diff --git a/CMakeLists.txt b/CMakeLists.txt index 7d5012c..6b13b6a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -59,22 +59,24 @@ set(vmprofiler-qt_SOURCES "") list(APPEND vmprofiler-qt_SOURCES "src/qvminspector.ui" "src/qvminspector.qrc" - "src/qvminspector.cpp" - "src/qvirt_instrs.cpp" - "src/qvirt_handlers.cpp" - "src/main.cpp" - "src/qvirt_handlers.h" - "src/qvirt_instrs.h" - "src/qvminspector.h" - "src/icon.rc" + "src/QVMInspector.cpp" + "src/QVirtualMachineHandlers.cpp" + "src/QVirtualMachineInstructions.cpp" + "src/QVirtualRoutines.cpp" "src/darkstyle/DarkStyle.cpp" "src/darkstyle/framelesswindow/framelesswindow.cpp" "src/darkstyle/framelesswindow/windowdragger.cpp" "src/darkstyle/mainwindow.cpp" + "src/main.cpp" + "src/QVMInspector.h" + "src/QVirtualMachineHandlers.h" + "src/QVirtualMachineInstructions.h" + "src/QVirtualRoutines.h" "src/darkstyle/DarkStyle.h" "src/darkstyle/framelesswindow/framelesswindow.h" "src/darkstyle/framelesswindow/windowdragger.h" "src/darkstyle/mainwindow.h" + "src/icon.rc" "src/darkstyle/mainwindow.ui" "src/darkstyle/framelesswindow.qrc" "src/darkstyle/framelesswindow/framelesswindow.ui" diff --git a/cmake.toml b/cmake.toml index 137513e..ea6f7af 100644 --- a/cmake.toml +++ b/cmake.toml @@ -19,14 +19,9 @@ compile-features = ["cxx_std_20"] sources = [ "src/qvminspector.ui", "src/qvminspector.qrc", - "src/qvminspector.cpp", - "src/qvirt_instrs.cpp", - "src/qvirt_handlers.cpp", - "src/main.cpp", - "src/*.h", + "src/**.cpp", + "src/**.h", "src/icon.rc", - "src/darkstyle/**.cpp", - "src/darkstyle/**.h", "src/darkstyle/mainwindow.ui", "src/darkstyle/framelesswindow.qrc", "src/darkstyle/framelesswindow/framelesswindow.ui", diff --git a/src/qvirt_handlers.cpp b/src/QVirtualMachineHandlers.cpp similarity index 93% rename from src/qvirt_handlers.cpp rename to src/QVirtualMachineHandlers.cpp index 78b5030..edc9efd 100644 --- a/src/qvirt_handlers.cpp +++ b/src/QVirtualMachineHandlers.cpp @@ -1,4 +1,4 @@ -#include "qvirt_handlers.h" +#include "QVirtualMachineHandlers.h" QVirtualMachineHandlers::QVirtualMachineHandlers( QVMInspector *MainWindow ) : MainWindow( MainWindow ), ui( &MainWindow->ui ) @@ -86,10 +86,10 @@ void QVirtualMachineHandlers::OnSelect() if ( !item ) return; - if ( !MainWindow->vmctx ) + if ( !MainWindow->g_vm_ctx ) return; const auto handler_idx = item->data( 0, Qt::UserRole ).value< std::uint8_t >(); - UpdateInstrs( MainWindow->vmctx->vm_handlers[ handler_idx ] ); - UpdateTransforms( MainWindow->vmctx->vm_handlers[ handler_idx ] ); + UpdateInstrs( MainWindow->g_vm_ctx->vm_handlers[ handler_idx ] ); + UpdateTransforms( MainWindow->g_vm_ctx->vm_handlers[ handler_idx ] ); } \ No newline at end of file diff --git a/src/qvirt_handlers.h b/src/QVirtualMachineHandlers.h similarity index 89% rename from src/qvirt_handlers.h rename to src/QVirtualMachineHandlers.h index 1270c8d..3dc6eb0 100644 --- a/src/qvirt_handlers.h +++ b/src/QVirtualMachineHandlers.h @@ -1,6 +1,5 @@ #pragma once -#define NOMINMAX -#include "qvminspector.h" +#include "QVMInspector.h" class QVirtualMachineHandlers : public QObject { diff --git a/src/qvirt_instrs.cpp b/src/QVirtualMachineInstructions.cpp similarity index 95% rename from src/qvirt_instrs.cpp rename to src/QVirtualMachineInstructions.cpp index 1cd493f..398d6f0 100644 --- a/src/qvirt_instrs.cpp +++ b/src/QVirtualMachineInstructions.cpp @@ -1,4 +1,4 @@ -#include "qvirt_instrs.h" +#include "QVirtualMachineInstructions.h" QVirtualMachineInstructions::QVirtualMachineInstructions( QVMInspector *MainWindow ) : MainWindow( MainWindow ), ui( &MainWindow->ui ) @@ -94,7 +94,7 @@ void QVirtualMachineInstructions::UpdateVMHandlerInfo( vm::instrs::virt_instr_t