main
James 3 years ago
parent 783875b587
commit 8122a76182

@ -3,5 +3,6 @@
#define CODE_FLAG_IS_LABEL (1<<0) #define CODE_FLAG_IS_LABEL (1<<0)
#define CODE_FLAG_IS_REL_JMP (1<<1) #define CODE_FLAG_IS_REL_JMP (1<<1)
#define CODE_FLAG_IS_INST (1<<2)
#endif #endif

@ -151,12 +151,14 @@
<ItemGroup> <ItemGroup>
<ClCompile Include="NativeCode.cpp" /> <ClCompile Include="NativeCode.cpp" />
<ClCompile Include="Main.cpp" /> <ClCompile Include="Main.cpp" />
<ClCompile Include="Virtualizer.cpp" />
<ClCompile Include="VmCode.cpp" /> <ClCompile Include="VmCode.cpp" />
<ClCompile Include="XedWrap.cpp" /> <ClCompile Include="XedWrap.cpp" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="Code.h" /> <ClInclude Include="Code.h" />
<ClInclude Include="NativeCode.h" /> <ClInclude Include="NativeCode.h" />
<ClInclude Include="Virtualizer.h" />
<ClInclude Include="VmCode.h" /> <ClInclude Include="VmCode.h" />
<ClInclude Include="Windas.h" /> <ClInclude Include="Windas.h" />
<ClInclude Include="XedWrap.h" /> <ClInclude Include="XedWrap.h" />

@ -14,6 +14,9 @@
<ClInclude Include="Code.h"> <ClInclude Include="Code.h">
<Filter>Code</Filter> <Filter>Code</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="Virtualizer.h">
<Filter>Virtualizer</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="Main.cpp" /> <ClCompile Include="Main.cpp" />
@ -26,6 +29,9 @@
<ClCompile Include="VmCode.cpp"> <ClCompile Include="VmCode.cpp">
<Filter>Code</Filter> <Filter>Code</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="Virtualizer.cpp">
<Filter>Virtualizer</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<Filter Include="Xed"> <Filter Include="Xed">
@ -34,5 +40,8 @@
<Filter Include="Code"> <Filter Include="Code">
<UniqueIdentifier>{d8c41b5b-3520-4266-a1bc-30bb628752d9}</UniqueIdentifier> <UniqueIdentifier>{d8c41b5b-3520-4266-a1bc-30bb628752d9}</UniqueIdentifier>
</Filter> </Filter>
<Filter Include="Virtualizer">
<UniqueIdentifier>{f74192e7-2064-44d2-983c-fac92f468c0a}</UniqueIdentifier>
</Filter>
</ItemGroup> </ItemGroup>
</Project> </Project>

@ -5,8 +5,32 @@
#include "NativeCode.h" #include "NativeCode.h"
UCHAR TestBuffer[]{
0x48, 0x33, 0xC0,
0x48, 0x33, 0xC0,
0xEB, 0x0E,
0x48, 0x33, 0xC0,
0x48, 0x33, 0xC0,
0x7E, 0x06,
0x48, 0x33, 0xC0,
0x48, 0x33, 0xC0,
0x48, 0x33, 0xC0,
0x48, 0x33, 0xC0,
0xEB, 0xF8,
0x50,
0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F,
0x48, 0x87, 0x04, 0x24,
0xC3,
};
ULONG TestBufferSize = sizeof(TestBuffer);
int main() int main()
{ {
NATIVE_CODE_BLOCK Block;
XedTablesInit();
NcFromBuffer(&Block, TestBuffer, TestBufferSize);
NcDebugPrint(&Block);
//PNATIVE_CODE_LINK temp = new NATIVE_CODE_LINK("Hello"); //PNATIVE_CODE_LINK temp = new NATIVE_CODE_LINK("Hello");
system("pause"); system("pause");

