changed deobfuscation to keep register jumps

xtremegamer1 2 years ago
parent 80b5c20795
commit 1516e2a278

@ -69,7 +69,7 @@ void deobfuscate(hndlr_trace_t& trace) {
break; break;
} }
if (vm::utils::is_jmp(itr->m_instr)) { if (vm::utils::is_jmp(itr->m_instr) && itr->m_instr.operands[0].type != ZYDIS_OPERAND_TYPE_REGISTER) {
uct_context_free(itr->m_cpu); uct_context_free(itr->m_cpu);
trace.m_instrs.erase(itr); trace.m_instrs.erase(itr);
break; break;

Loading…
Cancel
Save