ZydisFormatterInit( &formatter, ZYDIS_FORMATTER_STYLE_INTEL ); ui->vm_handler_instrs->clear(); - const auto &vm_handler_instrs = MainWindow->vmctx->vm_handlers[ virt_instr->opcode ].instrs; + const auto &vm_handler_instrs = MainWindow->g_vm_ctx->vm_handlers[ virt_instr->opcode ].instrs; // display vm handler instructions... for ( const auto &instr : vm_handler_instrs ) @@ -111,7 +111,7 @@ void QVirtualMachineInstructions::UpdateVMHandlerInfo( vm::instrs::virt_instr_t // display vm handler transformations... ui->vm_handler_transforms->clear(); - const auto &vm_handler_transforms = MainWindow->vmctx->vm_handlers[ virt_instr->opcode ].transforms; + const auto &vm_handler_transforms = MainWindow->g_vm_ctx->vm_handlers[ virt_instr->opcode ].transforms; for ( auto [ transform_type, transform_instr ] : vm_handler_transforms ) { diff --git a/src/qvirt_instrs.h b/src/QVirtualMachineInstructions.h similarity index 92% rename from src/qvirt_instrs.h rename to src/QVirtualMachineInstructions.h index 1e512ed..6466253 100644 --- a/src/qvirt_instrs.h +++ b/src/QVirtualMachineInstructions.h @@ -1,6 +1,5 @@ #pragma once -#define NOMINMAX -#include "qvminspector.h" +#include "QVMInspector.h" class QVirtualMachineInstructions : public QObject { diff --git a/src/QVirtualRoutines.cpp b/src/QVirtualRoutines.cpp new file mode 100644 index 0000000..4ee5e91 --- /dev/null +++ b/src/QVirtualRoutines.cpp @@ -0,0 +1,66 @@ +#include "QVirtualRoutines.h" + +QVirtualRoutines::QVirtualRoutines( QVMInspector *MainWindow ) : MainWindow( MainWindow ), ui( &MainWindow->ui ) +{ + connect( ui->virtual_machine_enters, &QTreeWidget::itemSelectionChanged, this, &QVirtualRoutines::OnSelect ); +} + +void QVirtualRoutines::UpdateVirtualMachineEnter( vm::ctx_t *g_vm_ctx ) +{ + char buffer[ 256 ]; + ZydisFormatter formatter; + ZydisFormatterInit( &formatter, ZYDIS_FORMATTER_STYLE_INTEL ); + + ui->virtual_machine_enter_instrs->clear(); + for ( auto [ instr, raw, addr ] : g_vm_ctx->vm_entry ) + { + ZydisFormatterFormatInstruction( &formatter, &instr, buffer, sizeof( buffer ), addr ); + auto newItem = new QTreeWidgetItem(); + newItem->setText( 0, QString::number( addr, 16 ) ); + newItem->setText( 1, buffer ); + ui->virtual_machine_enter_instrs->addTopLevelItem( newItem ); + } +} + +void QVirtualRoutines::UpdateCalcJmp( vm::ctx_t *g_vm_ctx ) +{ + char buffer[ 256 ]; + ZydisFormatter formatter; + ZydisFormatterInit( &formatter, ZYDIS_FORMATTER_STYLE_INTEL ); + + ui->virtual_machine_enter_calc_jmp->clear(); + for ( auto [ instr, raw, addr ] : g_vm_ctx->calc_jmp ) + { + ZydisFormatterFormatInstruction( &formatter, &instr, buffer, sizeof( buffer ), addr ); + auto newItem = new QTreeWidgetItem(); + newItem->setText( 0, QString::number( addr, 16 ) ); + newItem->setText( 1, buffer ); + ui->virtual_machine_enter_calc_jmp->addTopLevelItem( newItem ); + } +} + +void QVirtualRoutines::OnSelect() +{ + if ( ui->virtual_machine_enters->selectedItems().empty() ) + return; + + if ( MainWindow->g_vm_ctx ) + delete MainWindow->g_vm_ctx; + + auto item = ui->virtual_machine_enters->selectedItems()[ 0 ]; + + if ( !item ) + return; + + auto EntryRva = item->data( 0, Qt::UserRole ).value< std::uint32_t >(); + MainWindow->g_vm_ctx = new vm::ctx_t( MainWindow->ModuleBase, MainWindow->ImgBase, MainWindow->ImgSize, EntryRva ); + + if ( !MainWindow->g_vm_ctx->init() ) + { + MainWindow->DbgMsg( "[!] failed to init vm::ctx_t...