-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathVBE7_x64 Type Declarations.txt
256 lines (233 loc) · 11.8 KB
/
VBE7_x64 Type Declarations.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
public type DataSegmentProjectPointer
Null1 as LongLong ' 0x00
lpProjectEntry as LongPtr ' 0x08
Ptr1 as LongPtr ' 0x10
Null2 as LongLong ' 0x18
Ptr2 as LongPtr ' 0x20
Null3 as LongPtr ' 0x28
end type
public type ProjectEntry
lpNextEntry as LongPtr ' 0x00
lpPreviousEntry as LongPtr ' 0x08
lpProjectInfo as LongPtr ' 0x10
QWord1 as LongLong ' 0x18
QWord2 as LongLong ' 0x20
end type
public type ProjectInfo
ObjectInterfaces as LongPtr ' 0x00
QWord1 as LongLong ' 0x08
lpD270 as LongPtr ' 0x10 'Unknown
lpObjectTable as LongPtr ' 0x18
FileNameDescriptor(6) as Byte ' 0x20
FileName(2042) as Byte ' 0x26 'actually a BSTR.
QWord2 as longlong ' 0x0820
lpE288 as LongPtr ' 0x0828 'Unknown
lpPublicObjectDescriptors as LongPtr ' 0x0830 'Pointer to array of PODs themselves, not an array of pointers.
ObjectCount as longlong ' 0x0838
ObjectInfo1Array as LongPtr ' 0x0840
QWord3 as LongLong ' 0x0848
end type
public type ObjectTable
lpX1 as LongPtr ' 0x00
lpProjectInfo as LongPtr ' 0x08
lpProjectInfo2 as LongPtr ' 0x10
Reserved as LongLong ' 0x18
Null1 as LongLong ' 0x20
lp6CC0 as LongPtr ' 0x28
GUID as Guid ' 0x30
CompiledState as Integer ' 0x40
ObjectCount as Integer ' 0x42
CompiledObjects as Integer ' 0x44
ObjectsInUse as Integer ' 0x46
lpPublicObjectDescriptors as LongPtr ' 0x48 'Array. Members are size 0x38
ReferenceCount as LongLong ' 0x50
lpReferenceTable as LongPtr ' 0x58
QWord1 as LongLong ' 0x60
lpProjectName as LongPtr ' 0x68 'Pointer to char[]
PrimaryLanguageCodeID as Long ' 0x70
SecondaryLangagueCodeID as Long ' 0x74
Ptr1 as LongPtr ' 0x78
QWord2 as LongLong ' 0x80
QWord3 as LongLong ' 0x88
QWord4 as LongLong ' 0x90
QWord5 as LongLong ' 0x98
QWord6 as LongLong ' 0xA0
QWord7 as LongLong ' 0xA8
QWord8 as LongLong ' 0xB0
QWord9 as LongLong ' 0xB8
end type
public type ProjectInfo2
lpPrivateObjectDescriptors as LongPtr ' 0x00
lpObjectTable as LongPtr ' 0x08
qwReserved1 as LongLong ' 0x10
qwNull1 as LongLong ' 0x18
lpObjectMethodDataTable as LongPtr ' 0x20
QWord3 as LongLong ' 0x28
lpProjectDescription as LongPtr ' 0x30 'Points to char[]
lpHelpFile as LongPtr ' 0x38 'Points to char[]
dwNull as Long ' 0x40
dwHelpContextId as Long ' 0x44
QWord7 as LongLong ' 0x48
end type
public type InMemoryProjectData
DWord1 as Long ' 0x00
DWord2 as Long ' 0x04
QWord1 as LongLong ' 0x08
Ptr1 as LongPtr ' 0x10
Flag1 as LongLong ' 0x18
Ptr2 as LongPtr ' 0x20
Flag2 as LongLong ' 0x28
Ptr3 as LongPtr ' 0x30
Flag3 as LongLong ' 0x38
Ptr4 as LongPtr ' 0x40
Flag4 as LongLong ' 0x48
Ptr5 as LongPtr ' 0x50
Flag5 as LongLong ' 0x58
end type
public type PublicObjectDescriptor
lpObjectInfo as LongPtr ' 0x00
Reserved1 as LongLong ' 0x08
lpPublicVariableIntegers as LongPtr ' 0x10
lpStaticVariableIntegers as LongPtr ' 0x18
lpDataPublicVariables as LongPtr ' 0x20
lpDataStaticVariables as LongPtr ' 0x28
lpModuleName as LongPtr ' 0x30 'Pointer to char[]
MethodCount as LongLong ' 0x38
lpMethodNamePtrArray as LongPtr ' 0x40 'Array of pointers to char[]
OffsetToStaticVariables as Long ' 0x48
Flags as Long ' 0x4C
Null1 as Long ' 0x50
end type
public type ObjectInfo
ReferenceCount as Integer ' 0x00
ObjectIndex as Integer ' 0x02
DWord1 as Long ' 0x04
lpObjectTable as LongPtr ' 0x08
Ptr1 as LongPtr ' 0x10
lpObjectMethodData as LongPtr ' 0x18 'see ObjectMethodData
QWord1 as LongLong ' 0x20
QWord2 as LongLong ' 0x28
lpPublicObjectDescriptor as LongPtr ' 0x30 'Points directly to the object descriptor itself
Ptr3 as LongPtr ' 0x38 'Points to something that is generally null
MethodCount as Integer ' 0x40
MethodCount2 as Integer ' 0x42 'Count of compiled methods?
