStatements/Functions/VBMethod.cs index 27d5c52..4e65da7 100644 --- a/Sources/vbSparkle/LanguageStatements/Functions/VBMethod.cs +++ b/Sources/vbSparkle/LanguageStatements/Functions/VBMethod.cs @@ -97,7 +97,7 @@ public VB_StrReverse(IVBScopeObject context) : base(context, "StrReverse") { } - + public override DExpression Evaluate(params DExpression[] args) { DExpression arg1 = args.FirstOrDefault(); @@ -106,12 +106,39 @@ public override DExpression Evaluate(params DExpression[] args) if (!Converter.TryGetStringValue(arg1, out strArg)) return DefaultExpression(args); - + string str = new string(strArg.ToCharArray().Reverse().ToArray()); - return new DSimpleStringExpression(str, Encoding.Unicode); + return new DSimpleStringExpression(str, Encoding.Unicode, Context.Options); } + } + + public class VB_Execute + : VbNativeFunction + { + public VB_Execute(IVBScopeObject context) + : base(context, "Execute") + { + } + + public override DExpression Evaluate(params DExpression[] args) + { + DExpression arg1 = args.FirstOrDefault(); + string strArg; + + if (!Converter.TryGetStringValue(arg1, out strArg)) + { + return DefaultExpression(args); + } + + if (Context?.Options?.ExecuteObserver != null) + { + Context.Options.ExecuteObserver.VBScriptExecuted.Add(strArg.Replace("\"\"", "\"")); + } + + return DefaultExpression(args); + } } public class VB_Replace @@ -159,7 +186,7 @@ public override DExpression Evaluate(params DExpression[] args) string str = findStr.Equals(replStr) ? expStr : expStr.Replace(findStr, replStr); - return new DSimpleStringExpression(str, Encoding.Unicode); + return new DSimpleStringExpression(str, Encoding.Unicode, Context.Options); } } @@ -195,7 +222,7 @@ public override DExpression Evaluate(params DExpression[] args) return DefaultExpression(args); string str = strArg.Trim(' '); - return new DSimpleStringExpression(str, Encoding.Unicode); + return new DSimpleStringExpression(str, Encoding.Unicode, Context.Options); } } @@ -233,7 +260,7 @@ public override DExpression Evaluate(params DExpression[] args) string value = new string(' ', count); - return new DSimpleStringExpression(value, Encoding.Unicode); + return new DSimpleStringExpression(value, Encoding.Unicode, Context.Options); } } @@ -265,7 +292,7 @@ public override DExpression Evaluate(params DExpression[] args) //string value = Char.ConvertFromUtf32((int)ascii); //(byte) (UInt32)Math.Round(ascii) & 0x0000FFFF); - return new DSimpleStringExpression(value, Encoding.Unicode); + return new DSimpleStringExpression(value, Encoding.Unicode, Context.Options); } } @@ -305,7 +332,7 @@ public override DExpression Evaluate(params DExpression[] args) //string value = Encoding.ASCII.GetString(test); string value = new string(new char[] { VbUtils.Chr(ascii) }); - return new DSimpleStringExpression(value, Encoding.Unicode); + return new DSimpleStringExpression(value, Encoding.Unicode, Context.Options); } } @@ -342,7 +369,7 @@ public override DExpression Evaluate(params DExpression[] args) string value = new string(new char[]{ VbUtils.Chr(ascii) }); - return new DSimpleStringExpression(value, Encoding.Unicode); + return new DSimpleStringExpression(value, Encoding.Unicode, Context.Options); } } @@ -735,7 +762,7 @@ public override DExpression Evaluate(params DExpression[] args) string hexStr = $"{input:X}"; - return new DSimpleStringExpression(hexStr, null); + return new DSimpleStringExpression(hexStr, null, Context.Options); } } diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VBLiteral.cs b/Sources/vbSparkle/LanguageStatements/Literals/VBLiteral.cs index a038360..ec60d03 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VBLiteral.