You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 lines
1.1 KiB
41 lines
1.1 KiB
#pragma once
|
|
#include <Windows.h>
|
|
#include <algorithm>
|
|
#include <vmprofiler.hpp>
|
|
|
|
#include "parser.h"
|
|
|
|
#define NT_HEADER( x ) \
|
|
reinterpret_cast< PIMAGE_NT_HEADERS64 >( reinterpret_cast< PIMAGE_DOS_HEADER >( x )->e_lfanew + x )
|
|
|
|
namespace vm
|
|
{
|
|
struct base_data_t
|
|
{
|
|
std::uintptr_t module_base;
|
|
std::uintptr_t image_base;
|
|
};
|
|
|
|
struct vinstr_data
|
|
{
|
|
std::uint8_t vm_handler;
|
|
std::uint64_t operand;
|
|
std::uint8_t imm_size; // size in bits...
|
|
};
|
|
|
|
class compiler_t
|
|
{
|
|
public:
|
|
explicit compiler_t( vm::ctx_t* vmctx );
|
|
std::pair< bool, std::vector< vinstr_data > * > encode();
|
|
std::pair< std::uint64_t, std::vector< std::uint8_t > * > encrypt();
|
|
std::uint64_t encrypt_rva( std::uint64_t rva );
|
|
|
|
private:
|
|
vm::ctx_t *vmctx;
|
|
transform::map_t calc_jmp_transforms;
|
|
std::vector< vinstr_data > vinstrs;
|
|
std::vector< std::uint8_t > result_buffer;
|
|
std::vector< zydis_decoded_instr_t > encrypt_vinstrs_rva;
|
|
};
|
|
} // namespace vm
|