Major update to Capstone disassembly module

* Refactor of C# capstone binding
* Now compatible in 32 and 64-bit PowerShell

4 files changed, 13 insertions, 16 deletions

diff --git a/Capstone/Capstone.psd1 b/Capstone/Capstone.psd1
index 6632558..5da5a94 100644
--- a/Capstone/Capstone.psd1
+++ b/Capstone/Capstone.psd1
@@ -24,9 +24,6 @@ PowerShellVersion = '3.0'
 # Minimum version of the common language runtime (CLR) required by this module
 CLRVersion = '4.0'
 
-# Processor architecture (None, X86, Amd64) required by this module
-ProcessorArchitecture = 'Amd64'
-
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = 'lib/capstone.dll'
 
diff --git a/Capstone/Get-CSDisassembly.ps1 b/Capstone/Get-CSDisassembly.ps1
index 89c17db..257ba96 100644
--- a/Capstone/Get-CSDisassembly.ps1
+++ b/Capstone/Get-CSDisassembly.ps1
@@ -10,9 +10,13 @@ function Get-CSDisassembly
     PowerSploit Function: Get-CSDisassembly
     Author: Matthew Graeber (@mattifestation)
     License: See LICENSE.TXT
-    Required Dependencies: lib\capstone.dll, lib\libcapstone.dll (64-bit)
+    Required Dependencies: lib\capstone.dll, lib\[x86|x64]\libcapstone.dll
     Optional Dependencies: None
 
+.DESCRIPTION
+
+    Get-CSDisassembly is compatible on 32 and 64-bit.
+
 .PARAMETER Architecture
 
     Specifies the architecture of the code to be disassembled.
@@ -43,13 +47,13 @@ function Get-CSDisassembly
       
 .EXAMPLE
 
-    C:\PS>$Bytes = [Byte[]] @( 0x8d, 0x4c, 0x32, 0x08, 0x01, 0xd8, 0x81, 0xc6, 0x34, 0x12, 0x00, 0x00 )
-    C:\PS>Get-CSDisassembly -Architecture X86 -Mode MODE_16 -Code $Bytes -Offset 0x1000
+    C:\PS>$Bytes = [Byte[]] @( 0x8D, 0x4C, 0x32, 0x08, 0x01, 0xD8, 0x81, 0xC6, 0x34, 0x12, 0x00, 0x00 )
+    Get-CSDisassembly -Architecture X86 -Mode Mode16 -Code $Bytes -Offset 0x1000
 
 .EXAMPLE
 
-    C:\PS>$Bytes = [Byte[]] @( 0x8d, 0x4c, 0x32, 0x08, 0x01, 0xd8, 0x81, 0xc6, 0x34, 0x12, 0x00, 0x00 )
-    C:\PS>Get-CSDisassembly -Architecture X86 -Mode MODE_32 -Code $Bytes -Syntax ATT
+    C:\PS>$Bytes = [Byte[]] @( 0x8D, 0x4C, 0x32, 0x08, 0x01, 0xD8, 0x81, 0xC6, 0x34, 0x12, 0x00, 0x00 )
+    Get-CSDisassembly -Architecture X86 -Mode Mode32 -Code $Bytes -Syntax ATT
 
 .INPUTS
 
@@ -62,20 +66,16 @@ function Get-CSDisassembly
     Capstone.Instruction[]
 
     Get-CSDisassembly returns an array of Instruction objects.
-
-.NOTES
-
-    Get-CSDisassembly must be run from 64-bit PowerShell v3.
 #>
 
     [OutputType([Capstone.Instruction])]
     [CmdletBinding()] Param (
         [Parameter(Mandatory)]
-        [Capstone.ARCH]
+        [Capstone.Architecture]
         $Architecture,
 
         [Parameter(Mandatory)]
-        [Capstone.MODE]
+        [Capstone.Mode]
         $Mode,
 
         [Parameter(Mandatory)]
@@ -103,8 +103,8 @@ function Get-CSDisassembly
     {
         switch ($Syntax)
         {
-            'Intel' { $SyntaxMode = [Capstone.OPT_VALUE]::SYNTAX_INTEL }
-            'ATT'   { $SyntaxMode = [Capstone.OPT_VALUE]::SYNTAX_ATT }
+            'Intel' { $SyntaxMode = [Capstone.OptionValue]::SyntaxIntel }
+            'ATT'   { $SyntaxMode = [Capstone.OptionValue]::SyntaxATT }
         }
 
         $Disassembly.SetSyntax($SyntaxMode)
diff --git a/Capstone/lib/capstone.dll b/Capstone/lib/capstone.dll
index bb08559..3f036ef 100644
--- a/Capstone/lib/capstone.dll
+++ b/Capstone/lib/capstone.dll
diff --git a/Capstone/lib/libcapstone.dll b/Capstone/lib/x86/libcapstone.dll
index e4f5e33..242ad7e 100644
--- a/Capstone/lib/libcapstone.dll
+++ b/Capstone/lib/x86/libcapstone.dll