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VBLiteral.cs @@ -3,6 +3,7 @@ public abstract class VBLiteral { public DExpression Value { get; set; } + public IVBScopeObject Context { get; set; } public abstract string Prettify(); } @@ -12,9 +13,10 @@ public class VBLiteral : VBLiteral { public T Object { get; set; } - public VBLiteral(T @object) + public VBLiteral(IVBScopeObject context, T @object) { Object = @object; + Context = context; Value = new DCodeBlock(@object?.GetText()); } diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VbLtBoolean.cs b/Sources/vbSparkle/LanguageStatements/Literals/VbLtBoolean.cs index 88e3c91..d951434 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VbLtBoolean.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VbLtBoolean.cs @@ -6,8 +6,8 @@ namespace vbSparkle { public class VbLtBoolean : VBLiteral { - public VbLtBoolean(LtBooleanContext @object) - : base(@object) + public VbLtBoolean(IVBScopeObject context, LtBooleanContext @object) + : base(context, @object) { string quoted = @object.GetText(); if (quoted.Equals("True", StringComparison.InvariantCultureIgnoreCase)) diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VbLtColor.cs b/Sources/vbSparkle/LanguageStatements/Literals/VbLtColor.cs index 1e6402c..69067ab 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VbLtColor.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VbLtColor.cs @@ -5,8 +5,8 @@ namespace vbSparkle { public class VbLtColor : VBLiteral { - public VbLtColor(LtColorContext @object) - : base(@object) + public VbLtColor(IVBScopeObject context, LtColorContext @object) + : base(context, @object) { string quoted = @object.GetText(); Value = new DMathExpression( Convert.ToInt32(quoted.Substring(2).Replace("&",""), 16)); diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VbLtDateTime.cs b/Sources/vbSparkle/LanguageStatements/Literals/VbLtDateTime.cs index 306d3c5..11026a1 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VbLtDateTime.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VbLtDateTime.cs @@ -6,8 +6,8 @@ namespace vbSparkle { public class VbLtDateTime : VBLiteral { - public VbLtDateTime(LtDateContext @object) - : base(@object) + public VbLtDateTime(IVBScopeObject context, LtDateContext @object) + : base(context, @object) { string date = @object.GetText(); date = date.Substring(1, date.Length - 2); diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VbLtDouble.cs b/Sources/vbSparkle/LanguageStatements/Literals/VbLtDouble.cs index 18e9e9a..fe804b5 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VbLtDouble.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VbLtDouble.cs @@ -4,8 +4,8 @@ namespace vbSparkle { public class VbLtDouble : VBLiteral { - public VbLtDouble(LtDoubleContext @object) - : base(@object) + public VbLtDouble(IVBScopeObject context, LtDoubleContext @object) + : base(context, @object) { string quoted = @object.GetText(); Value = new DMathExpression(double.Parse(quoted)); diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VbLtFileNumber.cs b/Sources/vbSparkle/LanguageStatements/Literals/VbLtFileNumber.cs index 7f689f7..15b0720 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VbLtFileNumber.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VbLtFileNumber.cs @@ -5,8 +5,8 @@ namespace vbSparkle { public class VbLtFileNumber : VBLiteral { - public VbLtFileNumber(LtFilenumberContext @object) - : base(@object) + public VbLtFileNumber(IVBScopeObject context, LtFilenumberContext @object) + : base(context, @object) { string quoted = @object.GetText(); Value = new DMathExpression(int.Parse(quoted.Replace("#", ""))); diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VbLtInteger.cs b/Sources/vbSparkle/LanguageStatements/Literals/VbLtInteger.cs index 78901cb..1c1238f 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VbLtInteger.