@ -74,8 +74,10 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block)
ULONG CurrentLabelId = 0; ULONG CurrentLabelId = 0;
for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next) for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next)
{ {
XED_CATEGORY_ENUM Category = XedDecodedInstGetCategory(&T->XedInst); if (!(T->Flags & CODE_FLAG_IS_INST))
continue;
XED_CATEGORY_ENUM Category = XedDecodedInstGetCategory(&T->XedInst);
if (Category != XED_CATEGORY_COND_BR && Category != XED_CATEGORY_UNCOND_BR) if (Category != XED_CATEGORY_COND_BR && Category != XED_CATEGORY_UNCOND_BR)
continue; continue;
@ -93,16 +95,13 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block)
XED_OPERAND_TYPE_ENUM OperandType = XedOperandType(Operand); XED_OPERAND_TYPE_ENUM OperandType = XedOperandType(Operand);
if (OperandType != XED_OPERAND_TYPE_IMM && OperandType != XED_OPERAND_TYPE_IMM_CONST) if (OperandType != XED_OPERAND_TYPE_IMM && OperandType != XED_OPERAND_TYPE_IMM_CONST)
{
printf("Found jump to non immediate value. Category: %s\n", XedCategoryEnumToString(Category));
continue; continue;
}
INT32 BranchDisplacement = XedDecodedInstGetBranchDisplacement(&T->XedInst); INT32 BranchDisplacement = XedDecodedInstGetBranchDisplacement(&T->XedInst);
PNATIVE_CODE_LINK JmpPos = NcValidateJmp(T, BranchDisplacement); PNATIVE_CODE_LINK JmpPos = NcValidateJmp(T, BranchDisplacement);
if (!JmpPos) if (!JmpPos)
{ {
printf("Failed to validate jump. Type: %s, Displacement: %d", XedCategoryEnumToString(Category), BranchDisplacement); printf("Failed to validate jump. Type: %s, Displacement: %d\n", XedCategoryEnumToString(Category), BranchDisplacement);
return FALSE; return FALSE;
} }
@ -118,6 +117,7 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block)
} }
T->Flags |= CODE_FLAG_IS_REL_JMP; T->Flags |= CODE_FLAG_IS_REL_JMP;
} }
return TRUE;
} }
PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta) PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta)
@ -149,7 +149,7 @@ PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta)
Delta += XedDecodedInstGetLength(&T->XedInst); Delta += XedDecodedInstGetLength(&T->XedInst);
if (Delta >= 0) if (Delta >= 0)
break; break;
T = T->Next; T = T->Prev;
} }
if (Delta != 0 || !T) if (Delta != 0 || !T)
return NULL; return NULL;
@ -157,7 +157,6 @@ PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta)
T = T->Next; T = T->Next;
return T; return T;
} }
//return the jmp if that delta is zero
return Jmp; return Jmp;
} }
@ -172,8 +171,8 @@ BOOL NcFromBuffer(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize)
while (Offset < BufferSize) while (Offset < BufferSize)
{ {
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK; PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK;
Link->Flags = CODE_FLAG_IS_INST;
ULONG PossibleSize = min(15, BufferSize - Offset); ULONG PossibleSize = min(15, BufferSize - Offset);
XED_ERROR_ENUM DecodeError = XedDecode(&Link->XedInst, (Buf + Offset), PossibleSize); XED_ERROR_ENUM DecodeError = XedDecode(&Link->XedInst, (Buf + Offset), PossibleSize);
if (DecodeError != XED_ERROR_NONE) if (DecodeError != XED_ERROR_NONE)
{ {
@ -186,6 +185,8 @@ BOOL NcFromBuffer(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize)
Link->Prev = Block->End; Link->Prev = Block->End;
Block->End->Next = Link; Block->End->Next = Link;
Block->End = Link; Block->End = Link;
Offset += XedDecodedInstGetLength(&Link->XedInst);
} }
PNATIVE_CODE_LINK StartLink = Block->Start; PNATIVE_CODE_LINK StartLink = Block->Start;
@ -206,3 +207,33 @@ VOID NcDelete(PNATIVE_CODE_BLOCK Block)
T = Next; T = Next;
} }
} }
VOID NcDebugPrint(PNATIVE_CODE_BLOCK Block)
{
HANDLE ConsoleHandle = GetStdHandle(STD_OUTPUT_HANDLE);
if (!ConsoleHandle)
return;
for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next)
{
if (T->Flags & CODE_FLAG_IS_LABEL)
{
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED);
printf("Label: %u\n", T->Label);
}
else
{
XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInst);
if (T->Flags & CODE_FLAG_IS_REL_JMP)
{
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED);
printf("%s: %u\n", XedIClassEnumToString(IClass), T->Label);
}
else
{
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_BLUE);
printf("%s\n", XedIClassEnumToString(IClass));
}
}
}
}

