updated to vmprofiler v1.6, fixed a bunch of issues...

4 years ago · 27e905aff0
parent 055297356d
commit 27e905aff0
8 changed files with 148 additions and 8 deletions
--- a/.clang-format
+++ b/.clang-format
@ -0,0 +1,18 @@
+---
+BasedOnStyle: Microsoft
+AlignAfterOpenBracket: Align
+AllowAllArgumentsOnNextLine: 'true'
+AllowAllParametersOfDeclarationOnNextLine: 'true'
+AllowShortIfStatementsOnASingleLine: Never
+BreakBeforeBraces: Allman
+IndentWidth: '4'
+Language: Cpp
+NamespaceIndentation: All
+SpacesInAngles: 'true'
+SpacesInCStyleCastParentheses: 'true'
+SpacesInContainerLiterals: 'true'
+SpacesInParentheses: 'true'
+SpacesInSquareBrackets: 'true'
+UseTab: Never
+
+...
--- a/dependencies/vmprofiler
+++ b/dependencies/vmprofiler
@ -1 +1 @@
-Subproject commit 05ba2cc84ba94e1d526168ad686fc2e167ad2eab
+Subproject commit 5129d39eb726e32a80417165ec37b597357664d4
--- a/src/QVMProfiler.h
+++ b/src/QVMProfiler.h
@ -6,10 +6,10 @@
 #include <Windows.h>
 #include <filesystem>
 #include <fstream>
+#include <vmprofiler.hpp>

 #include "ui_QVMProfiler.h"
 #include "vmp2.hpp"
-#include "vm.h"
 #include "vmctx.h"
 #include "ia32.hpp"

@ -36,7 +36,7 @@ private:
    QString VMProtectedFilePath;
    std::uint64_t ImageBase, VMEntryRva, ModuleBase;

-    std::vector<vm::handler_t> VMHandlers;
+    std::vector<vm::handler::handler_t> VMHandlers;
    zydis_routine_t VMEntry;

