From 1b2b79e3e91916da08179663d672634db7c35d4c Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Fri, 7 Jan 2022 17:36:25 -0800
Subject: [PATCH] added nop vm handler

---
 CMakeLists.txt         |  1 +
 include/vminstrs.hpp   | 16 ++++++++++++++--
 src/vmprofiles/nop.cpp | 25 +++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 src/vmprofiles/nop.cpp

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7e8f691..f6278f4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -60,6 +60,7 @@ list(APPEND vmprofiler_SOURCES
 	"src/vmprofiles/lreg.cpp"
 	"src/vmprofiles/lvsp.cpp"
 	"src/vmprofiles/nand.cpp"
+	"src/vmprofiles/nop.cpp"
 	"src/vmprofiles/nor.cpp"
 	"src/vmprofiles/read.cpp"
 	"src/vmprofiles/shr.cpp"
diff --git a/include/vminstrs.hpp b/include/vminstrs.hpp
index a54cc56..40de027 100644
--- a/include/vminstrs.hpp
+++ b/include/vminstrs.hpp
@@ -20,6 +20,7 @@ enum class mnemonic_t {
   mul,
   imul,
   nand,
+  nop,
   nor,
   read,
   write,
@@ -143,6 +144,11 @@ struct vblk_t {
       zydis_reg_t vip;
       zydis_reg_t vsp;
     } m_vm;
+
+    /// <summary>
+    /// first instruction of the virtual jmp handler...
+    /// </summary>
+    std::uintptr_t rip;
   } m_jmp;
 
   /// <summary>
@@ -208,6 +214,11 @@ struct hndlr_trace_t {
   /// </summary>
   std::uint8_t* m_stack;
 
+  /// <summary>
+  /// rip at the beginning of the trace...
+  /// </summary>
+  std::uintptr_t m_begin;
+
   /// <summary>
   /// native register used for virtual instruction pointer...
   /// </summary>
@@ -279,6 +290,7 @@ extern profiler_t add;
 extern profiler_t lvsp;
 extern profiler_t svsp;
 extern profiler_t nand;
+extern profiler_t nop;
 extern profiler_t nor;
 extern profiler_t read;
 extern profiler_t write;
@@ -290,8 +302,8 @@ extern profiler_t vmexit;
 /// unsorted vector of profiles... they get sorted once at runtime...
 /// </summary>
 inline std::vector<profiler_t*> profiles = {
-    &vmexit, &shr,  &imul, &nor, &write, &svsp, &read,
-    &nand,   &lvsp, &add,  &jmp, &sreg,  &lreg, &lconst};
+    &vmexit, &shr, &imul, &nor,  &write, &svsp,   &read, &nand,
+    &lvsp,   &add, &jmp,  &sreg, &lreg,  &lconst, &nop};
 
 /// <summary>
 /// no i did not make this by hand, you cannot clown upon me!
diff --git a/src/vmprofiles/nop.cpp b/src/vmprofiles/nop.cpp
new file mode 100644
index 0000000..5adaab2
--- /dev/null
+++ b/src/vmprofiles/nop.cpp
@@ -0,0 +1,25 @@
+#include <vminstrs.hpp>
+
+namespace vm::instrs {
+profiler_t nop = {
+    "NOP",
+    mnemonic_t::nop,
+    {{// LEA REG, [0x0] ; disp is -7...
+      [&](const zydis_reg_t vip,
+          const zydis_reg_t vsp,
+          const zydis_decoded_instr_t& instr) -> bool {
+        return instr.mnemonic == ZYDIS_MNEMONIC_LEA &&
+               instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+               instr.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY &&
+               instr.operands[1].mem.disp.has_displacement &&
+               instr.operands[1].mem.disp.value == -7;
+      }}},
+    [&](zydis_reg_t& vip,
+        zydis_reg_t& vsp,
+        hndlr_trace_t& hndlr) -> std::optional<vinstr_t> {
+      vinstr_t res;
+      res.mnemonic = mnemonic_t::nop;
+      res.imm.has_imm = false;
+      return res;
+    }};
+}
\ No newline at end of file