From 2e7281f9001a4cb804a23f886bd26889c4d1ceae Mon Sep 17 00:00:00 2001
From: xerox <xerox@back.engineer>
Date: Sun, 19 Dec 2021 21:28:19 -0800
Subject: [PATCH] added a new vmctx which removes calc_jmp and such

---
 .gitignore        |  3 ++-
 CMakeLists.txt    |  2 ++
 include/vmctx.hpp | 42 ++++++++++++++++++++++++++++++++++++++++++
 src/vmctx.cpp     | 19 +++++++++++++++++++
 4 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 include/vmctx.hpp
 create mode 100644 src/vmctx.cpp

diff --git a/.gitignore b/.gitignore
index ca8a652..d465bda 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,5 @@ build*/
 out/
 .vs/
 .cache/
-*.exe
\ No newline at end of file
+*.exe
+*.o
\ No newline at end of file
diff --git a/CMakeLists.txt b/CMakeLists.txt
index e9f7176..22a69fe 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -78,7 +78,9 @@ list(APPEND vmprofiler_SOURCES
 	"dependencies/vmprofiler/include/vmprofiles.hpp"
 	"dependencies/vmprofiler/include/vmutils.hpp"
 	"dependencies/vmprofiler/include/scn.hpp"
+	"src/vmctx.cpp"
 	"src/vmlocate.cpp"
+	"include/vmctx.hpp"
 	"include/vmlocate.hpp"
 	"include/vmprofiler.hpp"
 )
diff --git a/include/vmctx.hpp b/include/vmctx.hpp
new file mode 100644
index 0000000..880ef41
--- /dev/null
+++ b/include/vmctx.hpp
@@ -0,0 +1,42 @@
+#pragma once
+#include <transform.hpp>
+#include <vmp2.hpp>
+
+namespace vm {
+/// <summary>
+/// vm::ctx_t class is used to auto generate vm_entry, calc_jmp, and other
+/// per-vm entry information... creating a vm::ctx_t object can make it easier
+/// to pass around information pertaining to a given vm entry...
+/// </summary>
+class ctx_t {
+ public:
+  /// <summary>
+  /// default constructor for vm::ctx_t... all information for a given vm entry
+  /// must be provided...
+  /// </summary>
+  /// <param name="module_base">the linear virtual address of the module
+  /// base...</param> <param name="image_base">image base from optional nt
+  /// header... <a
+  /// href="https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_optional_header64">IMAGE_OPTIONAL_HEADER64</a>...</param>
+  /// <param name="image_size">image size from optional nt header... <a
+  /// href="https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_optional_header64">IMAGE_OPTIONAL_HEADER64</a>...</param>
+  /// <param name="vm_entry_rva">relative virtual address from the module base
+  /// address to the first push prior to a vm entry...</param>
+  explicit ctx_t(std::uintptr_t module_base, std::uintptr_t image_base,
+                 std::uintptr_t image_size, std::uintptr_t vm_entry_rva);
+
+  /// <summary>
+  /// init all per-vm entry data such as vm_entry, calc_jmp, and vm handlers...
+  /// </summary>
+  /// <returns>returns true if no errors...</returns>
+  bool init();
+
+  const std::uintptr_t module_base, image_base, vm_entry_rva, image_size;
+
+  /// <summary>
+  /// the order in which VIP advances...
+  /// </summary>
+  vmp2::exec_type_t exec_type;
+  zydis_routine_t vm_entry;
+};
+}  // namespace vm
\ No newline at end of file
diff --git a/src/vmctx.cpp b/src/vmctx.cpp
new file mode 100644
index 0000000..ca2bd68
--- /dev/null
+++ b/src/vmctx.cpp
@@ -0,0 +1,19 @@
+#include <vmctx.hpp>
+
+namespace vm
+{
+    ctx_t::ctx_t( std::uintptr_t module_base, std::uintptr_t image_base, std::uintptr_t image_size,
+                  std::uintptr_t vm_entry_rva )
+        : module_base( module_base ), image_base( image_base ), image_size( image_size ), vm_entry_rva( vm_entry_rva )
+    {
+    }
+
+    bool ctx_t::init()
+    {
+        if ( !vm::util::flatten( vm_entry, vm_entry_rva + module_base ) )
+            return false;
+
+        vm::util::deobfuscate( vm_entry );
+        return true;
+    }
+} // namespace vm
\ No newline at end of file