diff --git a/include/vmctx.hpp b/include/vmctx.hpp index 5877f89..59efc4a 100644 --- a/include/vmctx.hpp +++ b/include/vmctx.hpp @@ -12,9 +12,15 @@ class vmctx_t { const std::uintptr_t m_module_base, m_image_base, m_vm_entry_rva, m_image_size; + zydis_register_t get_vip() const { return m_vip; } + zydis_register_t get_vsp() const { return m_vsp; } + zydis_routine_t get_vm_enter() const { return m_vm_entry; } + + private: /// - /// m_vip and m_vsp are volitile and are subject to change... they are set to - /// the ones used in vm enter but can be changed by external source code... + /// m_vip and m_vsp are set to the native registers used for them by the vm + /// enter... these will change during the execution inside of the vm but these + /// values stay the same as the ones used by vm enter... /// zydis_register_t m_vip, m_vsp; diff --git a/tests/vm_entry_test/src/main.cpp b/tests/vm_entry_test/src/main.cpp index c78b147..5271f8c 100644 --- a/tests/vm_entry_test/src/main.cpp +++ b/tests/vm_entry_test/src/main.cpp @@ -108,12 +108,14 @@ int __cdecl main(int argc, const char* argv[]) { return -1; } - vm::utils::print(vmctx.m_vm_entry); + auto vm_enter = vmctx.get_vm_enter(); + vm::utils::print(vm_enter); + std::printf("> Starting Virtual Instruction Pointer Register: %s\n", - ZydisRegisterGetString(vmctx.m_vip)); + ZydisRegisterGetString(vmctx.get_vip())); std::printf("> Starting Virtual Stack Pointer Register: %s\n", - ZydisRegisterGetString(vmctx.m_vsp)); + ZydisRegisterGetString(vmctx.get_vsp())); // testing vmlocate port for vmp3... const auto vm_entries = vm::locate::get_vm_entries(module_base, image_size);