added a new vmctx which removes calc_jmp and such

main
xerox 2 years ago
parent 5e0e7ab06b
commit 2e7281f900

1
.gitignore vendored

@ -5,3 +5,4 @@ out/
.vs/
.cache/
*.exe
*.o

@ -78,7 +78,9 @@ list(APPEND vmprofiler_SOURCES
"dependencies/vmprofiler/include/vmprofiles.hpp"
"dependencies/vmprofiler/include/vmutils.hpp"
"dependencies/vmprofiler/include/scn.hpp"
"src/vmctx.cpp"
"src/vmlocate.cpp"
"include/vmctx.hpp"
"include/vmlocate.hpp"
"include/vmprofiler.hpp"
)

@ -0,0 +1,42 @@
#pragma once
#include <transform.hpp>
#include <vmp2.hpp>
namespace vm {
/// <summary>
/// vm::ctx_t class is used to auto generate vm_entry, calc_jmp, and other
/// per-vm entry information... creating a vm::ctx_t object can make it easier
/// to pass around information pertaining to a given vm entry...
/// </summary>
class ctx_t {
public:
/// <summary>
/// default constructor for vm::ctx_t... all information for a given vm entry
/// must be provided...
/// </summary>
/// <param name="module_base">the linear virtual address of the module
/// base...</param> <param name="image_base">image base from optional nt
/// header... <a
/// href="https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_optional_header64">IMAGE_OPTIONAL_HEADER64</a>...</param>
/// <param name="image_size">image size from optional nt header... <a
/// href="https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_optional_header64">IMAGE_OPTIONAL_HEADER64</a>...</param>
/// <param name="vm_entry_rva">relative virtual address from the module base
/// address to the first push prior to a vm entry...</param>
explicit ctx_t(std::uintptr_t module_base, std::uintptr_t image_base,
std::uintptr_t image_size, std::uintptr_t vm_entry_rva);
/// <summary>
/// init all per-vm entry data such as vm_entry, calc_jmp, and vm handlers...
/// </summary>
/// <returns>returns true if no errors...</returns>
bool init();
const std::uintptr_t module_base, image_base, vm_entry_rva, image_size;
/// <summary>
/// the order in which VIP advances...
/// </summary>
vmp2::exec_type_t exec_type;
zydis_routine_t vm_entry;
};
} // namespace vm

@ -0,0 +1,19 @@
#include <vmctx.hpp>
namespace vm
{
ctx_t::ctx_t( std::uintptr_t module_base, std::uintptr_t image_base, std::uintptr_t image_size,
std::uintptr_t vm_entry_rva )
: module_base( module_base ), image_base( image_base ), image_size( image_size ), vm_entry_rva( vm_entry_rva )
{
}
bool ctx_t::init()
{
if ( !vm::util::flatten( vm_entry, vm_entry_rva + module_base ) )
return false;
vm::util::deobfuscate( vm_entry );
return true;
}
} // namespace vm
Loading…
Cancel
Save