\n" ); + return; + } + + UpdateVirtualMachineEnter( MainWindow->g_vm_ctx ); + UpdateCalcJmp( MainWindow->g_vm_ctx ); +} \ No newline at end of file diff --git a/src/QVirtualRoutines.h b/src/QVirtualRoutines.h new file mode 100644 index 0000000..6121749 --- /dev/null +++ b/src/QVirtualRoutines.h @@ -0,0 +1,18 @@ +#pragma once +#include "QVMInspector.h" + +class QVirtualRoutines : public QObject +{ + Q_OBJECT + public: + explicit QVirtualRoutines( QVMInspector *MainWindow ); + + private: + Ui::QVMProfilerClass *ui; + QVMInspector *MainWindow; + + void UpdateVirtualMachineEnter(vm::ctx_t* g_vm_ctx); + void UpdateCalcJmp( vm::ctx_t *g_vm_ctx ); + private slots: + void OnSelect(); +}; \ No newline at end of file diff --git a/src/main.cpp b/src/main.cpp index feda939..1e3c3f1 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -3,23 +3,26 @@ #include #include +#include "QVMInspector.h" +#include "QVirtualMachineHandlers.h" +#include "QVirtualMachineInstructions.h" +#include "QVirtualRoutines.h" #include "darkstyle/DarkStyle.h" #include "darkstyle/framelesswindow/framelesswindow.h" -#include "qvirt_handlers.h" -#include "qvirt_instrs.h" -#include "qvminspector.h" int WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd ) { QApplication app( __argc, __argv ); QApplication::setStyle( new DarkStyle ); - FramelessWindow frameless_window; - const auto window = new QVMInspector; - QVirtualMachineInstructions virt_instr( window ); - QVirtualMachineHandlers virt_handlers( window ); + FramelessWindow FW; - frameless_window.setContent( window ); - frameless_window.setWindowIcon( QIcon( "icon.ico" ) ); - frameless_window.show(); + const auto MainWindow = new QVMInspector; + QVirtualMachineInstructions VirtInstrsPanel( MainWindow ); + QVirtualMachineHandlers VirtHandlerPanel( MainWindow ); + QVirtualRoutines VirtualRoutinesPanel( MainWindow ); + + FW.setContent( MainWindow ); + FW.setWindowIcon( QIcon( "icon.ico" ) ); + FW.show(); return app.exec(); } \ No newline at end of file diff --git a/src/qvminspector.cpp b/src/qvminspector.cpp index 3079746..1bbfe8e 100644 --- a/src/qvminspector.cpp +++ b/src/qvminspector.cpp @@ -1,6 +1,6 @@ -#include "qvminspector.h" +#include "QVMInspector.h" -QVMInspector::QVMInspector( QWidget *parent ) : QMainWindow( parent ), FileHeader( nullptr ), vmctx( nullptr ) +QVMInspector::QVMInspector( QWidget *parent ) : QMainWindow( parent ), FileHeader( nullptr ), g_vm_ctx( nullptr ) { ui.setupUi( this ); ui.virt_instrs->setColumnWidth( 0, 180 ); @@ -124,6 +124,7 @@ void QVMInspector::UpdateUI() new_item->setText( 0, QString( "rtn_%1" ).arg( rtn_rva + FileHeader->ImgBase, 0, 16 ) ); new_item->setText( 1, QString( "%1" ).arg( rtn_rva + FileHeader->ImgBase, 0, 16 ) ); new_item->setText( 2, QString( "%1" ).arg( rtn_blks.size() ) ); + new_item->setData( 0, Qt::UserRole, QVariant( rtn_rva ) ); std::for_each( rtn_blks.begin(), rtn_blks.end(), [ & ]( vm::instrs::code_block_t &code_blk ) { auto new_child = new QTreeWidgetItem(); diff --git a/src/qvminspector.h b/src/qvminspector.h index 37625e0..1955bc6 100644 --- a/src/qvminspector.h +++ b/src/qvminspector.h @@ -1,5 +1,4 @@ #pragma once -#define NOMINMAX #include #include #include @@ -29,6 +28,7 @@ class QVMInspector : public QMainWindow { friend class QVirtualMachineInstructions; friend class QVirtualMachineHandlers; + friend class QVirtualRoutines; Q_OBJECT public: QVMInspector( QWidget *parent = Q_NULLPTR ); @@ -48,7 +48,7 @@ class QVMInspector : public QMainWindow QString file_path; std::uint64_t ImgBase, ModuleBase, ImgSize; - vm::ctx_t *vmctx; + vm::ctx_t *g_vm_ctx; vmp2::v4::FileHeader *FileHeader; std::vector< rtn_data_t > VirtRtns; diff --git a/src/qvminspector.ui b/src/qvminspector.ui index ded20a2..4b9f608 100644 --- a/src/qvminspector.ui +++ b/src/qvminspector.ui @@ -6,8 +6,8 @@ 0 0 - 1414 - 1093 + 1089 + 849 @@ -703,7 +703,7 @@ 0 0 - 1414 + 1089 21