From 6022154a5572734d1545f78914f3a1125a6b584d Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Thu, 10 Jun 2021 23:38:08 -0700 Subject: [PATCH] updated deps as well as added --devirt option... --- dependencies/vmprofiler | 2 +- src/main.cpp | 60 ++++++++++++++++++++++++++++++++++ vmprofiler-cli.vcxproj | 8 ++++- vmprofiler-cli.vcxproj.filters | 3 -- 4 files changed, 68 insertions(+), 5 deletions(-) diff --git a/dependencies/vmprofiler b/dependencies/vmprofiler index 2d3b22a..28e50e7 160000 --- a/dependencies/vmprofiler +++ b/dependencies/vmprofiler @@ -1 +1 @@ -Subproject commit 2d3b22a7acf5edba40cff6ef6432ee523ce599fb +Subproject commit 28e50e7b0c425f078d9b4ced850435616852ec4e diff --git a/src/main.cpp b/src/main.cpp index 8ad0548..6f3310f 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1,7 +1,9 @@ +#define NOMINMAX #include #include #include #include +#include #include #include @@ -24,6 +26,9 @@ int __cdecl main( int argc, const char *argv[] ) .name( "--showblockinstrs" ) .description( "show the virtual instructions of a specific code block..." ); parser.add_argument().name( "--showallblocks" ).description( "shows all information for all code blocks..." ); + parser.add_argument() + .name( "--devirt" ) + .description( "lift to VTIL IR and apply optimizations, then display the output..." ); parser.enable_help(); auto err = parser.parse( argc, argv ); @@ -180,6 +185,61 @@ int __cdecl main( int argc, const char *argv[] ) } } + if ( parser.exists( "devirt" ) ) + { + vtil::basic_block *rtn = nullptr; + for ( auto [ code_block, code_block_num ] = std::tuple{ first_block, 0u }; + code_block_num < file_header->code_block_count; + code_block = reinterpret_cast< vmp2::v3::code_block_t * >( + reinterpret_cast< std::uintptr_t >( code_block ) + code_block->next_block_offset ), + ++code_block_num ) + { + rtn = rtn ? rtn->fork( + ABS_TO_IMG( code_block->vip_begin, file_header->module_base, file_header->image_base ) ) + : vtil::basic_block::begin( + ABS_TO_IMG( code_block->vip_begin, file_header->module_base, file_header->image_base ) ); + + for ( auto idx = 0u; idx < code_block->vinstr_count; ++idx ) + { + auto vinstr = &code_block->vinstr[ idx ]; + if ( vinstr->mnemonic_t == vm::handler::INVALID ) + { + std::printf( + "> unable to lift to VTIL... unknown virtual instruction handler #%d... " + "please define a vm handler profile for this virtual instruction and try again..." + " you can also create your first contribution to this open source project by submitting" + " a merge request with your changes! :)\n", + vinstr->opcode ); + + return -1; + } + + const auto result = std::find_if( + vm::lifters::all.begin(), vm::lifters::all.end(), + [ & ]( vm::lifters::lifter_t *lifter ) -> bool { return lifter->first == vinstr->mnemonic_t; } ); + + if ( result == vm::lifters::all.end() ) + { + std::printf( + "> unable to lift to VTIL... unknown virtual instruction handler lifter for #%d... " + "please define a vm handler lifter for this vm handler and try again..." + " you can also create your first contribution to this open source project by submitting" + " a merge request with your changes! :)\n", + vinstr->opcode ); + + return -1; + } + + // lift the virtual instruction... + ( *result )->second( rtn, vinstr ); + } + } + + vtil::optimizer::apply_all( rtn ); + vtil::debug::dump( rtn ); + return {}; + } + if ( parser.exists( "showblockinstrs" ) ) { const auto block_img_addr = parser.get< std::string >( "showblockinstrs" ); diff --git a/vmprofiler-cli.vcxproj b/vmprofiler-cli.vcxproj index 6cc2f34..348fd74 100644 --- a/vmprofiler-cli.vcxproj +++ b/vmprofiler-cli.vcxproj @@ -33,7 +33,7 @@ false - $(ProjectDir)dependencies\vmprofiler\include\;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\msvc;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\dependencies\zycore\include;$(ProjectDir)dependencies\cli-parser\;$(ProjectDir)dependencies\xtils\;$(IncludePath) + $(ProjectDir)dependencies\vmprofiler\include\;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\msvc;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\dependencies\zycore\include;$(ProjectDir)dependencies\cli-parser\;$(ProjectDir)dependencies\xtils\;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\VTIL\includes\;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\VTIL-Architecture\includes\;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\VTIL-Common\includes\;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\VTIL-Compiler\includes\;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\VTIL-SymEx\includes\;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\dependencies\capstone\include;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\dependencies\keystone\include;$(IncludePath) @@ -45,6 +45,7 @@ true stdcpplatest Disabled + MultiThreadedDLL Console @@ -52,9 +53,14 @@ true true $(ProjectDir)..\libs\*;%(AdditionalDependencies) + 4194304 + 4194304 + + {8163e74c-dde4-4507-bd3d-064cd95ff33b} + {88a23124-5640-35a0-b890-311d7a67a7d2} diff --git a/vmprofiler-cli.vcxproj.filters b/vmprofiler-cli.vcxproj.filters index a2cdd6a..e69a945 100644 --- a/vmprofiler-cli.vcxproj.filters +++ b/vmprofiler-cli.vcxproj.filters @@ -205,9 +205,6 @@ Header Files\vmprofiler - - Header Files\vmprofiler - Header Files\vmprofiler