vmp2
/
vmdevirt
3
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

added some more code for lifting... there is much more work to do!

Browse Source
colton
_xeroxz 3 years ago
parent b3bf2cd732
commit dc11778ec9
6 changed files with 51 additions and 16 deletions
Show Stats Download Patch File Download Diff File

2
dependencies/vmprofiler vendored

@ -1 +1 @@
Subproject commit 647eeef8face8101523452e93f21312b64ef20fb Subproject commit ef9e9c1cb2f69abfc5ea070db71ef57b4316bb87

21
include/vm_lifters.hpp
Unescape View File

@ -1,4 +1,5 @@
#pragma once #pragma once
#include <functional>
#include <vmp_rtn.hpp> #include <vmp_rtn.hpp>
#include <vmprofiler.hpp> #include <vmprofiler.hpp>
@ -17,6 +18,20 @@
namespace vmp2::lifters namespace vmp2::lifters
{ {
bool lift( vm::vmp_rtn_t *rtn, const vm::instrs::code_block_t &vm_code_block, const vm::instrs::virt_instr_t &vinstr, using lifter_callback_t =
llvm::IRBuilder<> *ir_builder ); std::function< void( vm::vmp_rtn_t *rtn, const vm::instrs::code_block_t &vm_code_block,
} const vm::instrs::virt_instr_t &vinstr, llvm::IRBuilder<> *ir_builder ) >;
extern lifter_callback_t lconstq;
inline std::map< vm::handler::mnemonic_t, lifter_callback_t * > lifters = { { vm::handler::LCONSTQ, &lconstq } };
inline bool lift( vm::vmp_rtn_t *rtn, const vm::instrs::code_block_t &vm_code_block,
const vm::instrs::virt_instr_t &vinstr, llvm::IRBuilder<> *ir_builder )
{
if ( vinstr.mnemonic_t == vm::handler::INVALID || lifters.find( vinstr.mnemonic_t ) == lifters.end() )
return false;
( *( lifters[ vinstr.mnemonic_t ] ) )( rtn, vm_code_block, vinstr, ir_builder );
return true;
}
} // namespace vmp2::lifters

9
include/vmp_rtn.hpp
Unescape View File

@ -23,17 +23,14 @@ namespace vm
explicit vmp_rtn_t( llvm::LLVMContext *llvm_ctx, llvm::Module *llvm_module, std::uintptr_t rtn_begin, explicit vmp_rtn_t( llvm::LLVMContext *llvm_ctx, llvm::Module *llvm_module, std::uintptr_t rtn_begin,
std::vector< vm::instrs::code_block_t > vmp2_code_blocks ); std::vector< vm::instrs::code_block_t > vmp2_code_blocks );
~vmp_rtn_t();
llvm::Function *lift( void ); llvm::Function *lift( void );
private:
llvm::LLVMContext *llvm_ctx; llvm::LLVMContext *llvm_ctx;
llvm::Module *llvm_module; llvm::Module *llvm_module;
private:
std::uintptr_t rtn_begin; std::uintptr_t rtn_begin;
llvm::Function* llvm_fptr; llvm::Function *llvm_fptr;
std::shared_ptr< llvm::IRBuilder<> > ir_builder; std::shared_ptr< llvm::IRBuilder<> > ir_builder;
llvm::AllocaInst *virutal_registers; llvm::AllocaInst *virutal_registers, *virtual_stack;
std::vector< llvm::BasicBlock * > llvm_code_blocks; std::vector< llvm::BasicBlock * > llvm_code_blocks;
std::vector< vm::instrs::code_block_t > vmp2_code_blocks; std::vector< vm::instrs::code_block_t > vmp2_code_blocks;
}; };

9
src/lifters/lconst.cpp
Unescape View File

@ -0,0 +1,9 @@
#include <vm_lifters.hpp>
namespace vmp2::lifters
{
lifter_callback_t lconstq = [ & ]( vm::vmp_rtn_t *rtn, const vm::instrs::code_block_t &vm_code_block,
const vm::instrs::virt_instr_t &vinstr, llvm::IRBuilder<> *ir_builder ) {
auto push_val = llvm::ConstantInt::get( llvm::IntegerType::getInt64Ty( *rtn->llvm_ctx ), vinstr.operand.imm.u );
};
}

1
src/main.cpp
Unescape View File

@ -65,4 +65,5 @@ int main( int argc, const char *argv[] )
Module llvm_module( "VMProtect 2 Static Devirtualizer", llvm_ctx ); Module llvm_module( "VMProtect 2 Static Devirtualizer", llvm_ctx );
vm::vmp_rtn_t vmp_rtn( &llvm_ctx, &llvm_module, first_block->vip_begin, vmp_code_blocks ); vm::vmp_rtn_t vmp_rtn( &llvm_ctx, &llvm_module, first_block->vip_begin, vmp_code_blocks );
vmp_rtn.lift();
} }

25
src/vmp_rtn.cpp
Unescape View File

@ -34,15 +34,28 @@ namespace vm
virutal_registers = ir_builder->CreateAlloca( virutal_registers = ir_builder->CreateAlloca(
llvm::ArrayType::get( llvm::IntegerType::get( *llvm_ctx, 64 ), 24 ), nullptr, "vregs" ); llvm::ArrayType::get( llvm::IntegerType::get( *llvm_ctx, 64 ), 24 ), nullptr, "vregs" );
llvm_fptr->print( llvm::outs() ); // allocate stack space...
} virtual_stack = ir_builder->CreateAlloca( llvm::ArrayType::get( llvm::IntegerType::get( *llvm_ctx, 8 ), 1024 ),
nullptr, "stack" );
vmp_rtn_t::~vmp_rtn_t()
{
} }
llvm::Function *vmp_rtn_t::lift( void ) llvm::Function *vmp_rtn_t::lift( void )
{ {
return {}; auto &code_blocks = llvm_fptr->getBasicBlockList();
for ( auto idx = 0u; idx < code_blocks.size(); ++idx )
{
for ( auto &vinstr : vmp2_code_blocks[ idx ].vinstrs )
{
if ( !vmp2::lifters::lift( this, vmp2_code_blocks[ idx ], vinstr, ir_builder.get() ) )
{
std::printf( "> failed to devirtualize virtual instruction with vm handler index = %d\n",
vinstr.opcode );
llvm_fptr->print( llvm::outs() );
return nullptr;
}
}
}
return llvm_fptr;
} }
} // namespace vm } // namespace vm
Write Preview
Loading…
Cancel
Save