updated vmctx class a little...

2 years ago · 11650b6d8a
parent f252173d7c
commit 11650b6d8a
2 changed files with 13 additions and 5 deletions
--- a/include/vmctx.hpp
+++ b/include/vmctx.hpp
@ -12,9 +12,15 @@ class vmctx_t {
  const std::uintptr_t m_module_base, m_image_base, m_vm_entry_rva,
      m_image_size;

+  zydis_register_t get_vip() const { return m_vip; }
+  zydis_register_t get_vsp() const { return m_vsp; }
+  zydis_routine_t get_vm_enter() const { return m_vm_entry; }
+
+ private:
  /// <summary>
-  /// m_vip and m_vsp are volitile and are subject to change... they are set to
-  /// the ones used in vm enter but can be changed by external source code...
+  /// m_vip and m_vsp are set to the native registers used for them by the vm
+  /// enter... these will change during the execution inside of the vm but these
+  /// values stay the same as the ones used by vm enter...
  /// </summary>
  zydis_register_t m_vip, m_vsp;

--- a/tests/vm_entry_test/src/main.cpp
+++ b/tests/vm_entry_test/src/main.cpp
@ -108,12 +108,14 @@ int __cdecl main(int argc, const char* argv[]) {
    return -1;
  }

-  vm::utils::print(vmctx.m_vm_entry);
+  auto vm_enter = vmctx.get_vm_enter();
+  vm::utils::print(vm_enter);
+
  std::printf("> Starting Virtual Instruction Pointer Register: %s\n",
-              ZydisRegisterGetString(vmctx.m_vip));
+              ZydisRegisterGetString(vmctx.get_vip()));

  std::printf("> Starting Virtual Stack Pointer Register: %s\n",
-              ZydisRegisterGetString(vmctx.m_vsp));
+              ZydisRegisterGetString(vmctx.get_vsp()));

  // testing vmlocate port for vmp3...
  const auto vm_entries = vm::locate::get_vm_entries(module_base, image_size);