From 88c167bb67e4a6ee863457cd4d4fa026a2d66849 Mon Sep 17 00:00:00 2001
From: xtremegamer1 <rlyman308@gmail.com>
Date: Fri, 14 Oct 2022 07:10:52 -0600
Subject: [PATCH] FIxed handlers

---
 src/vmprofiles/lcr0.cpp     | 44 +++++++++++++++++++++++++++++++++++++
 src/vmprofiles/read.cpp     |  4 ++--
 src/vmprofiles/readbzxw.cpp | 40 ---------------------------------
 src/vmprofiles/shl.cpp      |  6 ++---
 src/vmprofiles/shld.cpp     |  6 ++---
 src/vmprofiles/shrd.cpp     |  6 ++---
 6 files changed, 55 insertions(+), 51 deletions(-)
 create mode 100644 src/vmprofiles/lcr0.cpp
 delete mode 100644 src/vmprofiles/readbzxw.cpp

diff --git a/src/vmprofiles/lcr0.cpp b/src/vmprofiles/lcr0.cpp
new file mode 100644
index 0000000..d3964a2
--- /dev/null
+++ b/src/vmprofiles/lcr0.cpp
@@ -0,0 +1,44 @@
+#include <vminstrs.hpp>
+
+//Loads CR0 onto the stack
+namespace vm::instrs {
+profiler_t lcr0 = {
+  "LCR0",
+  mnemonic_t::lcr0,
+  {
+    // MOV REG, CR0
+    [](const zydis_reg_t vip, const zydis_reg_t vsp,
+        const zydis_decoded_instr_t& instr) -> bool {
+      return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
+              instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+              instr.operands[1].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+              instr.operands[1].reg.value == ZYDIS_REGISTER_CR0;
+    },
+    // SUB VSP, OFFSET
+    [](const zydis_reg_t vip, const zydis_reg_t vsp,
+        const zydis_decoded_instr_t& instr) -> bool {
+      return instr.mnemonic == ZYDIS_MNEMONIC_SUB &&
+              instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+              instr.operands[0].reg.value == vsp &&
+              instr.operands[1].type == ZYDIS_OPERAND_TYPE_IMMEDIATE;
+    },
+    // MOV [VSP], REG
+    [](const zydis_reg_t vip, const zydis_reg_t vsp,
+        const zydis_decoded_instr_t& instr) -> bool {
+      return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
+              instr.operands[0].type == ZYDIS_OPERAND_TYPE_MEMORY &&
+              instr.operands[0].mem.base == vsp &&
+              instr.operands[0].mem.index == ZYDIS_REGISTER_NONE &&
+              instr.operands[1].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+              instr.operands[1].reg.value != vsp;
+    }
+  },
+  [](zydis_reg_t& vip, zydis_reg_t& vsp,
+      hndlr_trace_t& hndlr) -> std::optional<vinstr_t> {
+      vinstr_t res{mnemonic_t::lcr0};
+      res.imm.has_imm = false;
+      res.stack_size = 64;
+      return res;
+  }
+};
+}
diff --git a/src/vmprofiles/read.cpp b/src/vmprofiles/read.cpp
index 3bf26dc..8c61eca 100644
--- a/src/vmprofiles/read.cpp
+++ b/src/vmprofiles/read.cpp
@@ -26,13 +26,13 @@ profiler_t read = {
           hndlr.m_instrs.begin(), hndlr.m_instrs.end(),
           [&](emu_instr_t& instr) -> bool {
             const auto& i = instr.m_instr;
-            return i.mnemonic == ZYDIS_MNEMONIC_MOV &&
+            return i.mnemonic == ZYDIS_MNEMONIC_MOV || i.mnemonic == ZYDIS_MNEMONIC_MOVZX &&
                    i.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
                    i.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY &&
                    i.operands[1].mem.base != vsp;
           });
 
