diff --git a/include/uc_allocation_tracker.hpp b/include/uc_allocation_tracker.hpp index ac50d6b..00093a4 100644 --- a/include/uc_allocation_tracker.hpp +++ b/include/uc_allocation_tracker.hpp @@ -1,3 +1,4 @@ +#pragma once #include extern int g_allocation_tracker; diff --git a/src/uc_allocation_tracker.cpp b/src/uc_allocation_tracker.cpp index 95fc2a4..16b8d31 100644 --- a/src/uc_allocation_tracker.cpp +++ b/src/uc_allocation_tracker.cpp @@ -11,7 +11,7 @@ uc_err uct_context_alloc(uc_engine *uc, uc_context **context) } uc_err uct_context_free(uc_context *context) { - +g_allocation_tracker--; + --g_allocation_tracker; //std::printf("Allocations: %p\n", g_allocation_tracker); return uc_context_free(context); } diff --git a/src/vmprofiles/and.cpp b/src/vmprofiles/and.cpp index f6ac147..fed4203 100644 --- a/src/vmprofiles/and.cpp +++ b/src/vmprofiles/and.cpp @@ -1,19 +1,21 @@ #include +// Loads an address and value from the stack, ands the derefed address with the value namespace vm::instrs { profiler_t _and = { "AND", mnemonic_t::_and, - {{// MOV REG, [VSP] + {{// MOV REG, [VSP] This is the address LOAD_VALUE, - // MOV REG, [VSP+OFFSET] + // MOV REG, [VSP+8] [](const zydis_reg_t vip, const zydis_reg_t vsp, const zydis_decoded_instr_t& instr) -> bool { return instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER && instr.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY && instr.operands[1].mem.base == vsp && - instr.operands[1].mem.disp.has_displacement; + instr.operands[1].mem.disp.has_displacement, + instr.operands[1].mem.disp.value == 8; }, // AND [REG], REG [](const zydis_reg_t vip, const zydis_reg_t vsp, diff --git a/src/vmprofiles/jmp.cpp b/src/vmprofiles/jmp.cpp index 8fe7d6f..3e15e36 100644 --- a/src/vmprofiles/jmp.cpp +++ b/src/vmprofiles/jmp.cpp @@ -142,6 +142,7 @@ profiler_t jmp = { vinstr_t res; res.mnemonic = mnemonic_t::jmp; res.imm.has_imm = false; + res.stack_size = 64; return res; }}; } \ No newline at end of file