diff --git a/CodeVirtualizer/Code.h b/CodeVirtualizer/Code.h index 42789f6..f3fa487 100644 --- a/CodeVirtualizer/Code.h +++ b/CodeVirtualizer/Code.h @@ -1,6 +1,7 @@ #ifndef __CODE_H #define __CODE_H -#define CODE_FLAG_IS_LABEL (1<<0) +#define CODE_FLAG_IS_LABEL (1<<0) +#define CODE_FLAG_IS_REL_JMP (1<<1) #endif \ No newline at end of file diff --git a/CodeVirtualizer/NativeCode.cpp b/CodeVirtualizer/NativeCode.cpp index bfe5dbd..2305f2e 100644 --- a/CodeVirtualizer/NativeCode.cpp +++ b/CodeVirtualizer/NativeCode.cpp @@ -94,7 +94,7 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block) XED_OPERAND_TYPE_ENUM OperandType = XedOperandType(Operand); if (OperandType != XED_OPERAND_TYPE_IMM && OperandType != XED_OPERAND_TYPE_IMM_CONST) { - printf("Found jump to non immediate value. Cat: %s\n", XedCategoryEnumToString(Category)); + printf("Found jump to non immediate value. Category: %s\n", XedCategoryEnumToString(Category)); continue; } @@ -112,21 +112,53 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block) } else { - NcInsertLinkBefore(JmpPos, new NATIVE_CODE_LINK(CurrentLabelId++)); + NcInsertLinkBefore(JmpPos, new NATIVE_CODE_LINK(CurrentLabelId)); + T->Label = CurrentLabelId; + ++CurrentLabelId; } + T->Flags |= CODE_FLAG_IS_REL_JMP; } } PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta) { - if (Delta < 0) + PNATIVE_CODE_LINK T; + if (Delta > 0) { - + T = Jmp->Next; + while (Delta > 0 && T) + { + if (T->Flags & CODE_FLAG_IS_LABEL) + continue; + Delta -= XedDecodedInstGetLength(&T->XedInst); + T = T->Next; + } + if (Delta != 0 || !T) + return NULL; + while (T && (T->Flags & CODE_FLAG_IS_LABEL)) + T = T->Next; + return T; } - else if (Delta > 0) + else if (Delta < 0) { - + T = Jmp; + while (T) + { + if (T->Flags & CODE_FLAG_IS_LABEL) + continue; + Delta += XedDecodedInstGetLength(&T->XedInst); + if (Delta >= 0) + break; + T = T->Next; + } + if (Delta != 0 || !T) + return NULL; + while (T && (T->Flags & CODE_FLAG_IS_LABEL)) + T = T->Next; + return T; } + //return the jmp if that delta is zero + return Jmp; } BOOL NcFromBuffer(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize) @@ -160,6 +192,8 @@ BOOL NcFromBuffer(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize) Block->Start = Block->Start->Next; delete StartLink; + NcCreateLabels(Block); + return TRUE; } diff --git a/CodeVirtualizer/NativeCode.h b/CodeVirtualizer/NativeCode.h index de4f5d5..cd53c67 100644 --- a/CodeVirtualizer/NativeCode.h +++ b/CodeVirtualizer/NativeCode.h @@ -23,7 +23,7 @@ typedef struct _NATIVE_CODE_BLOCK { PNATIVE_CODE_LINK Start; PNATIVE_CODE_LINK End; -}NATIVE_CODE_BLOCK, * PNATIVE_CODE_BLOCK; +}NATIVE_CODE_BLOCK, *PNATIVE_CODE_BLOCK; VOID NcInsertLinkAfter(PNATIVE_CODE_LINK Link1, PNATIVE_CODE_LINK Link2); diff --git a/CodeVirtualizer/VmCode.cpp b/CodeVirtualizer/VmCode.cpp index d87d1a4..3861638 100644 --- a/CodeVirtualizer/VmCode.cpp +++ b/CodeVirtualizer/VmCode.cpp @@ -1 +1,17 @@ -#include "VmCode.h" \ No newline at end of file +#include "VmCode.h" + +_VM_CODE_LINK::_VM_CODE_LINK() +{ + Flags = 0; + Next = Prev = NULL; + Label = 0; + RawData = NULL; + RawDataSize = 0UL; +} + +_VM_CODE_LINK::_VM_CODE_LINK(ULONG LabelId) + : _VM_CODE_LINK() +{ + Label = LabelId; + Flags = CODE_FLAG_IS_LABEL; +} \ No newline at end of file diff --git a/CodeVirtualizer/VmCode.h b/CodeVirtualizer/VmCode.h index 491b4a4..e29f336 100644 --- a/CodeVirtualizer/VmCode.h +++ b/CodeVirtualizer/VmCode.h @@ -2,7 +2,26 @@ #define __VM_CODE_H #include "Windas.h" +#include "Code.h" +typedef struct _VM_CODE_LINK +{ + _VM_CODE_LINK* Next; + _VM_CODE_LINK* Prev; + ULONG Flags; + ULONG Label; + PUCHAR RawData; + ULONG RawDataSize; + + _VM_CODE_LINK(); + _VM_CODE_LINK(ULONG LabelId); +}VM_CODE_LINK, *PVM_CODE_LINK; + +typedef struct _VM_CODE_BLOCK +{ + PVM_CODE_LINK Start; + PVM_CODE_LINK End; +}VM_CODE_BLOCK, *PVM_CODE_BLOCK; #endif \ No newline at end of file diff --git a/CodeVirtualizer/XedWrap.h b/CodeVirtualizer/XedWrap.h index c5f5eef..d09cc8c 100644 --- a/CodeVirtualizer/XedWrap.h +++ b/CodeVirtualizer/XedWrap.h @@ -19,9 +19,10 @@ VOID InitXed(); #define XED_ERROR_ENUM xed_error_enum_t #define XED_CATEGORY_ENUM xed_category_enum_t +#define XedDecode xed_decode + #define XedDecodedInstZero xed_decoded_inst_zero #define XedDecodedInstSetMode xed_decoded_inst_set_mode -#define XedDecode xed_decode #define XedDecodedInstGetLength xed_decoded_inst_get_length #define XedDecodedInstGetCategory xed_decoded_inst_get_category #define XedDecodedInstGetBranchDisplacementWidth xed_decoded_inst_get_branch_displacement_width