updated how vm::instrs::determine works...

3 years ago · b88c7b9321
parent 322a8bcf97
commit b88c7b9321
2 changed files with 12 additions and 4 deletions
--- a/include/vminstrs.hpp
+++ b/include/vminstrs.hpp
@ -2,6 +2,9 @@
 #include <unicorn/unicorn.h>
 #include <vmutils.hpp>

+#define VIRTUAL_REGISTER_COUNT 24
+#define VIRTUAL_SEH_REGISTER 24
+
 namespace vm::instrs {
 /// <summary>
 /// mnemonic representation of supported virtual instructions...
@ -135,6 +138,11 @@ struct vblk_t {
    /// unicorn-engine stack of the first instruction of the jmp handler...
    /// </summary>
    std::uint8_t* stack;
+
+    struct {
+      zydis_reg_t vip;
+      zydis_reg_t vsp;
+    } m_vm;
  } m_jmp;

  /// <summary>
@ -380,7 +388,7 @@ void init();
 /// <param name="vsp">vsp native register...</param>
 /// <param name="hndlr"></param>
 /// <returns>returns vinstr_t structure...</returns>
-vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr);
+vinstr_t determine(hndlr_trace_t& hndlr);

 /// <summary>
 /// get profile from mnemonic...
--- a/src/vminstrs.cpp
+++ b/src/vminstrs.cpp
@ -127,7 +127,7 @@ void init() {
              });
 }

-vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr) {
+vinstr_t determine(hndlr_trace_t& hndlr) {
  const auto& instrs = hndlr.m_instrs;
  const auto profile = std::find_if(
      profiles.begin(), profiles.end(), [&](profiler_t* profile) -> bool {
@ -136,7 +136,7 @@ vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr) {
              std::find_if(instrs.begin(), instrs.end(),
                           [&](const emu_instr_t& instr) -> bool {
                             const auto& i = instr.m_instr;
-                             return matcher(vip, vsp, i);
+                             return matcher(hndlr.m_vip, hndlr.m_vsp, i);
                           });
          if (matched == instrs.end())
            return false;
@ -147,7 +147,7 @@ vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr) {
  if (profile == profiles.end())
    return vinstr_t{mnemonic_t::unknown};

-  auto result = (*profile)->generate(vip, vsp, hndlr);
+  auto result = (*profile)->generate(hndlr.m_vip, hndlr.m_vsp, hndlr);
  return result.has_value() ? result.value() : vinstr_t{mnemonic_t::unknown};
 }