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VbLtInteger.cs @@ -5,8 +5,8 @@ namespace vbSparkle { public class VbLtInteger : VBLiteral { - public VbLtInteger(LtIntegerContext @object) - : base(@object) + public VbLtInteger(IVBScopeObject context, LtIntegerContext @object) + : base(context, @object) { string quoted = @object.GetText(); if (quoted.EndsWith("#")) diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VbLtNothing.cs b/Sources/vbSparkle/LanguageStatements/Literals/VbLtNothing.cs index c821f5a..05949f8 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VbLtNothing.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VbLtNothing.cs @@ -4,8 +4,8 @@ namespace vbSparkle { public class VbLtNothing : VBLiteral { - public VbLtNothing(LtNothingContext @object) - : base(@object) + public VbLtNothing(IVBScopeObject context, LtNothingContext @object) + : base(context, @object) { Value = new DCodeBlock("Nothing"); } diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VbLtNull.cs b/Sources/vbSparkle/LanguageStatements/Literals/VbLtNull.cs index 58ce9b2..cc1290e 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VbLtNull.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VbLtNull.cs @@ -4,8 +4,8 @@ namespace vbSparkle { public class VbLtNull : VBLiteral { - public VbLtNull(LtNullContext @object) - : base(@object) + public VbLtNull(IVBScopeObject context, LtNullContext @object) + : base(context, @object) { Value = new DCodeBlock("Null"); } diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VbLtOctal.cs b/Sources/vbSparkle/LanguageStatements/Literals/VbLtOctal.cs index 3e3405c..3e1be97 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VbLtOctal.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VbLtOctal.cs @@ -5,8 +5,8 @@ namespace vbSparkle { public class VbLtOctal : VBLiteral { - public VbLtOctal(LtOctalContext @object) - : base(@object) + public VbLtOctal(IVBScopeObject context, LtOctalContext @object) + : base(context, @object) { string quoted = @object.GetText(); Value = new DMathExpression(Convert.ToInt32(quoted.Substring(2, quoted.Length - 2), 8)); diff --git a/Sources/vbSparkle/LanguageStatements/Literals/VbLtString.cs b/Sources/vbSparkle/LanguageStatements/Literals/VbLtString.cs index 01f46a1..3243643 100644 --- a/Sources/vbSparkle/LanguageStatements/Literals/VbLtString.cs +++ b/Sources/vbSparkle/LanguageStatements/Literals/VbLtString.cs @@ -6,11 +6,11 @@ namespace vbSparkle { public class VbLtString : VBLiteral { - public VbLtString(LtStringContext @object) - : base(@object) + public VbLtString(IVBScopeObject context, LtStringContext @object) + : base(context, @object) { string quoted = @object.GetText(); - Value = new DSimpleStringExpression(quoted.Substring(1, quoted.Length -2), Encoding.Unicode); + Value = new DSimpleStringExpression(quoted.Substring(1, quoted.Length -2), Encoding.Unicode, context.Options); } public override string Prettify() diff --git a/Sources/vbSparkle/LanguageStatements/UserScopeObjects/VbUserScopeObject.cs b/Sources/vbSparkle/LanguageStatements/UserScopeObjects/VbUserScopeObject.cs index a082623..30b539b 100644 --- a/Sources/vbSparkle/LanguageStatements/UserScopeObjects/VbUserScopeObject.cs +++ b/Sources/vbSparkle/LanguageStatements/UserScopeObjects/VbUserScopeObject.cs @@ -27,12 +27,26 @@ public abstract class VbUserScopeObject : VbUserIdentifiedObject, IVBScope public Dictionary Variables = new Dictionary(); public Dictionary Constants = new Dictionary(); + + public NativeObjectManager NativeObjectManager { get; } + public