DWord2 as Long ' 0x44
lpMethodInfoPointers as LongPtr ' 0x48 'Array of pointers to MethodInfo structures
Word1 as Integer ' 0x50 'Constants in constant pool?
Word2 as Integer ' 0x52 'Constants to allocate in constant pool?
DWord3 as Long ' 0x54
Ptr4 as LongPtr ' 0x58
lpStringTable as LongPtr ' 0x60 'Array of pointers to literal strings used in module?
QWord3 as LongLong ' 0x68 'Max size of ObjectInfo = 0x70
end type
public type ObjectMethodData
lpPtr1 as LongPtr
lpObjectInfo as LongPtr
Reserved1 as LongLong
Null1 as LongLong
Null2 as LongLong
lpMethodDataArray as LongPtr ' 0x28 'Array of pointers to MethodData
lpMethodData2Array as LongPtr ' 0x30 'Array of pointers to MethodData2
end type
public enum MethodFlags
IsPropertyGet = &H01
IsPropertyLet = &H02
IsPropertySet = &H03
IsMethod = &H0
PropertyMask = &H03
ArgumentCountMask = &HFC
VisibilityMask = &HFD00
IsPrivate = &HFC00
IsPublic = &HFD00
end enum
public enum MethodDataFlag2
IsMethod = &H60
IsProperty = &H68
end enum
public Enum ArgumentId
'Just go with it, I guess.
' vbVarType value
Object_AID = &H1C ' 9
Variant_AID = &HF ' 12
String_AID = &H10 ' 8
Date_AID = &HC ' 7
Currency_AID = &HD ' 6
Double_AID = &HB ' 5
Single_AID = &HA ' 4
Long_AID = &H8 ' 3
Integer_AID = &H6 ' 2
End Enum
public type MethodData
dwMethodFlag as MethodFlags ' 0x00 'Contains identifier and argument count information:
' Case dwMethodFlag AND PropertyMask WHEN IsPropertyGet then ...
' Argument count = (dwMethodFlag AND ArgumentCountMask) / 4
' Case (dwMethodFlag AND VisibilityMask) WHEN IsPrivate then ...
wReserved as Integer ' 0x04 'Always 0xFFFF
wNull as Integer ' 0x06 'Always 0x0
qwNull1 as LongLong ' 0x08
wSequence as Integer ' 0x10 'Some sort of unique sequence identifier for the method. VTable placement?
wFlag2 as MethodDataFlag2 ' 0x12 '
dwNull2 as Long ' 0x14 '
lpArgumentNameArray as LongPtr ' 0x18 'Array of pointers to char[] names
qwNull3 as LongLong ' 0x20
qwNull4 as LongLong ' 0x28
dwNull5 as Long ' 0x30
wReturnTypeAID as Integer ' 0x34 'non-zero when return is present. See "ArgumentId" enum for values.
wArgumentTypeAID(0 to &H9) as Integer ' 0x36 'value = ArgumentId enum value +0x40. Actual size = # of args.
end type
public type MethodData2
qwMethodIndex as LongLong ' 0x00
lpStackInfo as LongPtr ' 0x08
qwNull1 as LongLong ' 0x10
lpMethodInfo as LongPtr ' 0x18
end type
public type PrivateObjectDescriptor
lpDED0 as LongPtr ' 0x00
QWord1 as LongLong ' 0x08
lpSecondaryProjectInfo as LongPtr ' 0x10
QWord2 as LongLong ' 0x18
end type
public type MethodDescriptor ' This is the structure that is passed from AddressOf calls.
Null1 as LongLong ' 0x00
lpMethodInfo as LongPtr ' 0x08
end type
public type MethodInfo
' MethodInfo is prefixed by the actual PCode and, immediately before that, _
a linked list that points to the previous/next entries in the linked list _
(which is immediately prior to the PCode).
'---- lpPreviousMethodInfoPrefix ' -0x(dwCodeSize + 0x10)
'---- lpNextMethodInfoPrefix ' -0x(dwCodeSize + 0x08)
'---- PCode(dwCodeSize) as byte ' -0xdwCodeSize
lpObjectInfo as LongPtr ' 0x00
Flag1 as Integer ' 0x08
Flag2 as Integer ' 0x0A
dwCodeSize as Long ' 0x0C 'Negative offset to P-Code
Flag4 as Long ' 0x10
Flag5 as Long ' 0x14
Null1 as LongLong ' 0x18
Flag5 as Long ' 0x20
MI2Header as MethodInfo2Header ' 0x24
'next integer is the length of MethodInfo2 -> a variable byte structure
'immediately after MethodInfo2 is MethodInfo3.
'first integer of MethodInfo3 is the length -> a variable byte structure
'Minimum size of each appears to be 0x14.
end Type
public type MethodInfo2Header
SizeInBytes as Integer ' 0x00
Unknown1(12) as Byte ' 0x02
'The structure is extended by unknown content up to the total size given by SizeInBytes
'MethodInfo3Header follows MethodInfo2 immediately. It is then byte aligned on 4-byte boundaries.
end type
public type MethodInfo3Header
SizeInBytes as Integer ' 0x00
Null1 as LongLong ' 0x02
VariableCount as Integer ' 0x0A
dwUnknown1 as Long ' 0x0C
wUnknown2 as Integer ' 0x0E
wUnknown3 as Integer ' 0x10
'an array of MethodVariableInfo(VariableCount) immediately follows this header.
end type
public type MethodVariableInfo
Offset as Long
VarType as Integer
End Type