From 84f550fc13eccdde915debdddf82c5a2a0d23e6d Mon Sep 17 00:00:00 2001 From: Iizerd Date: Thu, 30 Dec 2021 21:25:54 -0800 Subject: [PATCH] xD --- CodeVirtualizer/Main.cpp | 7 +- CodeVirtualizer/VMDefs.h | 12 ++- CodeVirtualizer/VirtualMachine.cpp | 147 +++++++++++++++++++---------- CodeVirtualizer/VirtualMachine.h | 31 ++++-- 4 files changed, 132 insertions(+), 65 deletions(-) diff --git a/CodeVirtualizer/Main.cpp b/CodeVirtualizer/Main.cpp index 0bcfa37..3f6a005 100644 --- a/CodeVirtualizer/Main.cpp +++ b/CodeVirtualizer/Main.cpp @@ -193,7 +193,8 @@ int main() srand(time(NULL)); UINT OutSize = 0; - PUCHAR Output = VmHandlerIRegLoadMem_BISO(VM_IREG_2, VM_OPSIZE_2, &OutSize); // VmHandlerPrologue(8, &OutSize); + //PUCHAR Output = VmHandlerIRegReg(VM_IREG_3, VM_OPSIZE_16, FALSE, &OutSize); // VmHandlerPrologue(8, &OutSize); + PUCHAR Output = VmHandlerEncode2(XED_ICLASS_MOVZX, VM_OPSIZE_32, VM_OPSIZE_16, &OutSize); if (Output && OutSize) { PrintByteArr(Output, OutSize); @@ -202,10 +203,10 @@ int main() for (UINT i = 0; i < VM_IREG_COUNT; i++) { - printf("IReg: %u, %s %s %s %s\n", i, XedRegEnumToString(VmIRegToXReg((VM_IREG_ENUM)i, VM_OPSIZE_1)), XedRegEnumToString(VmIRegToXReg((VM_IREG_ENUM)i, VM_OPSIZE_2)), XedRegEnumToString(VmIRegToXReg((VM_IREG_ENUM)i, VM_OPSIZE_4)), XedRegEnumToString(VmIRegToXReg((VM_IREG_ENUM)i, VM_OPSIZE_8))); + printf("IReg: %u, %s %s %s %s\n", i, XedRegEnumToString(VmIRegToXReg((VM_IREG_ENUM)i, VM_OPSIZE_8)), XedRegEnumToString(VmIRegToXReg((VM_IREG_ENUM)i, VM_OPSIZE_16)), XedRegEnumToString(VmIRegToXReg((VM_IREG_ENUM)i, VM_OPSIZE_32)), XedRegEnumToString(VmIRegToXReg((VM_IREG_ENUM)i, VM_OPSIZE_64))); } - printf("Reg2: %s %s %s %s\n", XedRegEnumToString(VmGetRegOfSize(XED_REG_R15, VM_OPSIZE_1)), XedRegEnumToString(VmGetRegOfSize(XED_REG_R15, VM_OPSIZE_2)), XedRegEnumToString(VmGetRegOfSize(XED_REG_R15, VM_OPSIZE_4)), XedRegEnumToString(VmGetRegOfSize(XED_REG_R15, VM_OPSIZE_8))); + printf("Reg2: %s %s %s %s\n", XedRegEnumToString(VmGetRegOfSize(XED_REG_R15, VM_OPSIZE_8)), XedRegEnumToString(VmGetRegOfSize(XED_REG_R15, VM_OPSIZE_16)), XedRegEnumToString(VmGetRegOfSize(XED_REG_R15, VM_OPSIZE_32)), XedRegEnumToString(VmGetRegOfSize(XED_REG_R15, VM_OPSIZE_64))); //UCHAR TestCode[] = { 0x48, 0x8B, 0x84, 0xD1, 0xF0, 0x06, 0x00, 0x00 }; // { 0x48, 0x89, 0xC8 }; diff --git a/CodeVirtualizer/VMDefs.h b/CodeVirtualizer/VMDefs.h index e41bba9..6f49eec 100644 --- a/CodeVirtualizer/VMDefs.h +++ b/CodeVirtualizer/VMDefs.h @@ -29,18 +29,18 @@ enum VM_MEMOP_TYPE_ENUM : UCHAR enum VM_IREG_ENUM : UCHAR { - VM_IREG_0, VM_IREG_1, VM_IREG_2, + VM_IREG_3, VM_IREG_COUNT, }; enum VM_OPERAND_SIZE_ENUM : UCHAR { - VM_OPSIZE_1, - VM_OPSIZE_2, - VM_OPSIZE_4, VM_OPSIZE_8, + VM_OPSIZE_16, + VM_OPSIZE_32, + VM_OPSIZE_64, VM_OPSIZE_COUNT }; @@ -73,6 +73,10 @@ enum VM_ICLASS_ENUM : USHORT VM_ICLASS_LD_IREG_IMM_START, VM_ICLASS_LD_IREG_IMM_END = VM_ICLASS_LD_IREG_IMM_START + (VM_IREG_COUNT * VM_OPSIZE_COUNT) - 1, + + VM_ICLASS_MOV_START, + VM_ICLASS_MOV_END = VM_ICLASS_MOV_START + VM_OPSIZE_COUNT - 1, + VM_ICLASS_COUNT, }; diff --git a/CodeVirtualizer/VirtualMachine.cpp b/CodeVirtualizer/VirtualMachine.cpp index d6c90a5..7b0de0f 100644 --- a/CodeVirtualizer/VirtualMachine.cpp +++ b/CodeVirtualizer/VirtualMachine.cpp @@ -5,10 +5,10 @@ XED_REG_ENUM VmOperandSizeToRegEnumBase(VM_OPERAND_SIZE_ENUM OperandSize) { switch (OperandSize) { - case VM_OPSIZE_1: return XED_REG_GPR8_FIRST; - case VM_OPSIZE_2: return XED_REG_GPR16_FIRST; - case VM_OPSIZE_4: return XED_REG_GPR32_FIRST; - case VM_OPSIZE_8: return XED_REG_GPR64_FIRST; + case VM_OPSIZE_8: return XED_REG_GPR8_FIRST; + case VM_OPSIZE_16: return XED_REG_GPR16_FIRST; + case VM_OPSIZE_32: return XED_REG_GPR32_FIRST; + case VM_OPSIZE_64: return XED_REG_GPR64_FIRST; } return XED_REG_INVALID; } @@ -38,14 +38,14 @@ XED_REG_ENUM VmIRegToXReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize) { switch (IReg) { - case VM_IREG_0: return VmGetRegOfSize(XED_REG_RAX, OperandSize); - case VM_IREG_1: return VmGetRegOfSize(XED_REG_RBX, OperandSize); - case VM_IREG_2: return VmGetRegOfSize(XED_REG_RCX, OperandSize); + case VM_IREG_1: return VmGetRegOfSize(XED_REG_RAX, OperandSize); + case VM_IREG_2: return VmGetRegOfSize(XED_REG_RBX, OperandSize); + case VM_IREG_3: return VmGetRegOfSize(XED_REG_RCX, OperandSize); } return XED_REG_INVALID; //Less portable version. - /*if (OperandSize == VM_OPSIZE_1) + /*if (OperandSize == VM_OPSIZE_8) { return (XED_REG_ENUM)(XED_REG_AL + IReg); } @@ -77,7 +77,7 @@ PUCHAR VmHandlerPrologue(UINT InstructionSize, PUINT OutSize, XED_REG_ENUM Vip, return XedEncodeInstructions(InstList, 3, OutSize); } -PUCHAR VmHandlerIRegLoadMem_B(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize) +PUCHAR VmHandlerIRegMem_B(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize) { /* * movzx r8,byte ptr[rdx+2] @@ -88,10 +88,14 @@ PUCHAR VmHandlerIRegLoadMem_B(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSiz XED_ENCODER_INSTRUCTION InstList[3]; XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8)); XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0,0), 64)); - XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemB(XED_REG_R8, OpSizeBits)); + if (Load) + XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemB(XED_REG_R8, OpSizeBits)); + else + XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemB(XED_REG_R8, OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize))); + return XedEncodeInstructions(InstList, 3, OutSize); } -PUCHAR VmHandlerIRegLoadMem_BO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize) +PUCHAR VmHandlerIRegMem_BO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize) { /* * movzx r8,byte ptr[rdx+2] @@ -104,83 +108,79 @@ PUCHAR VmHandlerIRegLoadMem_BO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSi XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8)); XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), 64)); XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOVSXD, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(3, 8), 32)); - XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R9, 1, XedDisp(0, 0), OpSizeBits)); + if (Load) + XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R9, 1, XedDisp(0, 0), OpSizeBits)); + else + XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemBISD(XED_REG_R8, XED_REG_R9, 1, XedDisp(0, 0), OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize))); return XedEncodeInstructions(InstList, 4, OutSize); } -PUCHAR VmHandlerIRegLoadMem_BIS(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize) +PUCHAR VmHandlerIRegMem_BIS(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize) { /* * movzx r8,byte ptr[rdx+2] * mov r8, qword ptr[rbp+r8*8] * movzx r9, byte ptr[rdx+3] - * mov r9, qword ptr[rbp+r9*8] * movzx r10, byte ptr[rdx+4] ;load scale value(unsigned) - * imul r9,r10 - * mov (ireg), (size) ptr[r8+r9] + * imul r10, qword ptr[rbp+r9*8] + * mov (ireg), (size) ptr[r8+r10] */ UINT OpSizeBits = VmOpSizeToBits(OperandSize); - XED_ENCODER_INSTRUCTION InstList[7]; + XED_ENCODER_INSTRUCTION InstList[6]; XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8)); XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), 64)); XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(3, 8), 8)); - XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R9), XedMemBISD(XED_REG_RBP, XED_REG_R9, 8, XedDisp(0, 0), 64)); - XedInst2(&InstList[4], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R10), XedMemBD(XED_REG_RDX, XedDisp(4, 8), 8)); - XedInst2(&InstList[5], XedGlobalMachineState, XED_ICLASS_IMUL, 64, XedReg(XED_REG_R9), XedReg(XED_REG_R10)); - XedInst2(&InstList[6], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R9, 1, XedDisp(0, 0), OpSizeBits)); - return XedEncodeInstructions(InstList, 7, OutSize); + XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R10), XedMemBD(XED_REG_RDX, XedDisp(4, 8), 8)); + XedInst2(&InstList[4], XedGlobalMachineState, XED_ICLASS_IMUL, 64, XedReg(XED_REG_R10), XedMemBISD(XED_REG_RBP, XED_REG_R9, 8, XedDisp(0, 0), 64)); + if (Load) + XedInst2(&InstList[5], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R10, 1, XedDisp(0, 0), OpSizeBits)); + else + XedInst2(&InstList[5], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemBISD(XED_REG_R8, XED_REG_R10, 1, XedDisp(0, 0), OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize))); + return XedEncodeInstructions(InstList, 6, OutSize); } -PUCHAR VmHandlerIRegLoadMem_BISO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize) +PUCHAR VmHandlerIRegMem_BISD(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize) { /* * movzx r8, byte ptr[rdx+2] * mov r8, qword ptr[rbp+r8*8] * movzx r9, byte ptr[rdx+3] - * mov r9, qword ptr[rbp+r9*8] * movzx r10, byte ptr[rdx+4] ;load scale value(unsigned) - * imul r9, r10 - * movsxd r10, dword ptr[rdx+5] ;load immediate displacement - * add r9, r10 ;add immediate displacement - * mov (ireg), (size) ptr[r8+r9] + * imul r10, qword ptr[rbp+r9*8] + * movsxd r9, dword ptr[rdx+5] ;load immediate displacement + * add r10, r9 ;add immediate displacement + * mov (ireg), (size) ptr[r8+r10] */ UINT OpSizeBits = VmOpSizeToBits(OperandSize); - XED_ENCODER_INSTRUCTION InstList[9]; + XED_ENCODER_INSTRUCTION