VbUserScopeObject( IVBScopeObject context, T @object, string identifier) : base(context, @object, identifier) { + NativeObjectManager = new NativeObjectManager() { Options = context.Options }; + } + + public VbUserScopeObject( + EvaluatorOptions options, + T @object, + string identifier) + : base(null, @object, identifier) + { + this.Options = options; + NativeObjectManager = new NativeObjectManager() { Options = options }; } public EvaluatorOptions _options = null; @@ -89,6 +103,8 @@ public void DeclareVariable(VbUserVariable variable) public virtual VbIdentifiedObject GetIdentifiedObject(string identifier) { + if (identifier.Equals("execute", StringComparison.InvariantCultureIgnoreCase)) + (0).ToString(); string identifierKey = identifier.ToUpper(); VbIdentifiedObject obj1 = null; @@ -97,7 +113,7 @@ public virtual VbIdentifiedObject GetIdentifiedObject(string identifier) return obj1; } - var nativeValue = NativeObjectManager.Current.GetIdentifiedObject(identifierKey); + var nativeValue = NativeObjectManager.GetIdentifiedObject(identifierKey); if (nativeValue != null) return nativeValue; diff --git a/Sources/vbSparkle/LanguageStatements/ValueStatements/VBVsLiteralContext.cs b/Sources/vbSparkle/LanguageStatements/ValueStatements/VBVsLiteralContext.cs index f4b4627..8f40c67 100644 --- a/Sources/vbSparkle/LanguageStatements/ValueStatements/VBVsLiteralContext.cs +++ b/Sources/vbSparkle/LanguageStatements/ValueStatements/VBVsLiteralContext.cs @@ -17,43 +17,43 @@ public VBVsLiteralContext(IVBScopeObject context, VsLiteralContext @object) var nContext = litContext as LtDelimitedContext; DelimitedLiteralContext litContext2 = nContext.delimitedLiteral(); if (litContext2 is LtStringContext) - Literal = new VbLtString(litContext2 as LtStringContext); + Literal = new VbLtString(Context, litContext2 as LtStringContext); if (litContext2 is LtColorContext) - Literal = new VbLtColor(litContext2 as LtColorContext); + Literal = new VbLtColor(Context, litContext2 as LtColorContext); if (litContext2 is LtOctalContext) - Literal = new VbLtOctal(litContext2 as LtOctalContext); + Literal = new VbLtOctal(Context, litContext2 as LtOctalContext); if (litContext2 is LtDateContext) - Literal = new VbLtDateTime(litContext2 as LtDateContext); + Literal = new VbLtDateTime(Context, litContext2 as LtDateContext); } if (litContext is LtIntegerContext) - Literal = new VbLtInteger(litContext as LtIntegerContext); + Literal = new VbLtInteger(Context, litContext as LtIntegerContext); if (litContext is LtFilenumberContext) - Literal = new VbLtFileNumber(litContext as LtFilenumberContext); + Literal = new VbLtFileNumber(Context, litContext as LtFilenumberContext); if (litContext is LtDoubleContext) - Literal = new VbLtDouble(litContext as LtDoubleContext); + Literal = new VbLtDouble(Context, litContext as LtDoubleContext); if (litContext is LtBooleanContext) - Literal = new VbLtBoolean(litContext as LtBooleanContext); + Literal = new VbLtBoolean(Context, litContext as LtBooleanContext); if (litContext is LtNothingContext) - Literal = new VbLtNothing(litContext as LtNothingContext); + Literal = new VbLtNothing(Context, litContext as LtNothingContext); if (litContext is LtNullContext) - Literal = new VbLtNull(litContext as LtNullContext); + Literal = new VbLtNull(Context, litContext as LtNullContext); } private void AssignDefault(LiteralContext litContext) where T: LiteralContext { if (litContext is T) - Literal = new VBLiteral(litContext as T); + Literal = new VBLiteral(Context, litContext as T); } public override DExpression Prettify(bool partialEvaluation = false) diff --git a/Sources/vbSparkle/LanguageStatements/VbModule.cs b/Sources/vbSparkle/LanguageStatements/VbModule.cs