@ -45,5 +45,7 @@ BOOL NcFromBuffer(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize);
VOID NcDelete(PNATIVE_CODE_BLOCK Block); VOID NcDelete(PNATIVE_CODE_BLOCK Block);
VOID NcDebugPrint(PNATIVE_CODE_BLOCK Block);
#endif #endif

@ -0,0 +1 @@
#include "Virtualizer.h"

@ -0,0 +1,11 @@
#ifndef __VIRTUALIZER_H
#define __VIRTUALIZER_H
#include "Code.h"
#include "VmCode.h"
#include "NativeCode.h"
BOOL ViCanHandleInst(PNATIVE_CODE_LINK Link);
#endif

@ -1,6 +1,2 @@
#include "XedWrap.h" #include "XedWrap.h"
VOID InitXed()
{
xed_tables_init();
}

@ -8,9 +8,6 @@ extern "C"
#include <xed/xed-interface.h> #include <xed/xed-interface.h>
} }
VOID InitXed();
#define XED_DECODED_INST xed_decoded_inst_t #define XED_DECODED_INST xed_decoded_inst_t
#define XED_INST xed_inst_t #define XED_INST xed_inst_t
#define XED_OPERAND xed_operand_t #define XED_OPERAND xed_operand_t
@ -18,7 +15,9 @@ VOID InitXed();
#define XED_OPERAND_TYPE_ENUM xed_operand_type_enum_t #define XED_OPERAND_TYPE_ENUM xed_operand_type_enum_t
#define XED_ERROR_ENUM xed_error_enum_t #define XED_ERROR_ENUM xed_error_enum_t
#define XED_CATEGORY_ENUM xed_category_enum_t #define XED_CATEGORY_ENUM xed_category_enum_t
#define XED_ICLASS_ENUM xed_iclass_enum_t
#define XedTablesInit xed_tables_init
#define XedDecode xed_decode #define XedDecode xed_decode
#define XedDecodedInstZero xed_decoded_inst_zero #define XedDecodedInstZero xed_decoded_inst_zero
@ -29,11 +28,13 @@ VOID InitXed();
#define XedDecodedInstGetBranchDisplacement xed_decoded_inst_get_branch_displacement #define XedDecodedInstGetBranchDisplacement xed_decoded_inst_get_branch_displacement
#define XedDecodedInstInst xed_decoded_inst_inst #define XedDecodedInstInst xed_decoded_inst_inst
#define XedDecodedInstNumOperands xed_decoded_inst_noperands #define XedDecodedInstNumOperands xed_decoded_inst_noperands
#define XedDecodedInstGetIClass xed_decoded_inst_get_iclass
#define XedInstOperand xed_inst_operand #define XedInstOperand xed_inst_operand
#define XedOperandType xed_operand_type #define XedOperandType xed_operand_type
#define XedIClassEnumToString xed_iclass_enum_t2str
#define XedErrorEnumToString xed_error_enum_t2str #define XedErrorEnumToString xed_error_enum_t2str
#define XedCategoryEnumToString xed_category_enum_t2str #define XedCategoryEnumToString xed_category_enum_t2str

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<Project>
<ProjectOutputs>C:\$Fanta\code-virtualizer\x64\Debug\CodeVirtualizer.exe</ProjectOutputs>
<ContentFiles></ContentFiles>
<SatelliteDlls></SatelliteDlls>
<NonRecipeFileRefs></NonRecipeFileRefs>
</Project>

Binary file not shown.
Loading…
Cancel
Save