|
|
|
@ -93,9 +93,7 @@ namespace vm
|
|
|
|
return false;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ( !cc_block )
|
|
|
|
if ( cc_block )
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
code_blocks.push_back( code_block );
|
|
|
|
code_blocks.push_back( code_block );
|
|
|
|
|
|
|
|
|
|
|
|
// code_blocks.size() will continue to grow as all branches are traced...
|
|
|
|
// code_blocks.size() will continue to grow as all branches are traced...
|
|
|
|
@ -110,10 +108,9 @@ namespace vm
|
|
|
|
{
|
|
|
|
{
|
|
|
|
case vm::instrs::jcc_type::branching:
|
|
|
|
case vm::instrs::jcc_type::branching:
|
|
|
|
{
|
|
|
|
{
|
|
|
|
if ( std::find( vip_begins.begin(), vip_begins.end(), _code_block.code_block.jcc.block_addr[ 1 ] ) !=
|
|
|
|
if ( std::find( vip_begins.begin(), vip_begins.end(), _code_block.code_block.jcc.block_addr[ 1 ] ) ==
|
|
|
|
vip_begins.end() )
|
|
|
|
vip_begins.end() )
|
|
|
|
continue;
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
std::uintptr_t rbp = 0ull;
|
|
|
|
std::uintptr_t rbp = 0ull;
|
|
|
|
std::uint32_t branch_rva =
|
|
|
|
std::uint32_t branch_rva =
|
|
|
|
( _code_block.code_block.jcc.block_addr[ 1 ] - g_vm_ctx->module_base ) + g_vm_ctx->image_base;
|
|
|
|
( _code_block.code_block.jcc.block_addr[ 1 ] - g_vm_ctx->module_base ) + g_vm_ctx->image_base;
|
|
|
|
@ -158,20 +155,18 @@ namespace vm
|
|
|
|
return false;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ( !cc_block )
|
|
|
|
if ( cc_block )
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// push back new block that has been traced...
|
|
|
|
// push back new block that has been traced...
|
|
|
|
code_blocks.push_back( branch_block );
|
|
|
|
code_blocks.push_back( branch_block );
|
|
|
|
|
|
|
|
}
|
|
|
|
// drop down and execute the absolute case as well since that
|
|
|
|
// drop down and execute the absolute case as well since that
|
|
|
|
// will trace the first branch...
|
|
|
|
// will trace the first branch...
|
|
|
|
}
|
|
|
|
}
|
|
|
|
case vm::instrs::jcc_type::absolute:
|
|
|
|
case vm::instrs::jcc_type::absolute:
|
|
|
|
{
|
|
|
|
{
|
|
|
|
if ( std::find( vip_begins.begin(), vip_begins.end(), _code_block.code_block.jcc.block_addr[ 0 ] ) !=
|
|
|
|
if ( std::find( vip_begins.begin(), vip_begins.end(), _code_block.code_block.jcc.block_addr[ 0 ] ) ==
|
|
|
|
vip_begins.end() )
|
|
|
|
vip_begins.end() )
|
|
|
|
continue;
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
std::uintptr_t rbp = 0ull;
|
|
|
|
std::uintptr_t rbp = 0ull;
|
|
|
|
std::uint32_t branch_rva =
|
|
|
|
std::uint32_t branch_rva =
|
|
|
|
@ -217,11 +212,10 @@ namespace vm
|
|
|
|
return false;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ( !cc_block )
|
|
|
|
if ( cc_block )
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// push back new block that has been traced...
|
|
|
|
// push back new block that has been traced...
|
|
|
|
code_blocks.push_back( branch_block );
|
|
|
|
code_blocks.push_back( branch_block );
|
|
|
|
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
case vm::instrs::jcc_type::switch_case:
|
|
|
|
case vm::instrs::jcc_type::switch_case:
|
|
|
|
@ -277,9 +271,7 @@ namespace vm
|
|
|
|
return false;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ( !cc_block )
|
|
|
|
if ( cc_block )
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// push back new block that has been traced...
|
|
|
|
// push back new block that has been traced...
|
|
|
|
code_blocks.push_back( branch_block );
|
|
|
|
code_blocks.push_back( branch_block );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
_xeroxz
3 years ago