index a23b88c..ad45796 100644 --- a/Sources/vbSparkle/LanguageStatements/VbModule.cs +++ b/Sources/vbSparkle/LanguageStatements/VbModule.cs @@ -50,7 +50,7 @@ public VbModule( EvaluatorOptions options, VBScriptParser.ModuleContext @object) : base( - null, + options, @object, "") { diff --git a/Sources/vbSparkle/Objects/NativeObjectManager.cs b/Sources/vbSparkle/Objects/NativeObjectManager.cs index 6591a1b..7404973 100644 --- a/Sources/vbSparkle/Objects/NativeObjectManager.cs +++ b/Sources/vbSparkle/Objects/NativeObjectManager.cs @@ -8,8 +8,6 @@ namespace vbSparkle public class NativeObjectManager : IVBScopeObject { - public static NativeObjectManager Current { get; } = new NativeObjectManager(); - public Dictionary NativeObjects { get; private set; } = new Dictionary(); @@ -18,16 +16,16 @@ public class NativeObjectManager : IVBScopeObject public NativeObjectManager() { - Add(new VbNativeConstants(this, "vbCrLf", new DSimpleStringExpression("\r\n", Encoding.Unicode))); - Add(new VbNativeConstants(this, "vbNewLine", new DSimpleStringExpression("\r\n", Encoding.Unicode))); - Add(new VbNativeConstants(this, "vbCr", new DSimpleStringExpression("\r", Encoding.Unicode))); - Add(new VbNativeConstants(this, "vbLf", new DSimpleStringExpression("\n", Encoding.Unicode))); - Add(new VbNativeConstants(this, "vbTab", new DSimpleStringExpression("\x9", Encoding.Unicode))); - Add(new VbNativeConstants(this, "vbBack", new DSimpleStringExpression("\x8", Encoding.Unicode))); - Add(new VbNativeConstants(this, "vbNullChar", new DSimpleStringExpression("\x0", Encoding.Unicode))); - Add(new VbNativeConstants(this, "vbFormFeed", new DSimpleStringExpression("\xC", Encoding.Unicode))); - Add(new VbNativeConstants(this, "vbVerticalTab", new DSimpleStringExpression("\xB", Encoding.Unicode))); - Add(new VbNativeConstants(this, "vbNullString", new DSimpleStringExpression("", Encoding.Unicode))); + Add(new VbNativeConstants(this, "vbCrLf", new DSimpleStringExpression("\r\n", Encoding.Unicode, this.Options))); + Add(new VbNativeConstants(this, "vbNewLine", new DSimpleStringExpression("\r\n", Encoding.Unicode, this.Options))); + Add(new VbNativeConstants(this, "vbCr", new DSimpleStringExpression("\r", Encoding.Unicode, this.Options))); + Add(new VbNativeConstants(this, "vbLf", new DSimpleStringExpression("\n", Encoding.Unicode, this.Options))); + Add(new VbNativeConstants(this, "vbTab", new DSimpleStringExpression("\x9", Encoding.Unicode, this.Options))); + Add(new VbNativeConstants(this, "vbBack", new DSimpleStringExpression("\x8", Encoding.Unicode, this.Options))); + Add(new VbNativeConstants(this, "vbNullChar", new DSimpleStringExpression("\x0", Encoding.Unicode, this.Options))); + Add(new VbNativeConstants(this, "vbFormFeed", new DSimpleStringExpression("\xC", Encoding.Unicode, this.Options))); + Add(new VbNativeConstants(this, "vbVerticalTab", new DSimpleStringExpression("\xB", Encoding.Unicode, this.Options))); + Add(new VbNativeConstants(this, "vbNullString", new DSimpleStringExpression("", Encoding.Unicode, this.Options))); Add(new VbNativeConstants(this, "vbObjectError", new DMathExpression(-0x7FFC0000))); // Strings @@ -134,7 +132,7 @@ public NativeObjectManager() Add(new NativeMethods.VB_MonitoringFunction(this, "DoEvents")); Add(new NativeMethods.VB_MonitoringFunction(this, "Environ")); Add(new NativeMethods.VB_MonitoringFunction(this, "Environ$")); - Add(new NativeMethods.VB_MonitoringFunction(this, "Execute")); + Add(new NativeMethods.VB_Execute(this)); Add(new NativeMethods.VB_MonitoringFunction(this, "GetAllSettings")); Add(new NativeMethods.VB_MonitoringFunction(this, "GetObject")); Add(new