added my new instructions

xtremegamer1 2 years ago
parent 34c109f303
commit f8247a9487

@ -16,6 +16,7 @@ enum class mnemonic_t : uint8_t {
lreg, lreg,
lconst, lconst,
add, add,
_and, //The fucking idiots who wrote the standard thought reserving the word "and" was appropriate
div, div,
idiv, idiv,
mul, mul,
@ -24,7 +25,6 @@ enum class mnemonic_t : uint8_t {
nop, nop,
nor, nor,
read, read,
readbzxw, //Read byte zero extend to word
write, write,
shl, shl,
shld, shld,
@ -32,6 +32,7 @@ enum class mnemonic_t : uint8_t {
shrd, shrd,
lvsp, lvsp,
svsp, svsp,
lcr0,
writecr3, writecr3,
readcr3, readcr3,
writecr8, writecr8,
@ -288,14 +289,15 @@ extern profiler_t sreg;
extern profiler_t lreg; extern profiler_t lreg;
extern profiler_t lconst; extern profiler_t lconst;
extern profiler_t add; extern profiler_t add;
extern profiler_t _and;
extern profiler_t lvsp; extern profiler_t lvsp;
extern profiler_t svsp; extern profiler_t svsp;
extern profiler_t nand; extern profiler_t nand;
extern profiler_t nop; extern profiler_t nop;
extern profiler_t nor; extern profiler_t nor;
extern profiler_t read; extern profiler_t read;
extern profiler_t readbzxw;
extern profiler_t write; extern profiler_t write;
extern profiler_t lcr0;
extern profiler_t writedr7; extern profiler_t writedr7;
extern profiler_t imul; extern profiler_t imul;
extern profiler_t shl; extern profiler_t shl;
@ -309,10 +311,10 @@ extern profiler_t vmexit;
/// unsorted vector of profiles... they get sorted once at runtime... /// unsorted vector of profiles... they get sorted once at runtime...
/// </summary> /// </summary>
inline std::vector<profiler_t*> profiles = { inline std::vector<profiler_t*> profiles = {
&vmexit, &shl, &shld, &shr, &shrd, &imul, &nor, &write, &svsp, &read, &readbzxw, &vmexit, &shl, &shld, &shr, &shrd, &imul, &nor, &write, &svsp, &read,
&nand, &lvsp, &add, &jmp, &sreg, &lreg, &lconst, &nop, &writedr7}; &nand, &lvsp, &add, &jmp, &_and, &sreg, &lreg, &lcr0, &lconst, &nop, &writedr7};
/// <summary> /// <summary>
/// no i did not make this by hand, you cannot clown upon me! /// no i did not make this by hand, you cannot clown upon me!
/// </summary> /// </summary>
inline std::map<zydis_reg_t, uc_x86_reg> reg_map = { inline std::map<zydis_reg_t, uc_x86_reg> reg_map = {

@ -1,5 +1,5 @@
#include <vminstrs.hpp> #include <vminstrs.hpp>
#include <uc_allocation_tracker.hpp>
namespace vm::instrs { namespace vm::instrs {
void deobfuscate(hndlr_trace_t& trace) { void deobfuscate(hndlr_trace_t& trace) {
static const auto _uses_reg = [](zydis_decoded_operand_t& op, static const auto _uses_reg = [](zydis_decoded_operand_t& op,
@ -64,11 +64,13 @@ void deobfuscate(hndlr_trace_t& trace) {
if (std::find(blacklist.begin(), blacklist.end(), if (std::find(blacklist.begin(), blacklist.end(),
itr->m_instr.mnemonic) != blacklist.end()) { itr->m_instr.mnemonic) != blacklist.end()) {
uct_context_free(itr->m_cpu);
trace.m_instrs.erase(itr); trace.m_instrs.erase(itr);
break; break;
} }
if (vm::utils::is_jmp(itr->m_instr)) { if (vm::utils::is_jmp(itr->m_instr)) {
uct_context_free(itr->m_cpu);
trace.m_instrs.erase(itr); trace.m_instrs.erase(itr);
break; break;
} }
@ -111,6 +113,7 @@ void deobfuscate(hndlr_trace_t& trace) {
_writes(read_result->m_instr, reg)) _writes(read_result->m_instr, reg))
continue; continue;
uct_context_free(itr->m_cpu);
trace.m_instrs.erase(itr); trace.m_instrs.erase(itr);
break; break;
} }

Loading…
Cancel
Save