    std::uintptr_t* VMHandlerTable;
--- a/src/vmctx.cpp
+++ b/src/vmctx.cpp
@ -0,0 +1,87 @@
+#include "vmctx.h"
+
+namespace vm
+{
+    vmctx_t::vmctx_t( vmp2::file_header *file_header, vmp2::entry_t *entry_list,
+                      std::vector< vm::handler::handler_t > &vm_handlers, std::uintptr_t module_base, std::uintptr_t image_base )
+        : module_base( module_base ), image_base( image_base ), entry_list( entry_list ), file_header( file_header ),
+          vm_handlers( vm_handlers ), idx( 0 )
+    {}
+
+    std::pair< std::string, const vmp2::entry_t * > vmctx_t::step() const
+    {
+        if ( idx >= file_header->entry_count )
+            return {};
+
+        auto vm_handler = vm_handlers[ entry_list[ idx ].handler_idx ];
+
+        if ( vm_handler.imm_size )
+        {
+            const auto operand = get_imm( file_header->advancement, entry_list[ idx ].vip, vm_handler.imm_size / 8 );
+
+            auto [ decrypted_operand, rolling_key ] =
+                vm::instrs::decrypt_operand( vm_handler.transforms, operand, entry_list[ idx ].decrypt_key );
+
+            if ( vm_handler.profile )
+            {
+                if ( vm_handler.profile->extention == vm::handler::extention_t::sign_extend )
+                {
+                    switch ( vm_handler.imm_size )
+                    {
+                    case 8:
+                        if ( ( u8 )( decrypted_operand >> 7 ) )
+                            decrypted_operand += ~0xFFull;
+                        break;
+                    case 16:
+                        if ( ( u16 )( decrypted_operand >> 15 ) )
+                            decrypted_operand += ~0xFFFFull;
+                        break;
+                    case 32:
+                        if ( ( u32 )( decrypted_operand >> 31 ) )
+                            decrypted_operand += ~0xFFFFFFFFull;
+                        break;
+                    default:
+                        throw std::invalid_argument( "invalid imm size for sign extention...\n" );
+                    }
+                }
+            }
+
+            char buff[ 256 ];
+            if ( vm_handler.profile )
+                snprintf( buff, sizeof buff, "%s 0x%p", vm_handler.profile->name, decrypted_operand );
+            else
+                snprintf( buff, sizeof buff, "UNK(%d) 0x%p", entry_list[ idx ].handler_idx, decrypted_operand );
+
+            return { buff, &entry_list[ idx++ ] };
+        }
+
+        if ( vm_handler.profile )
+            return { vm_handler.profile->name, &entry_list[ idx++ ] };
+
+        char buff[ 256 ];
+        snprintf( buff, sizeof buff, "UNK(%d)", entry_list[ idx ].handler_idx );
+        return { buff, &entry_list[ idx++ ] };
+    }
+
+    std::uintptr_t vmctx_t::get_imm( vmp2::exec_type_t exec_type_t, std::uint32_t vip_offset,
+                                     std::uint8_t imm_size ) const
+    {
+        std::uintptr_t operand = 0u;
+        if ( file_header->advancement == vmp2::exec_type_t::forward )
+        {
+            const auto operand_ptr =
+                reinterpret_cast< void * >( ( entry_list[ idx ].vip - file_header->module_base ) + module_base );
+
+            memcpy( &operand, operand_ptr, imm_size );
+        }
+        else
+        {
+            const auto operand_ptr = reinterpret_cast< void * >(
+                ( ( entry_list[ idx ].vip - file_header->module_base ) + module_base ) - imm_size );
+
+            memcpy( &operand, operand_ptr, imm_size );
+        }
+
+        return operand;
+    }
+} // namespace vm
--- a/src/vmctx.h
+++ b/src/vmctx.h
@ -0,0 +1,24 @@
+#pragma once
+#include <vmprofiler.hpp>
+
+namespace vm
+{
+    class vmctx_t
+    {
+      public:
+        explicit vmctx_t( vmp2::file_header *file_header, vmp2::entry_t *entry_list,
+                          std::vector< vm::handler::handler_t > &vm_handlers, std::uintptr_t module_base,
+                          std::uintptr_t image_base );
+
+        std::pair< std::string, const vmp2::entry_t * > step() const;
+
+      private:
+        std::uintptr_t get_imm( vmp2::exec_type_t exec_type_t, std::uint32_t vip_offset, std::uint8_t imm_size ) const;
+
+        mutable std::uint32_t idx;
+        const std::uintptr_t image_base, module_base;
+        const vmp2::entry_t *entry_list;
+        const vmp2::file_header *file_header;
+        std::vector< vm::handler::handler_t > vm_handlers;
+    };
+} // namespace vm
--- a/src/vmprofiler-qt.vcxproj
+++ b/src/vmprofiler-qt.vcxproj
@ -63,14 +63,17 @@
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <ClCompile>
      <LanguageStandard>stdcpp17</LanguageStandard>
+      <PreprocessorDefinitions>ZYDIS_STATIC_DEFINE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
    </ClCompile>
    <Link>
      <AdditionalDependencies>$(ProjectDir)..\libs\*;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateMapFile>true</GenerateMapFile>
    </Link>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
    <ClCompile>
      <LanguageStandard>stdcpp17</LanguageStandard>
+      <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
    </ClCompile>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'" Label="Configuration">
@ -82,7 +85,7 @@
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
    </ClCompile>
    <Link>
-      <SubSystem>Windows</SubSystem>
+      <SubSystem>Console</SubSystem>
      <GenerateDebugInformation>true</GenerateDebugInformation>
    </Link>
  </ItemDefinitionGroup>
@ -91,15 +94,16 @@
      <TreatWChar_tAsBuiltInType>true</TreatWChar_tAsBuiltInType>
      <MultiProcessorCompilation>true</MultiProcessorCompilation>
      <DebugInformationFormat>None</DebugInformationFormat>
-      <Optimization>MaxSpeed</Optimization>
+      <Optimization>Disabled</Optimization>
      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
    </ClCompile>
    <Link>
      <SubSystem>Windows</SubSystem>
-      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
    </Link>
  </ItemDefinitionGroup>
  <ItemGroup>
+    <ClCompile Include="vmctx.cpp" />
    <QtRcc Include="DarkStyle\darkstyle.qrc" />
    <QtRcc Include="DarkStyle\framelesswindow.qrc" />
    <QtRcc Include="QVMProfiler.qrc" />
@ -113,6 +117,7 @@
    <ClCompile Include="main.cpp" />
  </ItemGroup>
  <ItemGroup>
+    <ClInclude Include="vmctx.h" />
    <QtMoc Include="DarkStyle\DarkStyle.h" />
    <QtMoc Include="DarkStyle\framelesswindow\windowdragger.h" />
    <QtMoc Include="DarkStyle\framelesswindow\framelesswindow.h" />
--- a/src/vmprofiler-qt.vcxproj.filters
+++ b/src/vmprofiler-qt.vcxproj.filters
@ -16,6 +16,9 @@
    <ClCompile Include="DarkStyle\DarkStyle.cpp">
      <Filter>Source Files\DarkStyle</Filter>
    </ClCompile>
+    <ClCompile Include="vmctx.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <Filter Include="Header Files">
@ -242,6 +245,9 @@
    <ClInclude Include="..\dependencies\vmprofiler\dependencies\zydis\msvc\ZydisExportConfig.h">
      <Filter>Header Files</Filter>
    </ClInclude>
+    <ClInclude Include="vmctx.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
  </ItemGroup>
  <ItemGroup>
    <Image Include="icon.ico">
--- a/vmprofiler-qt.sln
+++ b/vmprofiler-qt.sln
@ -89,8 +89,8 @@ Global
 		{A0485AE3-1965-4BE3-A2C4-A8257337C271}.Release|x64.ActiveCfg = Release|x64
 		{A0485AE3-1965-4BE3-A2C4-A8257337C271}.Release|x64.Build.0 = Release|x64
 		{A0485AE3-1965-4BE3-A2C4-A8257337C271}.Release|x86.ActiveCfg = Release|x64
-		{88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x64.ActiveCfg = Debug MT|x64
-		{88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x64.Build.0 = Debug MT|x64
+		{88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x64.ActiveCfg = Debug MT DLL|x64
+		{88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x64.Build.0 = Debug MT DLL|x64
 		{88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x86.ActiveCfg = Debug MT|Win32
 		{88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x86.Build.0 = Debug MT|Win32
 		{88A23124-5640-35A0-B890-311D7A67A7D2}.Debug Kernel|x64.ActiveCfg = Debug Kernel|x64