NativeMethods.VB_MonitoringFunction(this, "GetSetting")); @@ -254,6 +252,9 @@ private VbNativeConstants Add(VbNativeConstants wrapper) public VbIdentifiedObject GetIdentifiedObject(string identifier) { + if (identifier == "Execute") + (0).ToString(); + if (NativeObjects.ContainsKey(identifier.ToUpper())) { return NativeObjects[identifier.ToUpper()]; diff --git a/Sources/vbSparkle/Options/EvaluatorOptions.cs b/Sources/vbSparkle/Options/EvaluatorOptions.cs index 580cec2..e4b85ac 100644 --- a/Sources/vbSparkle/Options/EvaluatorOptions.cs +++ b/Sources/vbSparkle/Options/EvaluatorOptions.cs @@ -1,7 +1,30 @@ -namespace vbSparkle.Options +using System.Collections.Generic; + +namespace vbSparkle.Options { + public class LargeStringAllocationObserver + { + public List LargeStringAllocated { get; set; }= new List(); + public int MinSize { get; internal set; } = 50; + } + + public class ExecuteObserver + { + public List VBScriptExecuted { get; set; } = new List(); + } + + + public class CreateObjectObserver + { + public List CreateObjectObserved { get; set; } = new List(); + } + public class EvaluatorOptions { + public LargeStringAllocationObserver LargeStringAllocationObserver { get;set;} = null; + public ExecuteObserver ExecuteObserver { get; set; } = null; + public CreateObjectObserver CreateObjectObserver { get; set; } = null; + public SymbolRenamingMode SymbolRenamingMode { get; set; } = SymbolRenamingMode.None; public JunkCodeProcessingMode JunkCodeProcessingMode { get; set; } = JunkCodeProcessingMode.Comment; diff --git a/Sources/vbSparkle/PreProcessor/PPNativeObjectManager.cs b/Sources/vbSparkle/PreProcessor/PPNativeObjectManager.cs index 00240a4..5ff9738 100644 --- a/Sources/vbSparkle/PreProcessor/PPNativeObjectManager.cs +++ b/Sources/vbSparkle/PreProcessor/PPNativeObjectManager.cs @@ -7,7 +7,6 @@ namespace vbSparkle.PreProcessor public class PPNativeObjectManager : IVBScopeObject { - public static NativeObjectManager Current { get; } = new NativeObjectManager(); public Dictionary NativeObjects { get; private set; } = new Dictionary(); diff --git a/Sources/vbSparkle/PreProcessor/Statements/VBLiteral.cs b/Sources/vbSparkle/PreProcessor/Statements/VBLiteral.cs index 085a4ca..a01b2bd 100644 --- a/Sources/vbSparkle/PreProcessor/Statements/VBLiteral.cs +++ b/Sources/vbSparkle/PreProcessor/Statements/VBLiteral.cs @@ -5,9 +5,10 @@ public class VBLiteral : VBLiteral { public T Object { get; set; } - public VBLiteral(T @object) + public VBLiteral(IVBScopeObject context, T @object) { Object = @object; + Context = context; Value = new DCodeBlock(@object?.GetText()); } @@ -19,6 +20,7 @@ public override string Prettify() public abstract class VBLiteral { + public IVBScopeObject Context { get; set; } public DExpression Value { get; set; } public abstract string Prettify(); diff --git a/Sources/vbSparkle/PreProcessor/Statements/VBVsLiteralContext.cs b/Sources/vbSparkle/PreProcessor/Statements/VBVsLiteralContext.cs index 9a8e8a9..9085e3c 100644 --- a/Sources/vbSparkle/PreProcessor/Statements/VBVsLiteralContext.cs +++ b/Sources/vbSparkle/PreProcessor/Statements/VBVsLiteralContext.cs @@ -17,34 +17,34 @@ public VBVsLiteralContext(IVBScopeObject context, VsLiteralContext @object) var nContext = litContext as LtDelimitedContext; DelimitedLiteralContext litContext2 = nContext.delimitedLiteral(); if (litContext2 is LtStringContext) - Literal = new VbLtString(litContext2 as LtStringContext); + Literal = new VbLtString(Context, litContext2 as LtStringContext); if (litContext2 is LtColorContext) - Literal = new VbLtColor(litContext2 as LtColorContext); + Literal = new VbLtColor(Context, litContext2 as LtColorContext); if (litContext2 is LtOctalContext) - Literal = new