added my new instructions

2 years ago · 25c3008dc2
parent 512b19292c
commit 25c3008dc2
2 changed files with 11 additions and 6 deletions
--- a/include/vminstrs.hpp
+++ b/include/vminstrs.hpp
@ -16,6 +16,7 @@ enum class mnemonic_t : uint8_t {
  lreg,
  lconst,
  add,
+  _and, //The fucking idiots who wrote the standard thought reserving the word "and" was appropriate
  div,
  idiv,
  mul,
@ -24,7 +25,6 @@ enum class mnemonic_t : uint8_t {
  nop,
  nor,
  read,
-  readbzxw, //Read byte zero extend to word
  write,
  shl,
  shld,
@ -32,6 +32,7 @@ enum class mnemonic_t : uint8_t {
  shrd,
  lvsp,
  svsp,
+  lcr0,
  writecr3,
  readcr3,
  writecr8,
@ -288,14 +289,15 @@ extern profiler_t sreg;
 extern profiler_t lreg;
 extern profiler_t lconst;
 extern profiler_t add;
+extern profiler_t _and;
 extern profiler_t lvsp;
 extern profiler_t svsp;
 extern profiler_t nand;
 extern profiler_t nop;
 extern profiler_t nor;
 extern profiler_t read;
-extern profiler_t readbzxw;
 extern profiler_t write;
+extern profiler_t lcr0;
 extern profiler_t writedr7;
 extern profiler_t imul;
 extern profiler_t shl;
@ -309,10 +311,10 @@ extern profiler_t vmexit;
 /// unsorted vector of profiles... they get sorted once at runtime...
 /// </summary>
 inline std::vector<profiler_t*> profiles = {
-    &vmexit, &shl, &shld, &shr, &shrd, &imul, &nor,  &write, &svsp, &read, &readbzxw, 
-    &nand, &lvsp, &add, &jmp,  &sreg, &lreg,  &lconst, &nop, &writedr7};
+    &vmexit, &shl, &shld, &shr, &shrd, &imul, &nor,  &write, &svsp, &read, 
+    &nand, &lvsp, &add, &jmp, &_and, &sreg, &lreg, &lcr0,  &lconst, &nop, &writedr7};

-/// <summary>
+/// <summary> 
 /// no i did not make this by hand, you cannot clown upon me!
 /// </summary>
 inline std::map<zydis_reg_t, uc_x86_reg> reg_map = {
--- a/src/vminstrs.cpp
+++ b/src/vminstrs.cpp
@ -1,5 +1,5 @@
 #include <vminstrs.hpp>
-
+#include <uc_allocation_tracker.hpp>
 namespace vm::instrs {
 void deobfuscate(hndlr_trace_t& trace) {
  static const auto _uses_reg = [](zydis_decoded_operand_t& op,
@ -64,11 +64,13 @@ void deobfuscate(hndlr_trace_t& trace) {

      if (std::find(blacklist.begin(), blacklist.end(),
                    itr->m_instr.mnemonic) != blacklist.end()) {
+        uct_context_free(itr->m_cpu);
        trace.m_instrs.erase(itr);
        break;
      }

      if (vm::utils::is_jmp(itr->m_instr)) {
+        uct_context_free(itr->m_cpu);
        trace.m_instrs.erase(itr);
        break;
      }
@ -111,6 +113,7 @@ void deobfuscate(hndlr_trace_t& trace) {
              _writes(read_result->m_instr, reg))
            continue;

+          uct_context_free(itr->m_cpu);
          trace.m_instrs.erase(itr);
          break;
        }