able to staticlly determine if a code block has a virtual JCC or not,

also staticlly decrypt the addresses of both branches... >:)
merge-requests/4/head
_xeroxz 4 years ago
parent b0d76cd4d8
commit 8a0870607e

@ -1 +1 @@
Subproject commit ffd45ecb8a6a6a5d066a9b5e96c878ed9e09e243 Subproject commit cf403125643ac1e23391a36a3d8f484b33546a1f

@ -65,4 +65,14 @@ int __cdecl main( int argc, const char *argv[] )
std::printf( "[!] something failed during tracing, review the console for more information...\n" ); std::printf( "[!] something failed during tracing, review the console for more information...\n" );
std::printf( "> number of blocks = %d\n", code_blocks.size() ); std::printf( "> number of blocks = %d\n", code_blocks.size() );
for ( auto &code_block : code_blocks )
{
std::printf( "> code block starts at = %p\n", code_block.vip_begin );
std::printf( "> number of virtual instructions = %d\n", code_block.vinstrs.size() );
std::printf( "> does this code block have a jcc? %s\n", code_block.jcc.has_jcc ? "yes" : "no" );
if ( code_block.jcc.has_jcc )
std::printf( "> branch 1 = %p, branch 2 = %p\n", code_block.jcc.block_rva[ 0 ],
code_block.jcc.block_rva[ 1 ] );
}
} }

Loading…
Cancel
Save