|
|
@ -32,6 +32,7 @@ int __cdecl main(int argc, const char* argv[]) {
|
|
|
|
"scan for all vm enters and trace all of them... this may take a few "
|
|
|
|
"scan for all vm enters and trace all of them... this may take a few "
|
|
|
|
"minutes...");
|
|
|
|
"minutes...");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
vm::utils::init();
|
|
|
|
parser.enable_help();
|
|
|
|
parser.enable_help();
|
|
|
|
auto result = parser.parse(argc, argv);
|
|
|
|
auto result = parser.parse(argc, argv);
|
|
|
|
|
|
|
|
|
|
|
@ -112,9 +113,10 @@ int __cdecl main(int argc, const char* argv[]) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (parser.exists("vmentry")) {
|
|
|
|
if (parser.exists("vmentry")) {
|
|
|
|
const auto vm_entry_rva =
|
|
|
|
const auto vm_entries = vm::locate::get_vm_entries(module_base, image_size);
|
|
|
|
std::strtoull(parser.get<std::string>("vmentry").c_str(), nullptr, 16);
|
|
|
|
std::printf("> number of vm entries = %d\n", vm_entries.size());
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for (const auto& [vm_entry_rva, encrypted_rva] : vm_entries) {
|
|
|
|
vm::vmctx_t vmctx(module_base, image_base, image_size, vm_entry_rva);
|
|
|
|
vm::vmctx_t vmctx(module_base, image_base, image_size, vm_entry_rva);
|
|
|
|
if (!vmctx.init()) {
|
|
|
|
if (!vmctx.init()) {
|
|
|
|
std::printf(
|
|
|
|
std::printf(
|
|
|
@ -135,3 +137,4 @@ int __cdecl main(int argc, const char* argv[]) {
|
|
|
|
emu.emulate();
|
|
|
|
emu.emulate();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|