InstList[8]; XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8)); XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), 64)); XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(3, 8), 8)); - XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R9), XedMemBISD(XED_REG_RBP, XED_REG_R9, 8, XedDisp(0, 0), 64)); - XedInst2(&InstList[4], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R10), XedMemBD(XED_REG_RDX, XedDisp(4, 8), 8)); - XedInst2(&InstList[5], XedGlobalMachineState, XED_ICLASS_IMUL, 64, XedReg(XED_REG_R9), XedReg(XED_REG_R10)); - XedInst2(&InstList[6], XedGlobalMachineState, XED_ICLASS_MOVSXD, 64, XedReg(XED_REG_R10), XedMemBD(XED_REG_RDX, XedDisp(5, 8), 32)); - XedInst2(&InstList[7], XedGlobalMachineState, XED_ICLASS_ADD, 64, XedReg(XED_REG_R9), XedReg(XED_REG_R10)); - XedInst2(&InstList[8], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R9, 1, XedDisp(0, 0), OpSizeBits)); - return XedEncodeInstructions(InstList, 9, OutSize); -} -PUCHAR VmHandlerIRegLoadReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize) -{ - /* - * movzx r8,byte ptr[rdx+2] - * mov (ireg), (size) ptr[rbp+r8*8] - */ + XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R10), XedMemBD(XED_REG_RDX, XedDisp(4, 8), 8)); + XedInst2(&InstList[4], XedGlobalMachineState, XED_ICLASS_IMUL, 64, XedReg(XED_REG_R10), XedMemBISD(XED_REG_RBP, XED_REG_R9, 8, XedDisp(0, 0), 64)); + XedInst2(&InstList[5], XedGlobalMachineState, XED_ICLASS_MOVSXD, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(5, 8), 32)); + XedInst2(&InstList[6], XedGlobalMachineState, XED_ICLASS_ADD, 64, XedReg(XED_REG_R10), XedReg(XED_REG_R9)); + if (Load) + XedInst2(&InstList[7], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R10, 1, XedDisp(0, 0), OpSizeBits)); + else + XedInst2(&InstList[7], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemBISD(XED_REG_R8, XED_REG_R10, 1, XedDisp(0, 0), OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize))); - UINT OpSizeBits = VmOpSizeToBits(OperandSize); - XED_ENCODER_INSTRUCTION InstList[2]; - XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8)); - XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), OpSizeBits)); - return XedEncodeInstructions(InstList, 2, OutSize); + return XedEncodeInstructions(InstList, 8, OutSize); } -PUCHAR VmHandlerIRegStoreReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize) +PUCHAR VmHandlerIRegReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize) { /* * movzx r8,byte ptr[rdx+2] - * mov (size) ptr[rbp+r8*8], (ireg) + * mov (ireg), (size) ptr[rbp+r8*8] */ UINT OpSizeBits = VmOpSizeToBits(OperandSize); XED_ENCODER_INSTRUCTION InstList[2]; XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8)); - XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize))); + if (Load) + XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), OpSizeBits)); + else + XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize))); return XedEncodeInstructions(InstList, 2, OutSize); } PUCHAR VmHandlerIRegLoadImm(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize) @@ -194,3 +194,48 @@ PUCHAR VmHandlerIRegLoadImm(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBD(XED_REG_RDX, XedDisp(2, 8), OpSizeBits)); return XedEncodeInstructions(InstList, 1, OutSize); } + +PUCHAR VmHandlerEncode1(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize) +{ + XED_ENCODER_INSTRUCTION InstList; + XedInst1(&InstList, XedGlobalMachineState, IClass, VmOpSizeToBits(OperandSize), XedReg(VmIRegToXReg(VM_IREG_1, OperandSize))); + return XedEncodeInstructions(&InstList, 1, OutSize); +} +PUCHAR VmHandlerEncode2(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize1, VM_OPERAND_SIZE_ENUM OperandSize2, PUINT OutSize) +{ + XED_ENCODER_INSTRUCTION InstList; + XedInst2(&InstList, XedGlobalMachineState, IClass, VmOpSizeToBits(OperandSize1), XedReg(VmIRegToXReg(VM_IREG_1, OperandSize1)), XedReg(VmIRegToXReg(VM_IREG_2, OperandSize2))); + return XedEncodeInstructions(&InstList, 1, OutSize); +} +PUCHAR VmHandlerEncode3(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize1, VM_OPERAND_SIZE_ENUM OperandSize2, VM_OPERAND_SIZE_ENUM OperandSize3, PUINT OutSize) +{ + XED_ENCODER_INSTRUCTION InstList; + XedInst3(&InstList, XedGlobalMachineState, IClass, VmOpSizeToBits(OperandSize1), XedReg(VmIRegToXReg(VM_IREG_1, OperandSize1)), XedReg(VmIRegToXReg(VM_IREG_2, OperandSize2)), XedReg(VmIRegToXReg(VM_IREG_3, OperandSize3))); + return XedEncodeInstructions(&InstList, 1, OutSize); +} + +// +//PUCHAR VmHandlerMov(VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize) +//{ +// XED_ENCODER_INSTRUCTION InstList; +// XedInst2(&InstList, XedGlobalMachineState, XED_ICLASS_MOV, VmOpSizeToBits(OperandSize), XedReg(VmIRegToXReg(VM_IREG_1, OperandSize)), XedReg(VmIRegToXReg(VM_IREG_2, OperandSize))); +// return XedEncodeInstructions(&InstList, 1, OutSize); +//} +//PUCHAR VmHandlerMovsx(VM_OPERAND_SIZE_ENUM NewOpSize, VM_OPERAND_SIZE_ENUM OriginalOpSize, PUINT OutSize) +//{ +// XED_ENCODER_INSTRUCTION InstList; +// XedInst2(&InstList, XedGlobalMachineState, XED_ICLASS_MOVSX, VmOpSizeToBits(NewOpSize), XedReg(VmIRegToXReg(VM_IREG_1, NewOpSize)), XedReg(VmIRegToXReg(VM_IREG_2, OriginalOpSize))); +// return XedEncodeInstructions(&InstList, 1, OutSize); +//} +//PUCHAR VmHandlerMovsxd(VM_OPERAND_SIZE_ENUM NewOpSize, VM_OPERAND_SIZE_ENUM OriginalOpSize, PUINT OutSize) +//{ +// XED_ENCODER_INSTRUCTION InstList; +// XedInst2(&InstList, XedGlobalMachineState, XED_ICLASS_MOVSXD, VmOpSizeToBits(NewOpSize), XedReg(VmIRegToXReg(VM_IREG_1, NewOpSize)), XedReg(VmIRegToXReg(VM_IREG_2, OriginalOpSize))); +// return XedEncodeInstructions(&InstList, 1, OutSize); +//} +//PUCHAR VmHandlerMovzx(VM_OPERAND_SIZE_ENUM NewOpSize, VM_OPERAND_SIZE_ENUM OriginalOpSize, PUINT OutSize) +//{ +// XED_ENCODER_INSTRUCTION InstList; +// XedInst2(&InstList, XedGlobalMachineState, XED_ICLASS_MOVZX, VmOpSizeToBits(NewOpSize), XedReg(VmIRegToXReg(VM_IREG_1, NewOpSize)), XedReg(VmIRegToXReg(VM_IREG_2, OriginalOpSize))); +// return XedEncodeInstructions(&InstList, 1, OutSize); +//} \ No newline at end of file diff --git a/CodeVirtualizer/VirtualMachine.h