VbLtOctal(litContext2 as LtOctalContext); + Literal = new VbLtOctal(Context, litContext2 as LtOctalContext); if (litContext2 is LtDateContext) - Literal = new VbLtDateTime(litContext2 as LtDateContext); + Literal = new VbLtDateTime(Context, litContext2 as LtDateContext); } if (litContext is LtIntegerContext) - Literal = new VbLtInteger(litContext as LtIntegerContext); + Literal = new VbLtInteger(Context, litContext as LtIntegerContext); if (litContext is LtDoubleContext) - Literal = new VbLtDouble(litContext as LtDoubleContext); + Literal = new VbLtDouble(Context, litContext as LtDoubleContext); if (litContext is LtBooleanContext) - Literal = new VbLtBoolean(litContext as LtBooleanContext); + Literal = new VbLtBoolean(Context, litContext as LtBooleanContext); } private void AssignDefault(LiteralContext litContext) where T : LiteralContext { if (litContext is T) - Literal = new VBLiteral(litContext as T); + Literal = new VBLiteral(Context, litContext as T); } public override DExpression Prettify(bool partialEvaluation = false) diff --git a/Sources/vbSparkle/PreProcessor/Statements/VbLtBoolean.cs b/Sources/vbSparkle/PreProcessor/Statements/VbLtBoolean.cs index ab22f13..7014c59 100644 --- a/Sources/vbSparkle/PreProcessor/Statements/VbLtBoolean.cs +++ b/Sources/vbSparkle/PreProcessor/Statements/VbLtBoolean.cs @@ -6,8 +6,8 @@ namespace vbSparkle.PreProcessor.Statements { public class VbLtBoolean : VBLiteral { - public VbLtBoolean(LtBooleanContext @object) - : base(@object) + public VbLtBoolean(IVBScopeObject context, LtBooleanContext @object) + : base(context, @object) { string quoted = @object.GetText(); if (quoted.Equals("True", StringComparison.InvariantCultureIgnoreCase)) diff --git a/Sources/vbSparkle/PreProcessor/Statements/VbLtColor.cs b/Sources/vbSparkle/PreProcessor/Statements/VbLtColor.cs index c722e17..b6465f3 100644 --- a/Sources/vbSparkle/PreProcessor/Statements/VbLtColor.cs +++ b/Sources/vbSparkle/PreProcessor/Statements/VbLtColor.cs @@ -5,8 +5,8 @@ namespace vbSparkle.PreProcessor.Statements { public class VbLtColor : VBLiteral { - public VbLtColor(LtColorContext @object) - : base(@object) + public VbLtColor(IVBScopeObject context, LtColorContext @object) + : base(context, @object) { string quoted = @object.GetText(); Value = new DMathExpression(Convert.ToInt32(quoted.Substring(2).Replace("&", ""), 16)); diff --git a/Sources/vbSparkle/PreProcessor/Statements/VbLtDateTime.cs b/Sources/vbSparkle/PreProcessor/Statements/VbLtDateTime.cs index bb29321..ba7b600 100644 --- a/Sources/vbSparkle/PreProcessor/Statements/VbLtDateTime.cs +++ b/Sources/vbSparkle/PreProcessor/Statements/VbLtDateTime.cs @@ -6,8 +6,8 @@ namespace vbSparkle.PreProcessor.Statements { public class VbLtDateTime : VBLiteral { - public VbLtDateTime(LtDateContext @object) - : base(@object) + public VbLtDateTime(IVBScopeObject context, LtDateContext @object) + : base(context, @object) { string date = @object.GetText(); date = date.Substring(1, date.Length - 2); diff --git a/Sources/vbSparkle/PreProcessor/Statements/VbLtDouble.cs b/Sources/vbSparkle/PreProcessor/Statements/VbLtDouble.cs index 00b8c7f..06f65a0 100644 --- a/Sources/vbSparkle/PreProcessor/Statements/VbLtDouble.cs +++ b/Sources/vbSparkle/PreProcessor/Statements/VbLtDouble.cs @@ -4,8 +4,8 @@ namespace vbSparkle.PreProcessor.Statements { public class VbLtDouble : VBLiteral { - public VbLtDouble(LtDoubleContext @object) - : base(@object) + public VbLtDouble(IVBScopeObject context, LtDoubleContext @object) + : base(context, @object) { string quoted = @object.GetText(); Value = new DMathExpression(double.Parse(quoted)); diff --git a/Sources/vbSparkle/PreProcessor/Statements/VbLtInteger.cs