diff --git a/src/vmemu_t.cpp b/src/vmemu_t.cpp index 6d80937..1b86dca 100644 --- a/src/vmemu_t.cpp +++ b/src/vmemu_t.cpp @@ -8,8 +8,7 @@ emu_t::emu_t(vm::ctx_t* vm_ctx) img_size(vm_ctx->image_size) {} emu_t::~emu_t() { - if (uc_ctx) - uc_close(uc_ctx); + if (uc_ctx) uc_close(uc_ctx); } bool emu_t::init() { @@ -53,8 +52,7 @@ bool emu_t::init() { for (auto iat_thunk = reinterpret_cast*>( import_dir->rva_first_thunk + g_vm_ctx->module_base); iat_thunk->address; ++iat_thunk) { - if (iat_thunk->is_ordinal) - continue; + if (iat_thunk->is_ordinal) continue; iat_thunk->function = IAT_VECTOR_TABLE; } } @@ -122,15 +120,13 @@ bool emu_t::get_trace(std::vector& entries) { return false; } - if (cc_block) - code_blocks.push_back(code_block); + if (cc_block) code_blocks.push_back(code_block); // code_blocks.size() will continue to grow as all branches are traced... // when idx is > code_blocks.size() then we have traced all branches... for (auto idx = 0u; idx < code_blocks.size(); ++idx) { const auto _code_block = code_blocks[idx]; - if (!_code_block.code_block.jcc.has_jcc) - continue; + if (!_code_block.code_block.jcc.has_jcc) continue; switch (_code_block.code_block.jcc.type) { case vm::instrs::jcc_type::branching: { @@ -379,9 +375,7 @@ uc_err emu_t::create_entry(vmp2::v2::entry_t* entry) { return UC_ERR_OK; } -bool emu_t::code_exec_callback(uc_engine* uc, - uint64_t address, - uint32_t size, +bool emu_t::code_exec_callback(uc_engine* uc, uint64_t address, uint32_t size, emu_t* obj) { uc_err err; vmp2::v2::entry_t vinstr_entry; @@ -497,8 +491,7 @@ bool emu_t::code_exec_callback(uc_engine* uc, } if (!vm_handler.profile) { - if (!g_force_emu) - obj->cc_block = nullptr; + if (!g_force_emu) obj->cc_block = nullptr; std::printf("> please define virtual machine handler (%p): \n\n", (vm_handler_addr - obj->g_vm_ctx->module_base) + @@ -507,8 +500,7 @@ bool emu_t::code_exec_callback(uc_engine* uc, vm::util::print(vm_handler.instrs); std::printf("\n\n"); - if (!g_force_emu) - exit(0); + if (!g_force_emu) exit(0); } auto vinstr = vm::instrs::get(*obj->g_vm_ctx, vinstr_entry); @@ -554,6 +546,7 @@ bool emu_t::code_exec_callback(uc_engine* uc, // emulated... auto jcc_data = vm::instrs::get_jcc_data(*obj->g_vm_ctx, obj->cc_block->code_block); + obj->cc_block->code_block.jcc = jcc_data.value(); // allocate space for the cpu context and stack... @@ -638,22 +631,17 @@ bool emu_t::code_exec_callback(uc_engine* uc, void emu_t::int_callback(uc_engine* uc, std::uint32_t intno, emu_t* obj) { uc_err err; std::uintptr_t rip = 0ull; - static ZydisDecoder decoder; - static ZydisDecodedInstruction instr; - - if (static std::atomic once{false}; !once.exchange(true)) - ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, - ZYDIS_ADDRESS_WIDTH_64); + static thread_local ZydisDecodedInstruction instr; if ((err = uc_reg_read(uc, UC_X86_REG_RIP, &rip))) { std::printf("> failed to read rip... reason = %d\n", err); return; } - if (!ZYAN_SUCCESS(ZydisDecoderDecodeBuffer( - &decoder, reinterpret_cast(rip), PAGE_4KB, &instr))) { + if (!ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(vm::util::g_decoder.get(), + reinterpret_cast(rip), + PAGE_4KB, &instr))) { std::printf("> failed to decode instruction at = 0x%p\n", rip); - if ((err = uc_emu_stop(uc))) { std::printf("> failed to stop emulation, exiting... reason = %d\n", err); exit(0); @@ -661,7 +649,8 @@ void emu_t::int_callback(uc_engine* uc, std::uint32_t intno, emu_t* obj) { return; } - // advance rip over the instruction that caused the exception... + // advance rip over the instruction that caused the exception... this is + // usually a division by 0... rip += instr.length; if ((err = uc_reg_write(uc, UC_X86_REG_RIP, &rip))) { @@ -670,12 +659,8 @@ void emu_t::int_callback(uc_engine* uc, std::uint32_t intno, emu_t* obj) { } } -void emu_t::invalid_mem(uc_engine* uc, - uc_mem_type type, - uint64_t address, - int size, - int64_t value, - emu_t* obj) { +void emu_t::invalid_mem(uc_engine* uc, uc_mem_type type, uint64_t address, + int size, int64_t value, emu_t* obj) { switch (type) { case UC_MEM_READ_UNMAPPED: { uc_mem_map(uc, address & ~0xFFFull, PAGE_4KB, UC_PROT_ALL);