|
|
|
|
@ -1,17 +1,16 @@
|
|
|
|
|
#include <iostream>
|
|
|
|
|
#include <Windows.h>
|
|
|
|
|
#include <fstream>
|
|
|
|
|
#include <filesystem>
|
|
|
|
|
#include <fstream>
|
|
|
|
|
#include <iostream>
|
|
|
|
|
|
|
|
|
|
#include <cli-parser.hpp>
|
|
|
|
|
#include <vmp2.hpp>
|
|
|
|
|
#include <vmprofiler.hpp>
|
|
|
|
|
#include <cli-parser.hpp>
|
|
|
|
|
#include <xtils.hpp>
|
|
|
|
|
|
|
|
|
|
int __cdecl main( int argc, const char *argv[] )
|
|
|
|
|
{
|
|
|
|
|
argparse::argument_parser_t parser(
|
|
|
|
|
"vmprofiler-cli", "virtual instruction pseudo code generator");
|
|
|
|
|
argparse::argument_parser_t parser( "vmprofiler-cli", "virtual instruction pseudo code generator" );
|
|
|
|
|
|
|
|
|
|
parser.add_argument()
|
|
|
|
|
.names( { "--bin", "--vmpbin" } )
|
|
|
|
|
@ -23,9 +22,7 @@ int __cdecl main(int argc, const char* argv[])
|
|
|
|
|
.description( "rva to push prior to a vm_entry" )
|
|
|
|
|
.required( true );
|
|
|
|
|
|
|
|
|
|
parser.add_argument()
|
|
|
|
|
.name("--showhandlers")
|
|
|
|
|
.description("show all vm handlers...");
|
|
|
|
|
parser.add_argument().name( "--showhandlers" ).description( "show all vm handlers..." );
|
|
|
|
|
|
|
|
|
|
parser.enable_help();
|
|
|
|
|
auto err = parser.parse( argc, argv );
|
|
|
|
|
@ -42,18 +39,13 @@ int __cdecl main(int argc, const char* argv[])
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const auto module_base =
|
|
|
|
|
reinterpret_cast<std::uintptr_t>(
|
|
|
|
|
LoadLibraryExA(parser.get<std::string>("bin").c_str(),
|
|
|
|
|
NULL, DONT_RESOLVE_DLL_REFERENCES));
|
|
|
|
|
const auto module_base = reinterpret_cast< std::uintptr_t >(
|
|
|
|
|
LoadLibraryExA( parser.get< std::string >( "bin" ).c_str(), NULL, DONT_RESOLVE_DLL_REFERENCES ) );
|
|
|
|
|
|
|
|
|
|
const auto vm_entry_ptr =
|
|
|
|
|
module_base + std::strtoull(
|
|
|
|
|
parser.get<std::string>("vmentry").c_str(), nullptr, 16);
|
|
|
|
|
module_base + std::strtoull( parser.get< std::string >( "vmentry" ).c_str(), nullptr, 16 );
|
|
|
|
|
|
|
|
|
|
const auto image_base =
|
|
|
|
|
xtils::um_t::get_instance()->image_base(
|
|
|
|
|
parser.get<std::string>("bin").c_str());
|
|
|
|
|
const auto image_base = xtils::um_t::get_instance()->image_base( parser.get< std::string >( "bin" ).c_str() );
|
|
|
|
|
|
|
|
|
|
zydis_routine_t vm_entry;
|
|
|
|
|
std::printf( "> vm entry start = 0x%p\n", vm_entry_ptr );
|
|
|
|
|
@ -70,8 +62,7 @@ int __cdecl main(int argc, const char* argv[])
|
|
|
|
|
std::printf( "==================================================================================\n" );
|
|
|
|
|
vm::util::print( vm_entry );
|
|
|
|
|
|
|
|
|
|
const auto vm_handler_table =
|
|
|
|
|
vm::handler::table::get(vm_entry);
|
|
|
|
|
const auto vm_handler_table = vm::handler::table::get( vm_entry );
|
|
|
|
|
|
|
|
|
|
if ( !vm_handler_table )
|
|
|
|
|
{
|
|
|
|
|
@ -125,8 +116,7 @@ int __cdecl main(int argc, const char* argv[])
|
|
|
|
|
{
|
|
|
|
|
auto vm_handler = vm_handlers[ idx ];
|
|
|
|
|
std::printf( "==========[vm handler %s, idx = %d, imm size = %d]========\n",
|
|
|
|
|
vm_handler.profile ? vm_handler.profile->name : "UNKNOWN", idx,
|
|
|
|
|
vm_handler.imm_size);
|
|
|
|
|
vm_handler.profile ? vm_handler.profile->name : "UNKNOWN", idx, vm_handler.imm_size );
|
|
|
|
|
|
|
|
|
|
std::printf( "================[vm handler instructions]==============\n" );
|
|
|
|
|
vm::util::print( vm_handler.instrs );
|
|
|
|
|
|
_xeroxz
4 years ago