forked from vmp3/vmprofiler
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 lines
712 B
24 lines
712 B
#pragma once
|
|
#include <nt/image.hpp>
|
|
#include <vmprofiler.hpp>
|
|
|
|
#define PUSH_4B_IMM "\x68\x00\x00\x00\x00"
|
|
#define PUSH_4B_MASK "x????"
|
|
|
|
namespace vm::locate
|
|
{
|
|
inline bool find( const zydis_routine_t &rtn, std::function< bool( const zydis_instr_t & ) > callback )
|
|
{
|
|
auto res = std::find_if( rtn.begin(), rtn.end(), callback );
|
|
return res != rtn.end();
|
|
}
|
|
|
|
struct vm_enter_t
|
|
{
|
|
std::uint32_t rva;
|
|
std::uint32_t encrypted_rva;
|
|
};
|
|
|
|
std::uintptr_t sigscan( void *base, std::uint32_t size, const char *pattern, const char *mask );
|
|
std::vector< vm_enter_t > get_vm_entries( std::uintptr_t module_base, std::uint32_t module_size );
|
|
} // namespace vm::locate
|