preparing to add labels to the virtual assembly language..

merge-requests/2/head
_xeroxz 4 years ago
parent a1b1b49c18
commit 73654873ef

@ -4,17 +4,19 @@ namespace vm
{
compiler_t::compiler_t( vm::ctx_t *vmctx ) : vmctx( vmctx )
{
if ( !parse_t::get_instance()->for_each( [ & ]( _vinstr_meta *vinstr ) -> bool {
std::printf( "> vinstr name = %s, has imm = %d, imm = 0x%p\n", vinstr->name.c_str(), vinstr->has_imm,
vinstr->imm );
if ( !parse_t::get_instance()->for_each( [ & ]( _vlabel_meta *label_data ) -> bool {
for ( const auto &vinstr : label_data->vinstrs )
{
std::printf( "> vinstr name = %s, has imm = %d, imm = 0x%p\n", vinstr.name.c_str(), vinstr.has_imm,
vinstr.imm );
for ( auto &vm_handler : vmctx->vm_handlers )
if ( vm_handler.profile && vm_handler.profile->name == vinstr->name )
if ( vm_handler.profile && vm_handler.profile->name == vinstr.name )
return true;
std::printf( "[!] this vm protected file does not have the vm handler for: %s...\n",
vinstr->name.c_str() );
vinstr.name.c_str() );
}
return false;
} ) )
{
@ -41,25 +43,29 @@ namespace vm
}
}
std::pair< bool, std::vector< vinstr_data > * > compiler_t::encode()
std::vector< vlabel_data > *compiler_t::encode()
{
parse_t::get_instance()->for_each( [ & ]( _vlabel_meta *label_data ) -> bool {
for ( const auto &vinstr : label_data->vinstrs )
{
parse_t::get_instance()->for_each( [ & ]( _vinstr_meta *vinstr ) -> bool {
for ( auto itr = vmctx->vm_handlers.begin(); itr != vmctx->vm_handlers.end(); ++itr )
{
if ( itr->profile && itr->profile->name == vinstr->name )
vinstrs.push_back( { label_data->label_name } );
if ( itr->profile && itr->profile->name == vinstr.name )
{
vinstrs.push_back(
{ ( std::uint8_t )( itr - vmctx->vm_handlers.begin() ), vinstr->imm, itr->profile->imm_size } );
vinstrs.back().vinstrs.push_back( { ( std::uint8_t )( itr - vmctx->vm_handlers.begin() ),
vinstr.imm, itr->profile->imm_size } );
break;
}
}
}
return true;
} );
return { true, &vinstrs };
return &vinstrs;
}
std::pair< std::uint64_t, std::vector< std::uint8_t > * > compiler_t::encrypt()
std::vector< compiled_label_data > compiler_t::encrypt()
{
const auto end_of_module = vmctx->image_size + vmctx->image_base;

@ -23,19 +23,30 @@ namespace vm
std::uint8_t imm_size; // size in bits...
};
struct vlabel_data
{
std::string label_name;
std::vector< vinstr_data > vinstrs;
};
struct compiled_label_data
{
std::string label_name;
std::uintptr_t enc_alloc_rva;
std::vector< std::uint8_t > vinstrs;
};
class compiler_t
{
public:
explicit compiler_t( vm::ctx_t* vmctx );
std::pair< bool, std::vector< vinstr_data > * > encode();
std::pair< std::uint64_t, std::vector< std::uint8_t > * > encrypt();
std::uint64_t encrypt_rva( std::uint64_t rva );
explicit compiler_t( vm::ctx_t *vmctx );
std::vector< vlabel_data > *encode();
std::vector< compiled_label_data > encrypt();
private:
vm::ctx_t *vmctx;
transform::map_t calc_jmp_transforms;
std::vector< vinstr_data > vinstrs;
std::vector< std::uint8_t > result_buffer;
std::vector< vlabel_data > vinstrs;
std::vector< zydis_decoded_instr_t > encrypt_vinstrs_rva;
};
} // namespace vm

@ -22,6 +22,11 @@ void yyerror( char *msg )
std::printf( "[!] parsing failure: %s\n", msg );
}
void generate_header( std::vector< std::uint8_t > &virt_instrs, std::string image_path )
{
}
int __cdecl main( int argc, const char *argv[] )
{
argparse::argument_parser_t argp( "vmassembler", "virtual instruction assembler" );
@ -137,22 +142,7 @@ int __cdecl main( int argc, const char *argv[] )
}
}
}
std::printf( "\n" );
//
// write the result to disk...
//
vmasm::file_header_t file_header;
file_header.magic = VASM_MAGIC;
file_header.epoch_time = std::time( nullptr );
file_header.vasm_size = result_buffer->size();
file_header.alloc_rva = ( entry_rva - image_base );
file_header.vasm_offset = sizeof vmasm::file_header_t;
file_header.encrypted_rva = compiler.encrypt_rva( entry_rva );
std::ofstream output( argp.get< std::string >( "output" ), std::ios::binary );
output.write( reinterpret_cast< char * >( &file_header ), sizeof file_header );
output.write( reinterpret_cast< char * >( result_buffer->data() ), result_buffer->size() );
output.close();
std::printf( "\n" );
generate_header( *result_buffer, argp.get< std::string >( "output" ) );
}

@ -10,16 +10,19 @@ auto parse_t::get_instance() -> parse_t *
return &obj;
}
void parse_t::add_label( std::string label_name )
{
vinstrs.push_back( { label_name } );
}
void parse_t::add_vinstr( std::string vinstr_name )
{
_vinstr_meta data{ vinstr_name, false, 0u };
vinstrs.push_back( data );
vinstrs.back().vinstrs.push_back( { vinstr_name, false, 0u } );
}
void parse_t::add_vinstr( std::string vinstr_name, std::uintptr_t imm_val )
{
_vinstr_meta data{ vinstr_name, true, imm_val };
vinstrs.push_back( data );
vinstrs.back().vinstrs.push_back( { vinstr_name, true, imm_val } );
}
bool parse_t::for_each( callback_t callback )

@ -12,7 +12,13 @@ struct _vinstr_meta
std::uintptr_t imm;
};
using callback_t = std::function< bool( _vinstr_meta * ) >;
struct _vlabel_meta
{
std::string label_name;
std::vector< _vinstr_meta > vinstrs;
};
using callback_t = std::function< bool( _vlabel_meta * ) >;
// this singleton class contains all the
// information for parsed virtual instructions...
@ -20,11 +26,12 @@ class parse_t
{
public:
static auto get_instance() -> parse_t *;
void add_label( std::string label_name );
void add_vinstr( std::string vinstr_name );
void add_vinstr( std::string vinstr_name, std::uintptr_t imm_val );
bool for_each( callback_t callback );
private:
parse_t();
std::vector< _vinstr_meta > vinstrs;
std::vector< _vlabel_meta > vinstrs;
};
Loading…
Cancel
Save