From 5775d5ae65b3834b9be54d411f4824a5c02e94e1 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Wed, 1 Sep 2021 13:45:26 -0700 Subject: [PATCH] added more lifters... --- include/vm_lifters.hpp | 8 +++++--- src/devirt_utils.cpp | 24 ------------------------ src/lifters/pushvsp.cpp | 13 +++++++++++-- src/lifters/shld.cpp | 19 ++++++++++++++++++- 4 files changed, 34 insertions(+), 30 deletions(-) diff --git a/include/vm_lifters.hpp b/include/vm_lifters.hpp index b93d565..94e87ec 100644 --- a/include/vm_lifters.hpp +++ b/include/vm_lifters.hpp @@ -36,14 +36,14 @@ namespace vm static lifter_callback_t lregq, lregdw; static lifter_callback_t imulq, imuldw; static lifter_callback_t mulq, muldw; - static lifter_callback_t pushvsp; + static lifter_callback_t pushvspq, pushvspdw; static lifter_callback_t popvsp; static lifter_callback_t writeq, writedw, writew, writeb; static lifter_callback_t readq, readdw, readw, readb; static lifter_callback_t nandq, nanddw, nandw, nandb; static lifter_callback_t shrq, shrdw, shrw, shrb; static lifter_callback_t shlq, shldw; - static lifter_callback_t shlddw; + static lifter_callback_t shldq, shlddw; static lifter_callback_t shrdq, shrddw; static lifter_callback_t jmp; static lifter_callback_t lflagsq; @@ -76,6 +76,7 @@ namespace vm { vm::handler::SHRB, &shrb }, { vm::handler::SHLQ, &shlq }, { vm::handler::SHLDW, &shldw }, + { vm::handler::SHLDQ, &shldq }, { vm::handler::SHLDDW, &shlddw }, { vm::handler::SHRDQ, &shrdq }, { vm::handler::SHRDDW, &shrddw }, @@ -83,7 +84,8 @@ namespace vm { vm::handler::IMULDW, &imuldw }, { vm::handler::MULQ, &mulq }, { vm::handler::MULDW, &muldw }, - { vm::handler::PUSHVSPQ, &pushvsp }, + { vm::handler::PUSHVSPQ, &pushvspq }, + { vm::handler::PUSHVSPDW, &pushvspdw }, { vm::handler::POPVSPQ, &popvsp }, { vm::handler::SREGQ, &sregq }, { vm::handler::SREGDW, &sregdw }, diff --git a/src/devirt_utils.cpp b/src/devirt_utils.cpp index ff8d310..255d97f 100644 --- a/src/devirt_utils.cpp +++ b/src/devirt_utils.cpp @@ -193,30 +193,6 @@ namespace devirt } } ); - auto resize_cnt = new_relocs.size() * ( sizeof( win::reloc_entry_t ) + sizeof( win::reloc_block_t ) ); - map_buff.resize( map_img->get_nt_headers()->optional_header.size_image += resize_cnt ); - - map_img = reinterpret_cast< win::image_t<> * >( map_buff.data() ); - auto basereloc_dir = map_img->get_directory( win::directory_id::directory_entry_basereloc ); - auto reloc_dir = reinterpret_cast< win::reloc_directory_t * >( basereloc_dir->rva + map_buff.data() ); - - basereloc_dir->size += resize_cnt; - for ( const auto &[ reloc_rva, reloc_offset ] : new_relocs ) - { - win::reloc_block_t *reloc_block = &reloc_dir->first_block; - while ( reloc_block->base_rva && reloc_block->size_block ) - reloc_block = reloc_block->next(); - - reloc_block->base_rva = reloc_rva; - reloc_block->size_block = sizeof( win::reloc_entry_t ) + sizeof uint64_t; - - reloc_block->next()->base_rva = 0ull; - reloc_block->next()->size_block = 0ull; - - reloc_block->entries[ 0 ].type = win::reloc_type_id::rel_based_dir64; - reloc_block->entries[ 0 ].offset = reloc_offset; - } - // replace bin vector with map_buff vector... bin.clear(); bin.insert( bin.begin(), map_buff.begin(), map_buff.end() ); diff --git a/src/lifters/pushvsp.cpp b/src/lifters/pushvsp.cpp index 0b91ba8..0e50fb4 100644 --- a/src/lifters/pushvsp.cpp +++ b/src/lifters/pushvsp.cpp @@ -2,7 +2,7 @@ namespace vm { - lifters_t::lifter_callback_t lifters_t::pushvsp = + lifters_t::lifter_callback_t lifters_t::pushvspq = [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, const vm::instrs::virt_instr_t &vinstr, llvm::IRBuilder<> *ir_builder ) { auto &vmp_rtn = rtn->vmp_rtns.back(); @@ -10,4 +10,13 @@ namespace vm auto stack_ptr = ir_builder->CreatePtrToInt( stack, ir_builder->getInt64Ty() ); rtn->push( 8, stack_ptr ); }; -} \ No newline at end of file + + lifters_t::lifter_callback_t lifters_t::pushvspdw = + [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, const vm::instrs::virt_instr_t &vinstr, + llvm::IRBuilder<> *ir_builder ) { + auto &vmp_rtn = rtn->vmp_rtns.back(); + auto stack = ir_builder->CreateLoad( vmp_rtn->stack ); + auto stack_ptr = ir_builder->CreatePtrToInt( stack, ir_builder->getInt32Ty() ); + rtn->push( 4, stack_ptr ); + }; +} // namespace vm \ No newline at end of file diff --git a/src/lifters/shld.cpp b/src/lifters/shld.cpp index f1b1567..ca14358 100644 --- a/src/lifters/shld.cpp +++ b/src/lifters/shld.cpp @@ -2,6 +2,23 @@ namespace vm { + lifters_t::lifter_callback_t lifters_t::shldq = + [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, const vm::instrs::virt_instr_t &vinstr, + llvm::IRBuilder<> *ir_builder ) { + auto t1 = rtn->pop( 8 ); + auto t2 = rtn->pop( 8 ); + auto t3 = rtn->pop( 2 ); + + // TODO: this is wrong - replace with more logic! + auto t4 = ir_builder->CreateShl( t1, ir_builder->CreateIntCast( t3, ir_builder->getInt64Ty(), false ) ); + + rtn->push( 8, t4 ); + auto &vmp_rtn = rtn->vmp_rtns.back(); + + // TODO: update rflags... + rtn->push( 8, rtn->load_value( 8, vmp_rtn->flags ) ); + }; + lifters_t::lifter_callback_t lifters_t::shlddw = [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, const vm::instrs::virt_instr_t &vinstr, llvm::IRBuilder<> *ir_builder ) { @@ -18,4 +35,4 @@ namespace vm // TODO: update rflags... rtn->push( 8, rtn->load_value( 8, vmp_rtn->flags ) ); }; -} \ No newline at end of file +} // namespace vm \ No newline at end of file