From 8f691a29f1e443dee6169d719d048cb1ac20d294 Mon Sep 17 00:00:00 2001 From: John Doe Date: Thu, 30 Dec 2021 01:00:24 -0800 Subject: [PATCH] updated vmprofiler dep. preparing to add virtual branch recovery... --- deps/vmprofiler | 2 +- include/vmemu_t.hpp | 5 ++++- src/main.cpp | 47 +++++++++++++++++++++------------------------ src/vmemu_t.cpp | 11 +++++++---- 4 files changed, 34 insertions(+), 31 deletions(-) diff --git a/deps/vmprofiler b/deps/vmprofiler index 703245f..4c4bcf8 160000 --- a/deps/vmprofiler +++ b/deps/vmprofiler @@ -1 +1 @@ -Subproject commit 703245ffc98f151e2ee197c509dd12a9ab05b8bd +Subproject commit 4c4bcf8a1836eaa2b9e295b46caf67857b726f03 diff --git a/include/vmemu_t.hpp b/include/vmemu_t.hpp index 2c3366d..0a5caa2 100644 --- a/include/vmemu_t.hpp +++ b/include/vmemu_t.hpp @@ -21,6 +21,8 @@ class emu_t { uc_engine* uc; const vm::vmctx_t* m_vm; zydis_reg_t vip, vsp; + + std::vector vinstrs; vm::instrs::hndlr_trace_t cc_trace; uc_hook code_exec_hook, invalid_mem_hook, int_hook; @@ -29,12 +31,13 @@ class emu_t { uint32_t size, emu_t* obj); - static void int_callback(uc_engine* uc, std::uint32_t intno, emu_t* obj); static void invalid_mem(uc_engine* uc, uc_mem_type type, uint64_t address, int size, int64_t value, emu_t* obj); + + static void int_callback(uc_engine* uc, std::uint32_t intno, emu_t* obj); }; } // namespace vm diff --git a/src/main.cpp b/src/main.cpp index c40b353..e38fbd1 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -3,11 +3,8 @@ #include #include #include - #include "vmemu_t.hpp" -#define NUM_THREADS 20 - int __cdecl main(int argc, const char* argv[]) { argparse::argument_parser_t parser("VMEmu", "VMProtect 3 VM Handler Emulator"); @@ -116,28 +113,28 @@ int __cdecl main(int argc, const char* argv[]) { const auto vm_entries = vm::locate::get_vm_entries(module_base, image_size); std::printf("> number of vm entries = %d\n", vm_entries.size()); - // TODO: rewrite this, just testing get_vm_entries... - for (const auto& [vm_entry_rva, encrypted_rva] : vm_entries) { - vm::vmctx_t vmctx(module_base, image_base, image_size, vm_entry_rva); - if (!vmctx.init()) { - std::printf( - "[!] failed to init vmctx... this can be for many reasons..." - " try validating your vm entry rva... make sure the binary is " - "unpacked and is" - "protected with VMProtect 3...\n"); - return -1; - } - - vm::emu_t emu(&vmctx); - if (!emu.init()) { - std::printf( - "[!] failed to init vm::emu_t... read above in the console for the " - "reason...\n"); - return -1; - } - - // TODO: rewrite this... using it to define profiles atm... - emu.emulate(); + const auto vm_entry_rva = + std::strtoull(parser.get("vmentry").c_str(), nullptr, 16); + + vm::vmctx_t vmctx(module_base, image_base, image_size, vm_entry_rva); + if (!vmctx.init()) { + std::printf( + "[!] failed to init vmctx... this can be for many reasons..." + " try validating your vm entry rva... make sure the binary is " + "unpacked and is" + "protected with VMProtect 3...\n"); + return -1; } + + vm::emu_t emu(&vmctx); + if (!emu.init()) { + std::printf( + "[!] failed to init vm::emu_t... read above in the console for the " + "reason...\n"); + return -1; + } + + // TODO: rewrite this... using it to define profiles atm... + emu.emulate(); } } \ No newline at end of file diff --git a/src/vmemu_t.cpp b/src/vmemu_t.cpp index 6696972..a39bdb7 100644 --- a/src/vmemu_t.cpp +++ b/src/vmemu_t.cpp @@ -192,10 +192,9 @@ bool emu_t::code_exec_callback(uc_engine* uc, std::getchar(); } - if (vinstr.mnemonic == vm::instrs::mnemonic_t::jmp) { - obj->cc_trace.m_vip = obj->vip; - obj->cc_trace.m_vsp = obj->vsp; - } + obj->cc_trace.m_vip = obj->vip; + obj->cc_trace.m_vsp = obj->vsp; + obj->vinstrs.push_back(vinstr); // free the trace since we will start a new one... std::for_each(obj->cc_trace.m_instrs.begin(), obj->cc_trace.m_instrs.end(), @@ -204,6 +203,10 @@ bool emu_t::code_exec_callback(uc_engine* uc, }); obj->cc_trace.m_instrs.clear(); + + if (vinstr.mnemonic == vm::instrs::mnemonic_t::jmp || + vinstr.mnemonic == vm::instrs::mnemonic_t::vmexit) + uc_emu_stop(obj->uc); } return true; }