b/CodeVirtualizer/VirtualMachine.h index 23c248f..713ef1d 100644 --- a/CodeVirtualizer/VirtualMachine.h +++ b/CodeVirtualizer/VirtualMachine.h @@ -16,6 +16,11 @@ #define VmOpSizeToBytes(OpSize) (pow(2, (UCHAR)OpSize)) #define VmOpSizeToBits(OpSize) (VmOpSizeToBytes(OpSize) * 8) +#define VmDefaultInstId(IClass, OperandSize) (((IClass) * VM_OPSIZE_COUNT) + OperandSize) +inline PUCHAR DefaultInstBuffers[XED_ICLASS_LAST * VM_OPSIZE_COUNT] = { NULL }; + + + /* * Vm Structure: * RDI = VM_HEADER @@ -26,7 +31,8 @@ * RBX = IREG1 * RCX = IREG2 * -* R8 = Not ever saved. Uses ATM: HandlerJmp, +* R8 = Not ever saved. Uses: HandlerJmp, +* R9, R10 = Not saved. Uses: Temp storage inside handlers for IReg access. */ XED_REG_ENUM VmOperandSizeToRegEnumBase(VM_OPERAND_SIZE_ENUM OperandSize); XED_REG_ENUM VmGetRegOfSize(XED_REG_ENUM Reg, VM_OPERAND_SIZE_ENUM OperandSize); @@ -36,11 +42,22 @@ XED_REG_ENUM VmIRegToXReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize); #define VM_HANDLER_PROLOGUE_SIZE 15 PUCHAR VmHandlerPrologue(UINT InstructionSize, PUINT OutSize, XED_REG_ENUM Vip = XED_REG_RDX, XED_REG_ENUM HandlerTableReg = XED_REG_RSI); -PUCHAR VmHandlerIRegLoadMem_B(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize); -PUCHAR VmHandlerIRegLoadMem_BO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize); -PUCHAR VmHandlerIRegLoadMem_BIS(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize); -PUCHAR VmHandlerIRegLoadMem_BISO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize); -PUCHAR VmHandlerIRegLoadReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize); -PUCHAR VmHandlerIRegStoreReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize); +//Internal register(IReg) store/load +PUCHAR VmHandlerIRegMem_B(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize); +PUCHAR VmHandlerIRegMem_BO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize); +PUCHAR VmHandlerIRegMem_BIS(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize); +PUCHAR VmHandlerIRegMem_BISD(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize); +PUCHAR VmHandlerIRegReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize); PUCHAR VmHandlerIRegLoadImm(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize); + +PUCHAR VmHandlerEncode1(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize); +PUCHAR VmHandlerEncode2(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize1, VM_OPERAND_SIZE_ENUM OperandSize2, PUINT OutSize); +PUCHAR VmHandlerEncode3(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize1, VM_OPERAND_SIZE_ENUM OperandSize2, VM_OPERAND_SIZE_ENUM OperandSize3, PUINT OutSize); + +//PUCHAR VmHandlerMov(VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize); +//PUCHAR VmHandlerMovsx(VM_OPERAND_SIZE_ENUM NewOpSize, VM_OPERAND_SIZE_ENUM OriginalOpSize, PUINT OutSize); +//PUCHAR VmHandlerMovsxd(VM_OPERAND_SIZE_ENUM NewOpSize, VM_OPERAND_SIZE_ENUM OriginalOpSize, PUINT OutSize); +//PUCHAR VmHandlerMovzx(VM_OPERAND_SIZE_ENUM NewOpSize, VM_OPERAND_SIZE_ENUM OriginalOpSize, PUINT OutSize); + + #endif \ No newline at end of file