dwafwad

CodeVirtualizer/Code.h

@@ -3,5 +3,6 @@
 
 #define CODE_FLAG_IS_LABEL		(1<<0)
 #define CODE_FLAG_IS_REL_JMP	(1<<1)
+#define CODE_FLAG_IS_INST		(1<<2)
 
 #endif

CodeVirtualizer/CodeVirtualizer.vcxproj

@@ -151,12 +151,14 @@
   <ItemGroup>
     <ClCompile Include="NativeCode.cpp" />
     <ClCompile Include="Main.cpp" />
+    <ClCompile Include="Virtualizer.cpp" />
     <ClCompile Include="VmCode.cpp" />
     <ClCompile Include="XedWrap.cpp" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="Code.h" />
     <ClInclude Include="NativeCode.h" />
+    <ClInclude Include="Virtualizer.h" />
     <ClInclude Include="VmCode.h" />
     <ClInclude Include="Windas.h" />
     <ClInclude Include="XedWrap.h" />

CodeVirtualizer/CodeVirtualizer.vcxproj.filters

@@ -14,6 +14,9 @@
     <ClInclude Include="Code.h">
       <Filter>Code</Filter>
     </ClInclude>
+    <ClInclude Include="Virtualizer.h">
+      <Filter>Virtualizer</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="Main.cpp" />
@@ -26,6 +29,9 @@
     <ClCompile Include="VmCode.cpp">
       <Filter>Code</Filter>
     </ClCompile>
+    <ClCompile Include="Virtualizer.cpp">
+      <Filter>Virtualizer</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <Filter Include="Xed">
@@ -34,5 +40,8 @@
     <Filter Include="Code">
       <UniqueIdentifier>{d8c41b5b-3520-4266-a1bc-30bb628752d9}</UniqueIdentifier>
     </Filter>
+    <Filter Include="Virtualizer">
+      <UniqueIdentifier>{f74192e7-2064-44d2-983c-fac92f468c0a}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
 </Project>

CodeVirtualizer/Main.cpp

@@ -5,8 +5,32 @@
 
 #include "NativeCode.h"
 
+UCHAR TestBuffer[]{
+	0x48, 0x33, 0xC0,
+	0x48, 0x33, 0xC0,
+	0xEB, 0x0E,
+	0x48, 0x33, 0xC0,
+	0x48, 0x33, 0xC0,
+	0x7E, 0x06,
+	0x48, 0x33, 0xC0,
+	0x48, 0x33, 0xC0,
+	0x48, 0x33, 0xC0,
+	0x48, 0x33, 0xC0,
+	0xEB, 0xF8,
+	0x50,
+	0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F,
+	0x48, 0x87, 0x04, 0x24,
+	0xC3,
+};
+ULONG TestBufferSize = sizeof(TestBuffer);
+
 int main()
 {
+	NATIVE_CODE_BLOCK Block;
+
+	XedTablesInit();
+	NcFromBuffer(&Block, TestBuffer, TestBufferSize);
+	NcDebugPrint(&Block);
 
 	//PNATIVE_CODE_LINK temp = new NATIVE_CODE_LINK("Hello");
 	system("pause");

CodeVirtualizer/NativeCode.cpp

@@ -74,8 +74,10 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block)
 	ULONG CurrentLabelId = 0;
 	for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next)
 	{
-		XED_CATEGORY_ENUM Category = XedDecodedInstGetCategory(&T->XedInst);
+		if (!(T->Flags & CODE_FLAG_IS_INST))
+			continue;
 
+		XED_CATEGORY_ENUM Category = XedDecodedInstGetCategory(&T->XedInst);
 		if (Category != XED_CATEGORY_COND_BR && Category != XED_CATEGORY_UNCOND_BR)
 			continue;
 
@@ -86,23 +88,20 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block)
 		CONST XED_INST* Inst = XedDecodedInstInst(&T->XedInst);
 		if (!Inst)
 			continue;
-
+		
 		CONST XED_OPERAND* Operand = XedInstOperand(Inst, 0);
 		if (!Operand)
 			continue;
 
 		XED_OPERAND_TYPE_ENUM OperandType = XedOperandType(Operand);
 		if (OperandType != XED_OPERAND_TYPE_IMM && OperandType != XED_OPERAND_TYPE_IMM_CONST)
-		{
-			printf("Found jump to non immediate value. Category: %s\n", XedCategoryEnumToString(Category));
 			continue;
-		}
 
 		INT32 BranchDisplacement = XedDecodedInstGetBranchDisplacement(&T->XedInst);
 		PNATIVE_CODE_LINK JmpPos = NcValidateJmp(T, BranchDisplacement);
 		if (!JmpPos)
 		{
-			printf("Failed to validate jump. Type: %s, Displacement: %d", XedCategoryEnumToString(Category), BranchDisplacement);
+			printf("Failed to validate jump. Type: %s, Displacement: %d\n", XedCategoryEnumToString(Category), BranchDisplacement);
 			return FALSE;
 		}
 
@@ -118,6 +117,7 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block)
 		}
 		T->Flags |= CODE_FLAG_IS_REL_JMP;
 	}
+	return TRUE;
 }
 
 PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta)
@@ -149,7 +149,7 @@ PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta)
 			Delta += XedDecodedInstGetLength(&T->XedInst);
 			if (Delta >= 0)
 				break;
-			T = T->Next;
+			T = T->Prev;
 		}
 		if (Delta != 0 || !T)
 			return NULL;
@@ -157,7 +157,6 @@ PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta)
 			T = T->Next;
 		return T;
 	}
-	//return the jmp if that delta is zero
 	return Jmp;
 }
 
@@ -172,8 +171,8 @@ BOOL NcFromBuffer(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize)
 	while (Offset < BufferSize)
 	{
 		PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK;
+		Link->Flags = CODE_FLAG_IS_INST;
 		ULONG PossibleSize = min(15, BufferSize - Offset);
-		
 		XED_ERROR_ENUM DecodeError = XedDecode(&Link->XedInst, (Buf + Offset), PossibleSize);
 		if (DecodeError != XED_ERROR_NONE)
 		{
@@ -186,6 +185,8 @@ BOOL NcFromBuffer(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize)
 		Link->Prev = Block->End;
 		Block->End->Next = Link;
 		Block->End = Link;
+
+		Offset += XedDecodedInstGetLength(&Link->XedInst);
 	}
 
 	PNATIVE_CODE_LINK StartLink = Block->Start;
@@ -206,3 +207,33 @@ VOID NcDelete(PNATIVE_CODE_BLOCK Block)
 		T = Next;
 	}	
 }
+
+VOID NcDebugPrint(PNATIVE_CODE_BLOCK Block)
+{
+	HANDLE ConsoleHandle = GetStdHandle(STD_OUTPUT_HANDLE);
+	if (!ConsoleHandle)
+		return;
+
+	for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next)
+	{
+		if (T->Flags & CODE_FLAG_IS_LABEL)
+		{
+			SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED);
+			printf("Label: %u\n", T->Label);
+		}
+		else
+		{
+			XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInst);
+			if (T->Flags & CODE_FLAG_IS_REL_JMP)
+			{
+				SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED);
+				printf("%s: %u\n", XedIClassEnumToString(IClass), T->Label);
+			}
+			else
+			{
+				SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_BLUE);
+				printf("%s\n", XedIClassEnumToString(IClass));
+			}
+		}
+	}
+}

CodeVirtualizer/NativeCode.h

@@ -45,5 +45,7 @@ BOOL NcFromBuffer(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize);
 
 VOID NcDelete(PNATIVE_CODE_BLOCK Block);
 
+VOID NcDebugPrint(PNATIVE_CODE_BLOCK Block);
+
 
 #endif

CodeVirtualizer/Virtualizer.cpp

@@ -0,0 +1 @@
+#include "Virtualizer.h"

CodeVirtualizer/Virtualizer.h

@@ -0,0 +1,11 @@
+#ifndef __VIRTUALIZER_H
+#define __VIRTUALIZER_H
+
+#include "Code.h"
+#include "VmCode.h"
+#include "NativeCode.h"
+
+
+BOOL ViCanHandleInst(PNATIVE_CODE_LINK Link);
+
+#endif

CodeVirtualizer/XedWrap.cpp

@@ -1,6 +1,2 @@
 #include "XedWrap.h"
 
-VOID InitXed()
-{
-	xed_tables_init();
-}

CodeVirtualizer/XedWrap.h

@@ -8,9 +8,6 @@ extern "C"
 #include <xed/xed-interface.h>
 }
 
-
-VOID InitXed();
-
 #define XED_DECODED_INST xed_decoded_inst_t
 #define XED_INST xed_inst_t
 #define XED_OPERAND xed_operand_t
@@ -18,7 +15,9 @@ VOID InitXed();
 #define XED_OPERAND_TYPE_ENUM xed_operand_type_enum_t
 #define XED_ERROR_ENUM xed_error_enum_t
 #define XED_CATEGORY_ENUM xed_category_enum_t
+#define XED_ICLASS_ENUM xed_iclass_enum_t
 
+#define XedTablesInit xed_tables_init
 #define XedDecode xed_decode
 
 #define XedDecodedInstZero xed_decoded_inst_zero
@@ -29,11 +28,13 @@ VOID InitXed();
 #define XedDecodedInstGetBranchDisplacement xed_decoded_inst_get_branch_displacement
 #define XedDecodedInstInst xed_decoded_inst_inst
 #define XedDecodedInstNumOperands xed_decoded_inst_noperands
+#define XedDecodedInstGetIClass xed_decoded_inst_get_iclass
 
 #define XedInstOperand xed_inst_operand
 
 #define XedOperandType xed_operand_type
 
+#define XedIClassEnumToString xed_iclass_enum_t2str
 #define XedErrorEnumToString xed_error_enum_t2str
 #define XedCategoryEnumToString xed_category_enum_t2str
 

CodeVirtualizer/x64/Debug/CodeVirtualizer.exe.recipe

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project>
+  <ProjectOutputs>C:\$Fanta\code-virtualizer\x64\Debug\CodeVirtualizer.exe</ProjectOutputs>
+  <ContentFiles></ContentFiles>
+  <SatelliteDlls></SatelliteDlls>
+  <NonRecipeFileRefs></NonRecipeFileRefs>
+</Project>