|
|
|
#ifndef __VIRTUAL_MACHINE_H
|
|
|
|
#define __VIRTUAL_MACHINE_H
|
|
|
|
|
|
|
|
#include "Windas.h"
|
|
|
|
#include "XedWrap.h"
|
|
|
|
#include "VMDefs.h"
|
|
|
|
#include "NativeCode.h"
|
|
|
|
#include "VmCode.h"
|
|
|
|
|
|
|
|
#define VmOpSizeToBytes(OpSize) (pow(2, (UCHAR)OpSize))
|
|
|
|
#define VmOpSizeToBits(OpSize) (VmOpSizeToBytes(OpSize) * 8)
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Vm Structure:
|
|
|
|
* RDI = VM_HEADER
|
|
|
|
* RSI = Handler Table
|
|
|
|
* RDX = Vm Instruction Pointer
|
|
|
|
* RBP = Vm Register file
|
|
|
|
* RAX = IREG0
|
|
|
|
* RBX = IREG1
|
|
|
|
* RCX = IREG2
|
|
|
|
* RSP = Storage for flags inside of VM_HEADER
|
|
|
|
*
|
|
|
|
* R8 = Not ever saved. Uses: HandlerJmp,
|
|
|
|
* R9, R10 = Not saved. Uses: Temp storage inside handlers for IReg access.
|
|
|
|
*/
|
|
|
|
|
|
|
|
XED_REG_ENUM VmOperandSizeToRegEnumBase(VM_OPERAND_SIZE_ENUM OperandSize);
|
|
|
|
XED_REG_ENUM VmGetRegOfSize(XED_REG_ENUM Reg, VM_OPERAND_SIZE_ENUM OperandSize);
|
|
|
|
XED_REG_ENUM VmIRegToXReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize);
|
|
|
|
VM_OPERAND_SIZE_ENUM VmXRegToOpSize(XED_REG_ENUM Reg);
|
|
|
|
VM_REG_ENUM VmXRegToVRegId(XED_REG_ENUM Reg);
|
|
|
|
|
|
|
|
#define VM_HANDLER_EPILOGUE_SIZE 15
|
|
|
|
PUCHAR VmHandlerEpilogue(UINT InstructionSize, PUINT OutSize, XED_REG_ENUM Vip = XED_REG_RDX, XED_REG_ENUM HandlerTableReg = XED_REG_RSI);
|
|
|
|
|
|
|
|
CONST CHAR* VmIClassToString(VM_ICLASS_ENUM IClass);
|
|
|
|
|
|
|
|
PUCHAR VmHandlerEnter(PUINT OutSize);
|
|
|
|
PUCHAR VmHandlerExit(PUINT OutSize);
|
|
|
|
|
|
|
|
//Internal register(IReg) store/load
|
|
|
|
PUCHAR VmHandlerIRegMem_B(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize, XED_REG_ENUM XReg1 = XED_REG_R8);
|
|
|
|
PUCHAR VmHandlerIRegMem_BD(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize, XED_REG_ENUM XReg1 = XED_REG_R8, XED_REG_ENUM XReg2 = XED_REG_R9);
|
|
|
|
PUCHAR VmHandlerIRegMem_BIS(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize, XED_REG_ENUM XReg1 = XED_REG_R8, XED_REG_ENUM XReg2 = XED_REG_R9, XED_REG_ENUM XReg3 = XED_REG_R10);
|
|
|
|
PUCHAR VmHandlerIRegMem_BISD(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize, XED_REG_ENUM XReg1 = XED_REG_R8, XED_REG_ENUM XReg2 = XED_REG_R9, XED_REG_ENUM XReg3 = XED_REG_R10);
|
|
|
|
PUCHAR VmHandlerIRegMem(VM_MEMOP_TYPE_ENUM MemOpType, VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize, XED_REG_ENUM XReg1 = XED_REG_R8, XED_REG_ENUM XReg2 = XED_REG_R9, XED_REG_ENUM XReg3 = XED_REG_R10);
|
|
|
|
PUCHAR VmHandlerIRegReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize, XED_REG_ENUM XReg1 = XED_REG_R8);
|
|
|
|
PUCHAR VmHandlerIRegImm(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize);
|
|
|
|
|
|
|
|
PUCHAR VmHandlerEncode0(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize);
|
|
|
|
PUCHAR VmHandlerEncode1(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize);
|
|
|
|
PUCHAR VmHandlerEncode2(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize1, VM_OPERAND_SIZE_ENUM OperandSize2, PUINT OutSize);
|
|
|
|
PUCHAR VmHandlerEncode3(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize1, VM_OPERAND_SIZE_ENUM OperandSize2, VM_OPERAND_SIZE_ENUM OperandSize3, PUINT OutSize);
|
|
|
|
|
|
|
|
|
|
|
|
#endif
|