From b88c7b9321ea64989666ac19534d425b40369c6f Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Fri, 7 Jan 2022 15:39:25 -0800
Subject: [PATCH] updated how vm::instrs::determine works...

---
 include/vminstrs.hpp | 10 +++++++++-
 src/vminstrs.cpp     |  6 +++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/include/vminstrs.hpp b/include/vminstrs.hpp
index 8db1ebd..a54cc56 100644
--- a/include/vminstrs.hpp
+++ b/include/vminstrs.hpp
@@ -2,6 +2,9 @@
 #include <unicorn/unicorn.h>
 #include <vmutils.hpp>
 
+#define VIRTUAL_REGISTER_COUNT 24
+#define VIRTUAL_SEH_REGISTER 24
+
 namespace vm::instrs {
 /// <summary>
 /// mnemonic representation of supported virtual instructions...
@@ -135,6 +138,11 @@ struct vblk_t {
     /// unicorn-engine stack of the first instruction of the jmp handler...
     /// </summary>
     std::uint8_t* stack;
+
+    struct {
+      zydis_reg_t vip;
+      zydis_reg_t vsp;
+    } m_vm;
   } m_jmp;
 
   /// <summary>
@@ -380,7 +388,7 @@ void init();
 /// <param name="vsp">vsp native register...</param>
 /// <param name="hndlr"></param>
 /// <returns>returns vinstr_t structure...</returns>
-vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr);
+vinstr_t determine(hndlr_trace_t& hndlr);
 
 /// <summary>
 /// get profile from mnemonic...
diff --git a/src/vminstrs.cpp b/src/vminstrs.cpp
index 2453341..4b25806 100644
--- a/src/vminstrs.cpp
+++ b/src/vminstrs.cpp
@@ -127,7 +127,7 @@ void init() {
               });
 }
 
-vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr) {
+vinstr_t determine(hndlr_trace_t& hndlr) {
   const auto& instrs = hndlr.m_instrs;
   const auto profile = std::find_if(
       profiles.begin(), profiles.end(), [&](profiler_t* profile) -> bool {
@@ -136,7 +136,7 @@ vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr) {
               std::find_if(instrs.begin(), instrs.end(),
                            [&](const emu_instr_t& instr) -> bool {
                              const auto& i = instr.m_instr;
-                             return matcher(vip, vsp, i);
+                             return matcher(hndlr.m_vip, hndlr.m_vsp, i);
                            });
           if (matched == instrs.end())
             return false;
@@ -147,7 +147,7 @@ vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr) {
   if (profile == profiles.end())
     return vinstr_t{mnemonic_t::unknown};
 
-  auto result = (*profile)->generate(vip, vsp, hndlr);
+  auto result = (*profile)->generate(hndlr.m_vip, hndlr.m_vsp, hndlr);
   return result.has_value() ? result.value() : vinstr_t{mnemonic_t::unknown};
 }