-      res.stack_size = mov_reg_reg->m_instr.operands[0].size;
+      res.stack_size = mov_reg_reg->m_instr.operands[1].size;
       return res;
     }};
 }
\ No newline at end of file
diff --git a/src/vmprofiles/readbzxw.cpp b/src/vmprofiles/readbzxw.cpp
deleted file mode 100644
index 609acbe..0000000
--- a/src/vmprofiles/readbzxw.cpp
+++ /dev/null
@@ -1,40 +0,0 @@
-#include <vminstrs.hpp>
-
-namespace vm::instrs {
-profiler_t readbzxw = {
-    "READ",
-    mnemonic_t::readbzxw,
-    {{// MOV REG, [VSP]
-      LOAD_VALUE,
-      // MOVZX REG, [REG]
-      [](const zydis_reg_t vip, const zydis_reg_t vsp,
-         const zydis_decoded_instr_t& instr) -> bool {
-        return instr.mnemonic == ZYDIS_MNEMONIC_MOVZX &&
-               instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
-               instr.operands[0].size == 16 &&
-               instr.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY &&
-               instr.operands[1].size == 8 &&
-               instr.operands[1].mem.base != vsp;
-      },
-      // MOV [VSP], REG
-      STR_VALUE}},
-    [](zydis_reg_t& vip, zydis_reg_t& vsp,
-       hndlr_trace_t& hndlr) -> std::optional<vinstr_t> {
-      vinstr_t res{mnemonic_t::read};
-      res.imm.has_imm = false;
-
-      // MOV REG, [REG]
-      const auto mov_reg_reg = std::find_if(
-          hndlr.m_instrs.begin(), hndlr.m_instrs.end(),
-          [&](emu_instr_t& instr) -> bool {
-            const auto& i = instr.m_instr;
-            return i.mnemonic == ZYDIS_MNEMONIC_MOVZX &&
-                   i.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
-                   i.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY &&
-                   i.operands[1].mem.base != vsp;
-          });
-
-      res.stack_size = mov_reg_reg->m_instr.operands[0].size;
-      return res;
-    }};
-}
\ No newline at end of file
diff --git a/src/vmprofiles/shl.cpp b/src/vmprofiles/shl.cpp
index 25b8c41..bb8cc87 100644
--- a/src/vmprofiles/shl.cpp
+++ b/src/vmprofiles/shl.cpp
@@ -45,10 +45,10 @@ profiler_t shl = {
       }}},
     [](zydis_reg_t& vip, zydis_reg_t& vsp,
        hndlr_trace_t& hndlr) -> std::optional<vinstr_t> {
-      vinstr_t res{mnemonic_t::shr};
+      vinstr_t res{mnemonic_t::shl};
       res.imm.has_imm = false;
 
-      const auto shr_reg = std::find_if(
+      const auto shl_reg = std::find_if(
           hndlr.m_instrs.begin(), hndlr.m_instrs.end(),
           [&](emu_instr_t& instr) -> bool {
             const auto& i = instr.m_instr;
@@ -57,7 +57,7 @@ profiler_t shl = {
                    i.operands[1].type == ZYDIS_OPERAND_TYPE_REGISTER;
           });
 
-      res.stack_size = shr_reg->m_instr.operands[0].size;
+      res.stack_size = shl_reg->m_instr.operands[0].size;
       return res;
     }};
 }
\ No newline at end of file
diff --git a/src/vmprofiles/shld.cpp b/src/vmprofiles/shld.cpp
index 2e30622..54c1624 100644
--- a/src/vmprofiles/shld.cpp
+++ b/src/vmprofiles/shld.cpp
@@ -54,10 +54,10 @@ profiler_t shld = {
       }}},
     [](zydis_reg_t& vip, zydis_reg_t& vsp,
        hndlr_trace_t& hndlr) -> std::optional<vinstr_t> {
-      vinstr_t res{mnemonic_t::shr};
+      vinstr_t res{mnemonic_t::shld};
       res.imm.has_imm = false;
 
-      const auto shr_reg = std::find_if(
+      const auto shld_reg = std::find_if(
           hndlr.m_instrs.begin(), hndlr.m_instrs.end(),
           [&](emu_instr_t& instr) -> bool {
             const auto& i = instr.m_instr;
@@ -66,7 +66,7 @@ profiler_t shld = {
                    i.operands[1].type == ZYDIS_OPERAND_TYPE_REGISTER;
           });
 
-      res.stack_size = shr_reg->m_instr.operands[0].size;
+      res.stack_size = shld_reg->m_instr.operands[0].size;
       return res;
     }};
 
diff --git a/src/vmprofiles/shrd.cpp b/src/vmprofiles/shrd.cpp
index 14204c4..94000c2 100644
--- a/src/vmprofiles/shrd.cpp
+++ b/src/vmprofiles/shrd.cpp
@@ -54,10 +54,10 @@ profiler_t shrd = {
       }}},
     [](zydis_reg_t& vip, zydis_reg_t& vsp,
        hndlr_trace_t& hndlr) -> std::optional<vinstr_t> {
-      vinstr_t res{mnemonic_t::shr};
+      vinstr_t res{mnemonic_t::shrd};
       res.imm.has_imm = false;
 
-      const auto shr_reg = std::find_if(
+      const auto shrd_reg = std::find_if(
           hndlr.m_instrs.begin(), hndlr.m_instrs.end(),
           [&](emu_instr_t& instr) -> bool {
             const auto& i = instr.m_instr;
@@ -66,7 +66,7 @@ profiler_t shrd = {
                    i.operands[1].type == ZYDIS_OPERAND_TYPE_REGISTER;
           });
 
-      res.stack_size = shr_reg->m_instr.operands[0].size;
+      res.stack_size = shrd_reg->m_instr.operands[0].size;
       return res;
     }};