b/Sources/vbSparkle/PreProcessor/Statements/VbLtInteger.cs index e54d7ba..79f47c4 100644 --- a/Sources/vbSparkle/PreProcessor/Statements/VbLtInteger.cs +++ b/Sources/vbSparkle/PreProcessor/Statements/VbLtInteger.cs @@ -5,8 +5,8 @@ namespace vbSparkle.PreProcessor.Statements { public class VbLtInteger : VBLiteral { - public VbLtInteger(LtIntegerContext @object) - : base(@object) + public VbLtInteger(IVBScopeObject context, LtIntegerContext @object) + : base(context, @object) { string quoted = @object.GetText(); if (quoted.EndsWith("#")) diff --git a/Sources/vbSparkle/PreProcessor/Statements/VbLtOctal.cs b/Sources/vbSparkle/PreProcessor/Statements/VbLtOctal.cs index 5a22645..333c7cd 100644 --- a/Sources/vbSparkle/PreProcessor/Statements/VbLtOctal.cs +++ b/Sources/vbSparkle/PreProcessor/Statements/VbLtOctal.cs @@ -5,8 +5,8 @@ namespace vbSparkle.PreProcessor.Statements { public class VbLtOctal : VBLiteral { - public VbLtOctal(LtOctalContext @object) - : base(@object) + public VbLtOctal(IVBScopeObject context, LtOctalContext @object) + : base(context, @object) { string quoted = @object.GetText(); Value = new DMathExpression(Convert.ToInt32(quoted.Substring(2, quoted.Length - 2), 8)); diff --git a/Sources/vbSparkle/PreProcessor/Statements/VbLtString.cs b/Sources/vbSparkle/PreProcessor/Statements/VbLtString.cs index d2c1fcb..d94a440 100644 --- a/Sources/vbSparkle/PreProcessor/Statements/VbLtString.cs +++ b/Sources/vbSparkle/PreProcessor/Statements/VbLtString.cs @@ -6,11 +6,11 @@ namespace vbSparkle.PreProcessor.Statements { public class VbLtString : VBLiteral { - public VbLtString(LtStringContext @object) - : base(@object) + public VbLtString(IVBScopeObject context, LtStringContext @object) + : base(context, @object) { string quoted = @object.GetText(); - Value = new DSimpleStringExpression(quoted.Substring(1, quoted.Length - 2), Encoding.Unicode); + Value = new DSimpleStringExpression(quoted.Substring(1, quoted.Length - 2), Encoding.Unicode, context.Options) ; } public override string Prettify() diff --git a/Sources/vbSparkle/VbPreProcessorsAnalyser.cs b/Sources/vbSparkle/VbPreProcessorsAnalyser.cs index 06345bb..9c3e290 100644 --- a/Sources/vbSparkle/VbPreProcessorsAnalyser.cs +++ b/Sources/vbSparkle/VbPreProcessorsAnalyser.cs @@ -14,9 +14,10 @@ public class VbPreprocessorAnalyser public VbPreprocessorAnalyser(EvaluatorOptions options) { Options = options; + context = new PreProcessor.PPNativeObjectManager() { Options = options }; } - private PreProcessor.PPNativeObjectManager context { get; set; } = new PreProcessor.PPNativeObjectManager(); + private PreProcessor.PPNativeObjectManager context { get; set; } internal string Visit(StartRuleContext stContext) { diff --git a/Sources/vbSparkle/vbSparkle.csproj b/Sources/vbSparkle/vbSparkle.csproj index caa0de5..9f078a1 100644 --- a/Sources/vbSparkle/vbSparkle.csproj +++ b/Sources/vbSparkle/vbSparkle.csproj @@ -1,12 +1,12 @@  - netstandard2.0 + netstandard2.0;net6.0;net8.0 true true LICENSE.txt - https://github.com/airbus-cert/vbSparkle - https://github.com/airbus-cert/vbSparkle + https://github.com/sbruyere/vbSparkle + https://github.com/sbruyere/vbSparkle vbscript, visualbasic, vba, deobfuscation, malware, reverse vbSparkle is a source-to-source multi-platform Visual Basic deobfuscator based on partial-evaluation and is mainly dedicated to the analysis of malicious code written in VBScript and VBA (Office Macro). @@ -16,7 +16,7 @@ The parsing of Visual Basic Script and VBA is processed through the use of ANTLR Airbus CERT, Sylvain Bruyere Airbus CERT, Sylvain Bruyere Airbus - 1.0.2 + 1.0.3 @@ -27,7 +27,7 @@ The parsing of Visual Basic Script and VBA is processed through the use of ANTLR - +