You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 lines
1.5 KiB
47 lines
1.5 KiB
#pragma once
|
|
#include <Windows.h>
|
|
#include <algorithm>
|
|
#include <vmprofiler.hpp>
|
|
|
|
#include "parser.h"
|
|
|
|
#define NT_HEADER( x ) \
|
|
reinterpret_cast< PIMAGE_NT_HEADERS64 >( reinterpret_cast< PIMAGE_DOS_HEADER >( x )->e_lfanew + x )
|
|
|
|
namespace vm
|
|
{
|
|
struct base_data_t
|
|
{
|
|
std::uintptr_t module_base;
|
|
std::uintptr_t image_base;
|
|
};
|
|
|
|
struct vinstr_data
|
|
{
|
|
std::uint8_t vm_handler;
|
|
std::uint64_t operand;
|
|
std::uint8_t imm_size; // size in bits...
|
|
};
|
|
|
|
class compiler_t
|
|
{
|
|
public:
|
|
explicit compiler_t( base_data_t base_data, vmp2::exec_type_t exec_type,
|
|
std::vector< vm::handler::handler_t > *vm_handlers, zydis_routine_t *calc_jmp,
|
|
zydis_routine_t *vm_entry );
|
|
|
|
std::pair< bool, std::vector< vinstr_data > * > encode();
|
|
std::pair< std::uint64_t, std::vector< std::uint8_t > * > encrypt();
|
|
std::uint64_t encrypt_rva( std::uint64_t rva );
|
|
|
|
private:
|
|
transform::map_t calc_jmp_transforms;
|
|
zydis_routine_t *calc_jmp, *vm_entry;
|
|
std::vector< vm::handler::handler_t > *vm_handlers;
|
|
vmp2::exec_type_t exec_type;
|
|
std::vector< vinstr_data > vinstrs;
|
|
std::vector< std::uint8_t > result_buffer;
|
|
std::vector< zydis_decoded_instr_t > encrypt_vinstrs_rva;
|
|
std::uintptr_t image_base, module_base;
|
|
};
|
|
} // namespace vm
|