From ac2b36c5f95b1651855a0e60cce0a7e214502577 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Fri, 11 Jun 2021 14:31:20 -0700 Subject: [PATCH 1/9] updated vmprofiler dep... --- dependencies/vmprofiler | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies/vmprofiler b/dependencies/vmprofiler index 5c2d439..44e412c 160000 --- a/dependencies/vmprofiler +++ b/dependencies/vmprofiler @@ -1 +1 @@ -Subproject commit 5c2d4397f5ed493905796c15ea32d2f483e1e078 +Subproject commit 44e412cffb14c98806b1eb5a91bbccf5180b9dbb From 2a9b731d3c1525dbf7d1c6f24e67bd0e6719e901 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Fri, 11 Jun 2021 17:31:57 -0700 Subject: [PATCH 2/9] added vtil, added f5 lol, now im adding a few other features... --- src/main.cpp | 1 + src/qvirt_instrs.cpp | 4 + src/qvirt_instrs.h | 1 + src/qvminspector.cpp | 123 ++++- src/qvminspector.h | 9 + src/qvminspector.ui | 881 ++++++++++++++++++---------------- vmprofiler-qt.sln | 193 ++++++++ vmprofiler-qt.vcxproj | 28 +- vmprofiler-qt.vcxproj.filters | 3 + 9 files changed, 814 insertions(+), 429 deletions(-) diff --git a/src/main.cpp b/src/main.cpp index 1c4cbbc..bda59f8 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1,3 +1,4 @@ +#define NOMINMAX #include #include #include diff --git a/src/qvirt_instrs.cpp b/src/qvirt_instrs.cpp index caa1a93..039fb57 100644 --- a/src/qvirt_instrs.cpp +++ b/src/qvirt_instrs.cpp @@ -8,6 +8,10 @@ qvirt_instrs_t::qvirt_instrs_t( qvminspector_t *vminspector ) : vminspector( vmi void qvirt_instrs_t::on_select() { auto item = ui->virt_instrs->selectedItems()[ 0 ]; + + if ( !item ) + return; + const auto virt_instr = item->data( 3, Qt::UserRole ).value< vm::instrs::virt_instr_t * >(); if ( !virt_instr ) diff --git a/src/qvirt_instrs.h b/src/qvirt_instrs.h index 3d4a83d..d09326f 100644 --- a/src/qvirt_instrs.h +++ b/src/qvirt_instrs.h @@ -1,4 +1,5 @@ #pragma once +#define NOMINMAX #include "qvminspector.h" class qvirt_instrs_t : public QObject diff --git a/src/qvminspector.cpp b/src/qvminspector.cpp index 85d9228..dd71fe1 100644 --- a/src/qvminspector.cpp +++ b/src/qvminspector.cpp @@ -10,6 +10,105 @@ qvminspector_t::qvminspector_t( qwidget_t *parent ) : qmain_window_t( parent ), connect( ui.action_open, &QAction::triggered, this, &qvminspector_t::on_open ); connect( ui.action_close, &QAction::triggered, this, &qvminspector_t::on_close ); + connect( ui.lift_all_button, &QAction::triggered, this, &qvminspector_t::on_lift_all ); + connect( ui.lift_specific_block_button, &QAction::triggered, this, &qvminspector_t::on_lift_block ); +} + +void qvminspector_t::on_lift_all() +{ + if ( !first_block || !file_header ) + return; + + // if there was an older console try and free it.. + FreeConsole(); + + if ( !AllocConsole() ) + return; + + freopen_s( reinterpret_cast< FILE ** >( stdin ), "CONIN$", "r", stdin ); + freopen_s( reinterpret_cast< FILE ** >( stdout ), "CONOUT$", "w", stdout ); + SetConsoleTitleA( "[VTIL] - blew the brains out the coupe..." ); + + vtil::basic_block *rtn = nullptr, *first = nullptr; + for ( auto [ code_block, code_block_num ] = std::tuple{ first_block, 0u }; + code_block_num < file_header->code_block_count; + code_block = reinterpret_cast< vmp2::v3::code_block_t * >( reinterpret_cast< std::uintptr_t >( code_block ) + + code_block->next_block_offset ), + ++code_block_num ) + { + if ( !rtn ) + { + rtn = vtil::basic_block::begin( + ABS_TO_IMG( code_block->vip_begin, file_header->module_base, file_header->image_base ) ); + } + else + { + first = rtn; + + rtn = rtn->fork( ABS_TO_IMG( code_block->vip_begin, file_header->module_base, file_header->image_base ) ); + } + + for ( auto idx = 0u; idx < code_block->vinstr_count; ++idx ) + { + auto vinstr = &code_block->vinstr[ idx ]; + if ( vinstr->mnemonic_t == vm::handler::INVALID ) + { + std::printf( "> unable to lift to VTIL... unknown virtual instruction handler #%d... " + "please define a vm handler profile for this virtual instruction and try again..." + " you can also create your first contribution to this open source project by submitting" + " a merge request with your changes! :)\n", + vinstr->opcode ); + + return; + } + + const auto result = std::find_if( + vm::lifters::all.begin(), vm::lifters::all.end(), + [ & ]( vm::lifters::lifter_t *lifter ) -> bool { return lifter->first == vinstr->mnemonic_t; } ); + + if ( result == vm::lifters::all.end() ) + { + std::printf( "> unable to lift to VTIL... unknown virtual instruction handler lifter for #%d... " + "please define a vm handler lifter for this vm handler and try again..." + " you can also create your first contribution to this open source project by submitting" + " a merge request with your changes! :)\n", + vinstr->opcode ); + + return; + } + + // lift the virtual instruction... + ( *result )->second( rtn, vinstr, code_block ); + } + } + + vtil::optimizer::apply_all( first ); + vtil::debug::dump( first ); +} + +void qvminspector_t::on_lift_block() +{ + if ( !file_header ) + return; + + auto lift_block_select = new QDialog(); + auto layout = new QVBoxLayout(); + + for ( auto [ code_block, code_block_num ] = std::tuple{ first_block, 0u }; + code_block_num < file_header->code_block_count; + code_block = reinterpret_cast< vmp2::v3::code_block_t * >( reinterpret_cast< std::uintptr_t >( code_block ) + + code_block->next_block_offset ), + ++code_block_num ) + { + auto new_button = new QPushButton(); + new_button->setText( QString( "block_%1" ).arg( code_block->vip_begin, 0u, 16 ) ); + layout->addWidget( new_button ); + } + + lift_block_select->setBaseSize( { 200, 100 } ); + lift_block_select->setWindowTitle( "Select A Block" ); + lift_block_select->setLayout( layout ); + lift_block_select->exec(); } void qvminspector_t::on_close() @@ -25,7 +124,8 @@ void qvminspector_t::on_open() delete vmctx; } - file_header = nullptr; + file_header = nullptr, first_block = nullptr; + code_block_addrs.clear(); image_base = 0u, vm_entry_rva = 0u, module_base = 0u; file_path = QFileDialog::getOpenFileName( @@ -192,10 +292,9 @@ void qvminspector_t::add_branch_children( qtree_widget_item_t *item, std::uintpt // add comments to the virtual instruction... (colume 4)... if ( virt_instr->mnemonic_t == vm::handler::LREGQ || virt_instr->mnemonic_t == vm::handler::SREGQ ) - virt_instr_entry->setText( 3, QString( "; vreg%1" ) - .arg( virt_instr->operand.imm.u ? ( virt_instr->operand.imm.u / 8 ) - - 1 /* zero based vreg... */ - : 0u ) ); + virt_instr_entry->setText( + 3, + QString( "; vreg%1" ).arg( virt_instr->operand.imm.u ? ( virt_instr->operand.imm.u / 8 ) : 0u ) ); QVariant var; var.setValue( virt_instr ); @@ -365,4 +464,18 @@ void qvminspector_t::update_ui() finish: // bad code... ui.virt_instrs->topLevelItem( 0 )->setSelected( true ); +} + +bool qvminspector_t::event( QEvent *event ) +{ + if ( event->type() == QEvent::KeyPress ) + { + auto kevent = static_cast< QKeyEvent * >( event ); + if ( kevent->key() == Qt::Key::Key_F5 ) + { + + return true; + } + } + return false; } \ No newline at end of file diff --git a/src/qvminspector.h b/src/qvminspector.h index 2a1133b..2eaf615 100644 --- a/src/qvminspector.h +++ b/src/qvminspector.h @@ -1,8 +1,11 @@ #pragma once +#define NOMINMAX #include #include #include #include +#include + #include #include #include @@ -12,6 +15,7 @@ #include "ui_qvminspector.h" #include "vmp2.hpp" +#define ABS_TO_IMG( addr, mod_base, img_base ) ( addr - mod_base ) + img_base Q_DECLARE_METATYPE( vm::instrs::virt_instr_t * ) using qmain_window_t = QMainWindow; @@ -31,6 +35,11 @@ class qvminspector_t : public qmain_window_t private slots: void on_open(); void on_close(); + void on_lift_all(); + void on_lift_block(); + + protected: + bool event( QEvent *event ); private: void dbg_print( qstring_t DbgOutput ); diff --git a/src/qvminspector.ui b/src/qvminspector.ui index ef15189..ca9e741 100644 --- a/src/qvminspector.ui +++ b/src/qvminspector.ui @@ -6,7 +6,7 @@ 0 0 - 1606 + 1496 1038 @@ -25,480 +25,490 @@ - - - Virtual Instructions + + + 0 - - - - - true - - - - - 0 - 0 - 1566 - 810 - + + + Virtual Instructions + + + + + + true - - - - - 160 - - - - Address + + + + 0 + 0 + 1452 + 799 + + + + + + + 160 + + + + Address + + + + + Operands + + + + + Virtual Instruction + + + + + Comments + + + + + + + + Virtual Instruction Information - - - - Operands - - - - - Virtual Instruction - - - - - Comments - - - - - - - - Virtual Instruction Information - - - - - - Registers - - - - - - 65 - - - - Register - - - - - Value - - - - - VIP - - - - - VSP - - - - - DKEY - - - - - - - - - - vreg0 - - - - - - - - vreg1 - - - - - vreg2 - - - - - vreg3 - - - - - vreg4 - - - - - vreg5 - - - - - vreg6 - - - - - vreg7 - - - - - vreg8 - - - - - vreg9 - - - - - vreg10 - - - - - vreg11 - - - - - vreg12 - - - - - vreg13 - - - - - vreg14 - - - - - vreg15 - - - - - vreg16 - - - - - vreg17 - - - - - vreg18 - - - - - vreg19 - - - - - vreg20 - - - - - vreg21 - - - - - vreg22 - - - - - vreg23 - - - - - - - - 70 - - - - Register - - - - - Value - - - - - R15 - - - - - R14 - - - - - R13 - - - - - R12 - - - - - R11 - - - - - R10 - - - - - R9 - - - - - R8 - - - - - RBP - - - - - RDI - - - - - RSI - - - - - RDX - - - - - RCX - - - - - RBX - - - - - RAX - - - - - - - - - - RFLAGS - + + + + + Registers + + + + + + 65 + + + + Register + + + + + Value + + + + + VIP + + + + + VSP + + + + + DKEY + + + + + + + + + + vreg0 + + + + + + + + vreg1 + + + + + vreg2 + + + + + vreg3 + + + + + vreg4 + + + + + vreg5 + + + + + vreg6 + + + + + vreg7 + + + + + vreg8 + + + + + vreg9 + + + + + vreg10 + + + + + vreg11 + + + + + vreg12 + + + + + vreg13 + + + + + vreg14 + + + + + vreg15 + + + + + vreg16 + + + + + vreg17 + + + + + vreg18 + + + + + vreg19 + + + + + vreg20 + + + + + vreg21 + + + + + vreg22 + + + + + vreg23 + + + + + + + + 70 + + + + Register + + + + + Value + + + + + R15 + + + + + R14 + + + + + R13 + + + + + R12 + + - ZF + R11 - PF + R10 - AF + R9 - OF + R8 - SF + RBP - DF + RDI - CF + RSI - TF + RDX - IF + RCX - - - - - - - - - - Virtual Stack - - - - - - true - - - - - 0 - 0 - 729 - 210 - + + + RBX + + + + + RAX + + + + + + + + + + RFLAGS + + + + ZF + + + + + PF + + + + + AF + + + + + OF + + + + + SF + + + + + DF + + + + + CF + + + + + TF + + + + + IF + + + + + + + + + + + + Virtual Stack + + + + + + true + + + + + 0 + 0 + 672 + 210 + + + + + + + + Stack Pointer + + + + + Value + + + + + + + + + + + + + + + Virtual Machine Instruction Handler + + + + + + VM Handler Instructions + + + + + + + Address + + + + + Instruction + + + + + + + + + + + VM Handler Transformations - + - + - Stack Pointer + Address - Value + Instruction - - - - - - - - - Virtual Machine Instruction Handler - - - - - - VM Handler Instructions - - - - - - - Address - - - - - Instruction - - - - - - - - - - - VM Handler Transformations - - - - - - - Address - - - - - Instruction - - - - - - - - - - - - - - + + + + + + + + + - - - + + + + + + Virtual Machine Handlers + + @@ -508,7 +518,7 @@ 0 0 - 1606 + 1496 21 @@ -519,7 +529,15 @@ + + + VTIL + + + + + @@ -572,12 +590,31 @@ Open Trace + + F1 + Close + + + Lift Specific Block + + + F6 + + + + + Lift All + + + F5 + + diff --git a/vmprofiler-qt.sln b/vmprofiler-qt.sln index eb7b63a..3a18079 100644 --- a/vmprofiler-qt.sln +++ b/vmprofiler-qt.sln @@ -9,39 +9,232 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vmprofiler", "dependencies\ EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vmprofiler-qt", "vmprofiler-qt.vcxproj", "{A0485AE3-1965-4BE3-A2C4-A8257337C271}" EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "dependencies", "dependencies", "{EBAB8252-B20D-461B-A361-054921EABC2B}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "VTIL", "VTIL", "{4345601E-F7A1-4F1D-9780-2B0C1DC7E157}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "VTIL", "dependencies\vmprofiler\dependencies\vtil\VTIL\VTIL.vcxproj", "{8163E74C-DDE4-4507-BD3D-064CD95FF33B}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "VTIL-Architecture", "dependencies\vmprofiler\dependencies\vtil\VTIL-Architecture\VTIL-Architecture.vcxproj", "{A79E2869-7626-4801-B09D-5C12F5163BA3}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "VTIL-Common", "dependencies\vmprofiler\dependencies\vtil\VTIL-Common\VTIL-Common.vcxproj", "{EC6B8F7F-730C-4086-B143-4664CC16DF8F}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "VTIL-Compiler", "dependencies\vmprofiler\dependencies\vtil\VTIL-Compiler\VTIL-Compiler.vcxproj", "{F960486B-2DB4-44AF-91BB-0F19F228ABCF}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "VTIL-SymEx", "dependencies\vmprofiler\dependencies\vtil\VTIL-SymEx\VTIL-SymEx.vcxproj", "{FE3202CE-D05C-4E04-AE9B-D30305D8CE31}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "keystone", "dependencies\vmprofiler\dependencies\vtil\dependencies\keystone\msvc\llvm\keystone\keystone.vcxproj", "{E4754E3E-2503-307A-8076-8AC2AD8B75B2}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "capstone-static", "dependencies\vmprofiler\dependencies\vtil\dependencies\capstone\msvc\capstone-static.vcxproj", "{A0471FDD-F210-3D7E-B4EA-20543BC10911}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution DBG|x64 = DBG|x64 DBG|x86 = DBG|x86 + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + MinSizeRel|x64 = MinSizeRel|x64 + MinSizeRel|x86 = MinSizeRel|x86 Release|x64 = Release|x64 Release|x86 = Release|x86 + RelWithDebInfo|x64 = RelWithDebInfo|x64 + RelWithDebInfo|x86 = RelWithDebInfo|x86 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x64.ActiveCfg = Debug MT DLL|x64 {88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x64.Build.0 = Debug MT DLL|x64 {88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x86.ActiveCfg = Debug MT|Win32 {88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x86.Build.0 = Debug MT|Win32 + {88A23124-5640-35A0-B890-311D7A67A7D2}.Debug|x64.ActiveCfg = Debug MD DLL|x64 + {88A23124-5640-35A0-B890-311D7A67A7D2}.Debug|x64.Build.0 = Debug MD DLL|x64 + {88A23124-5640-35A0-B890-311D7A67A7D2}.Debug|x86.ActiveCfg = Debug MD DLL|Win32 + {88A23124-5640-35A0-B890-311D7A67A7D2}.Debug|x86.Build.0 = Debug MD DLL|Win32 + {88A23124-5640-35A0-B890-311D7A67A7D2}.MinSizeRel|x64.ActiveCfg = Debug MD DLL|x64 + {88A23124-5640-35A0-B890-311D7A67A7D2}.MinSizeRel|x64.Build.0 = Debug MD DLL|x64 + {88A23124-5640-35A0-B890-311D7A67A7D2}.MinSizeRel|x86.ActiveCfg = Debug MD DLL|Win32 + {88A23124-5640-35A0-B890-311D7A67A7D2}.MinSizeRel|x86.Build.0 = Debug MD DLL|Win32 {88A23124-5640-35A0-B890-311D7A67A7D2}.Release|x64.ActiveCfg = Release MT|x64 {88A23124-5640-35A0-B890-311D7A67A7D2}.Release|x64.Build.0 = Release MT|x64 {88A23124-5640-35A0-B890-311D7A67A7D2}.Release|x86.ActiveCfg = Release MT DLL|Win32 {88A23124-5640-35A0-B890-311D7A67A7D2}.Release|x86.Build.0 = Release MT DLL|Win32 + {88A23124-5640-35A0-B890-311D7A67A7D2}.RelWithDebInfo|x64.ActiveCfg = Release MD DLL|x64 + {88A23124-5640-35A0-B890-311D7A67A7D2}.RelWithDebInfo|x64.Build.0 = Release MD DLL|x64 + {88A23124-5640-35A0-B890-311D7A67A7D2}.RelWithDebInfo|x86.ActiveCfg = Release MD DLL|Win32 + {88A23124-5640-35A0-B890-311D7A67A7D2}.RelWithDebInfo|x86.Build.0 = Release MD DLL|Win32 {D0B6092A-9944-4F24-9486-4B7DAE372619}.DBG|x64.ActiveCfg = DBG|x64 {D0B6092A-9944-4F24-9486-4B7DAE372619}.DBG|x64.Build.0 = DBG|x64 {D0B6092A-9944-4F24-9486-4B7DAE372619}.DBG|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x64.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x64.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x86.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x86.Build.0 = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.MinSizeRel|x64.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.MinSizeRel|x64.Build.0 = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.MinSizeRel|x86.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.MinSizeRel|x86.Build.0 = Release|x64 {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x64.ActiveCfg = Release|x64 {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x64.Build.0 = Release|x64 {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x86.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.RelWithDebInfo|x64.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.RelWithDebInfo|x64.Build.0 = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.RelWithDebInfo|x86.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.RelWithDebInfo|x86.Build.0 = Release|x64 {A0485AE3-1965-4BE3-A2C4-A8257337C271}.DBG|x64.ActiveCfg = Debug|x64 {A0485AE3-1965-4BE3-A2C4-A8257337C271}.DBG|x64.Build.0 = Debug|x64 {A0485AE3-1965-4BE3-A2C4-A8257337C271}.DBG|x86.ActiveCfg = Debug|x64 {A0485AE3-1965-4BE3-A2C4-A8257337C271}.DBG|x86.Build.0 = Debug|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.Debug|x64.ActiveCfg = Debug|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.Debug|x64.Build.0 = Debug|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.Debug|x86.ActiveCfg = Debug|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.MinSizeRel|x64.ActiveCfg = Release|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.MinSizeRel|x64.Build.0 = Release|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.MinSizeRel|x86.ActiveCfg = Release|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.MinSizeRel|x86.Build.0 = Release|x64 {A0485AE3-1965-4BE3-A2C4-A8257337C271}.Release|x64.ActiveCfg = Release|x64 {A0485AE3-1965-4BE3-A2C4-A8257337C271}.Release|x64.Build.0 = Release|x64 {A0485AE3-1965-4BE3-A2C4-A8257337C271}.Release|x86.ActiveCfg = Release|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.RelWithDebInfo|x64.ActiveCfg = Release|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.RelWithDebInfo|x64.Build.0 = Release|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.RelWithDebInfo|x86.ActiveCfg = Release|x64 + {A0485AE3-1965-4BE3-A2C4-A8257337C271}.RelWithDebInfo|x86.Build.0 = Release|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.DBG|x64.ActiveCfg = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.DBG|x64.Build.0 = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.DBG|x86.ActiveCfg = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.DBG|x86.Build.0 = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.Debug|x64.ActiveCfg = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.Debug|x64.Build.0 = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.Debug|x86.ActiveCfg = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.MinSizeRel|x64.ActiveCfg = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.MinSizeRel|x64.Build.0 = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.MinSizeRel|x86.ActiveCfg = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.MinSizeRel|x86.Build.0 = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.Release|x64.ActiveCfg = Release|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.Release|x64.Build.0 = Release|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.Release|x86.ActiveCfg = Release|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.RelWithDebInfo|x64.ActiveCfg = Release|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.RelWithDebInfo|x64.Build.0 = Release|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.RelWithDebInfo|x86.ActiveCfg = Debug|x64 + {8163E74C-DDE4-4507-BD3D-064CD95FF33B}.RelWithDebInfo|x86.Build.0 = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.DBG|x64.ActiveCfg = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.DBG|x64.Build.0 = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.DBG|x86.ActiveCfg = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.DBG|x86.Build.0 = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.Debug|x64.ActiveCfg = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.Debug|x64.Build.0 = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.Debug|x86.ActiveCfg = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.MinSizeRel|x64.ActiveCfg = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.MinSizeRel|x64.Build.0 = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.MinSizeRel|x86.ActiveCfg = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.MinSizeRel|x86.Build.0 = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.Release|x64.ActiveCfg = Release|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.Release|x64.Build.0 = Release|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.Release|x86.ActiveCfg = Release|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.RelWithDebInfo|x64.ActiveCfg = Release|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.RelWithDebInfo|x64.Build.0 = Release|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.RelWithDebInfo|x86.ActiveCfg = Debug|x64 + {A79E2869-7626-4801-B09D-5C12F5163BA3}.RelWithDebInfo|x86.Build.0 = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.DBG|x64.ActiveCfg = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.DBG|x64.Build.0 = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.DBG|x86.ActiveCfg = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.DBG|x86.Build.0 = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.Debug|x64.ActiveCfg = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.Debug|x64.Build.0 = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.Debug|x86.ActiveCfg = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.MinSizeRel|x64.ActiveCfg = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.MinSizeRel|x64.Build.0 = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.MinSizeRel|x86.ActiveCfg = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.MinSizeRel|x86.Build.0 = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.Release|x64.ActiveCfg = Release|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.Release|x64.Build.0 = Release|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.Release|x86.ActiveCfg = Release|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.RelWithDebInfo|x64.ActiveCfg = Release|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.RelWithDebInfo|x64.Build.0 = Release|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.RelWithDebInfo|x86.ActiveCfg = Debug|x64 + {EC6B8F7F-730C-4086-B143-4664CC16DF8F}.RelWithDebInfo|x86.Build.0 = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.DBG|x64.ActiveCfg = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.DBG|x64.Build.0 = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.DBG|x86.ActiveCfg = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.DBG|x86.Build.0 = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.Debug|x64.ActiveCfg = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.Debug|x64.Build.0 = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.Debug|x86.ActiveCfg = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.MinSizeRel|x64.ActiveCfg = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.MinSizeRel|x64.Build.0 = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.MinSizeRel|x86.ActiveCfg = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.MinSizeRel|x86.Build.0 = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.Release|x64.ActiveCfg = Release|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.Release|x64.Build.0 = Release|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.Release|x86.ActiveCfg = Release|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.RelWithDebInfo|x64.ActiveCfg = Release|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.RelWithDebInfo|x64.Build.0 = Release|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.RelWithDebInfo|x86.ActiveCfg = Debug|x64 + {F960486B-2DB4-44AF-91BB-0F19F228ABCF}.RelWithDebInfo|x86.Build.0 = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.DBG|x64.ActiveCfg = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.DBG|x64.Build.0 = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.DBG|x86.ActiveCfg = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.DBG|x86.Build.0 = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.Debug|x64.ActiveCfg = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.Debug|x64.Build.0 = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.Debug|x86.ActiveCfg = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.MinSizeRel|x64.ActiveCfg = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.MinSizeRel|x64.Build.0 = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.MinSizeRel|x86.ActiveCfg = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.MinSizeRel|x86.Build.0 = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.Release|x64.ActiveCfg = Release|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.Release|x64.Build.0 = Release|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.Release|x86.ActiveCfg = Release|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.RelWithDebInfo|x64.ActiveCfg = Release|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.RelWithDebInfo|x64.Build.0 = Release|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.RelWithDebInfo|x86.ActiveCfg = Debug|x64 + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31}.RelWithDebInfo|x86.Build.0 = Debug|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.DBG|x64.ActiveCfg = Debug|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.DBG|x64.Build.0 = Debug|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.DBG|x86.ActiveCfg = RelWithDebInfo|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.DBG|x86.Build.0 = RelWithDebInfo|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.Debug|x64.ActiveCfg = Debug|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.Debug|x64.Build.0 = Debug|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.Debug|x86.ActiveCfg = Debug|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.MinSizeRel|x64.ActiveCfg = MinSizeRel|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.MinSizeRel|x64.Build.0 = MinSizeRel|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.MinSizeRel|x86.ActiveCfg = MinSizeRel|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.Release|x64.ActiveCfg = Release|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.Release|x64.Build.0 = Release|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.Release|x86.ActiveCfg = Release|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.RelWithDebInfo|x64.ActiveCfg = RelWithDebInfo|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.RelWithDebInfo|x64.Build.0 = RelWithDebInfo|x64 + {E4754E3E-2503-307A-8076-8AC2AD8B75B2}.RelWithDebInfo|x86.ActiveCfg = RelWithDebInfo|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.DBG|x64.ActiveCfg = Debug|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.DBG|x64.Build.0 = Debug|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.DBG|x86.ActiveCfg = RelWithDebInfo|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.DBG|x86.Build.0 = RelWithDebInfo|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.Debug|x64.ActiveCfg = Debug|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.Debug|x64.Build.0 = Debug|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.Debug|x86.ActiveCfg = Debug|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.MinSizeRel|x64.ActiveCfg = MinSizeRel|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.MinSizeRel|x64.Build.0 = MinSizeRel|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.MinSizeRel|x86.ActiveCfg = MinSizeRel|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.Release|x64.ActiveCfg = Release|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.Release|x64.Build.0 = Release|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.Release|x86.ActiveCfg = Release|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.RelWithDebInfo|x64.ActiveCfg = RelWithDebInfo|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.RelWithDebInfo|x64.Build.0 = RelWithDebInfo|x64 + {A0471FDD-F210-3D7E-B4EA-20543BC10911}.RelWithDebInfo|x86.ActiveCfg = RelWithDebInfo|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection + GlobalSection(NestedProjects) = preSolution + {88A23124-5640-35A0-B890-311D7A67A7D2} = {EBAB8252-B20D-461B-A361-054921EABC2B} + {D0B6092A-9944-4F24-9486-4B7DAE372619} = {EBAB8252-B20D-461B-A361-054921EABC2B} + {4345601E-F7A1-4F1D-9780-2B0C1DC7E157} = {EBAB8252-B20D-461B-A361-054921EABC2B} + {8163E74C-DDE4-4507-BD3D-064CD95FF33B} = {4345601E-F7A1-4F1D-9780-2B0C1DC7E157} + {A79E2869-7626-4801-B09D-5C12F5163BA3} = {4345601E-F7A1-4F1D-9780-2B0C1DC7E157} + {EC6B8F7F-730C-4086-B143-4664CC16DF8F} = {4345601E-F7A1-4F1D-9780-2B0C1DC7E157} + {F960486B-2DB4-44AF-91BB-0F19F228ABCF} = {4345601E-F7A1-4F1D-9780-2B0C1DC7E157} + {FE3202CE-D05C-4E04-AE9B-D30305D8CE31} = {4345601E-F7A1-4F1D-9780-2B0C1DC7E157} + {E4754E3E-2503-307A-8076-8AC2AD8B75B2} = {EBAB8252-B20D-461B-A361-054921EABC2B} + {A0471FDD-F210-3D7E-B4EA-20543BC10911} = {EBAB8252-B20D-461B-A361-054921EABC2B} + EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {08AD2EFA-1756-4AF3-B8B4-F629F3A29A19} EndGlobalSection diff --git a/vmprofiler-qt.vcxproj b/vmprofiler-qt.vcxproj index 7aee35c..8a53167 100644 --- a/vmprofiler-qt.vcxproj +++ b/vmprofiler-qt.vcxproj @@ -11,6 +11,27 @@ + + {a0471fdd-f210-3d7e-b4ea-20543bc10911} + + + {e4754e3e-2503-307a-8076-8ac2ad8b75b2} + + + {a79e2869-7626-4801-b09d-5c12f5163ba3} + + + {ec6b8f7f-730c-4086-b143-4664cc16df8f} + + + {f960486b-2db4-44af-91bb-0f19f228abcf} + + + {fe3202ce-d05c-4e04-ae9b-d30305d8ce31} + + + {8163e74c-dde4-4507-bd3d-064cd95ff33b} + {88a23124-5640-35a0-b890-311d7a67a7d2} @@ -46,6 +67,7 @@ + @@ -104,16 +126,18 @@ G:\Qt\5.15.1\msvc2019_64\include;$(ProjectDir);$(ProjectDir)src\DarkStyle\framelesswindow\;$(ProjectDir)src\DarkStyle;$(IncludePath);$(ProjectDir)dependencies\vmprofiler\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\dependencies\zycore\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\msvc;$(ProjectDir)dependencies\ia32-doc\out\ - G:\Qt\5.15.1\msvc2019_64\include;$(ProjectDir);$(ProjectDir)src\DarkStyle\framelesswindow\;$(ProjectDir)src\DarkStyle;$(IncludePath);$(ProjectDir)dependencies\vmprofiler\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\dependencies\zycore\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\msvc;$(ProjectDir)dependencies\ia32-doc\out\ + G:\Qt\5.15.1\msvc2019_64\include\QtWidgets;G:\Qt\5.15.1\msvc2019_64\include\*\;G:\Qt\5.15.1\msvc2019_64\include;$(ProjectDir);$(ProjectDir)src\darkstyle\framelesswindow\;$(ProjectDir)src\darkstyle;$(IncludePath);$(ProjectDir)dependencies\vmprofiler\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\dependencies\zycore\include;$(ProjectDir)dependencies\vmprofiler\dependencies\zydis\msvc;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\VTIL\includes\;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\dependencies\keystone\include;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\dependencies\capstone\include;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\VTIL-SymEx\includes\;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\VTIL-Compiler\includes\;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\VTIL-Common\includes\;$(ProjectDir)dependencies\vmprofiler\dependencies\vtil\VTIL-Architecture\includes\;$(ProjectDir)dependencies\ia32-doc\out\ - stdcpp17 + stdcpplatest ZYDIS_STATIC_DEFINE;%(PreprocessorDefinitions) $(ProjectDir)..\libs\*;%(AdditionalDependencies) true + 4194304 + 4194304 diff --git a/vmprofiler-qt.vcxproj.filters b/vmprofiler-qt.vcxproj.filters index f0c30ad..32375cd 100644 --- a/vmprofiler-qt.vcxproj.filters +++ b/vmprofiler-qt.vcxproj.filters @@ -88,6 +88,9 @@ Header Files + + Header Files + From 77b3e87b38260622b28fc2e2045a7412904e525d Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Fri, 11 Jun 2021 17:58:28 -0700 Subject: [PATCH 3/9] preparing to add VTIL->lift specific block... --- src/qvminspector.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/qvminspector.cpp b/src/qvminspector.cpp index dd71fe1..336c355 100644 --- a/src/qvminspector.cpp +++ b/src/qvminspector.cpp @@ -101,11 +101,17 @@ void qvminspector_t::on_lift_block() ++code_block_num ) { auto new_button = new QPushButton(); - new_button->setText( QString( "block_%1" ).arg( code_block->vip_begin, 0u, 16 ) ); + new_button->setText( + QString( "block_%1" ) + .arg( ABS_TO_IMG( code_block->vip_begin, file_header->module_base, file_header->image_base ), 0u, + 16 ) ); + + new_button->setProperty( + "addr", ABS_TO_IMG( code_block->vip_begin, file_header->module_base, file_header->image_base ) ); + layout->addWidget( new_button ); } - lift_block_select->setBaseSize( { 200, 100 } ); lift_block_select->setWindowTitle( "Select A Block" ); lift_block_select->setLayout( layout ); lift_block_select->exec(); From 06356e966807c81886892a291190d8b872c2ca60 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Fri, 11 Jun 2021 22:44:37 -0700 Subject: [PATCH 4/9] added qvirt_handlers.cpp which will handle updating the vm handlers tab... --- src/main.cpp | 2 + src/qvirt_handlers.cpp | 92 +++++++++++++++++++++++++++++ src/qvirt_handlers.h | 19 ++++++ src/qvminspector.cpp | 96 +++++++++++------------------- src/qvminspector.h | 7 +-- src/qvminspector.ui | 106 ++++++++++++++++++++++++++++++++-- vmprofiler-qt.vcxproj | 6 +- vmprofiler-qt.vcxproj.filters | 12 +++- 8 files changed, 261 insertions(+), 79 deletions(-) create mode 100644 src/qvirt_handlers.cpp create mode 100644 src/qvirt_handlers.h diff --git a/src/main.cpp b/src/main.cpp index bda59f8..edcb6d3 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -5,6 +5,7 @@ #include "qvminspector.h" #include "qvirt_instrs.h" +#include "qvirt_handlers.h" #include "framelesswindow.h" #include "DarkStyle.h" @@ -15,6 +16,7 @@ int main(int argc, char *argv[]) FramelessWindow frameless_window; const auto window = new qvminspector_t; qvirt_instrs_t virt_instr( window ); + qvirt_handlers_t virt_handlers( window ); frameless_window.setContent( window ); frameless_window.setWindowIcon(QIcon("icon.ico")); diff --git a/src/qvirt_handlers.cpp b/src/qvirt_handlers.cpp new file mode 100644 index 0000000..47ef49a --- /dev/null +++ b/src/qvirt_handlers.cpp @@ -0,0 +1,92 @@ +#include "qvirt_handlers.h" + +qvirt_handlers_t::qvirt_handlers_t( qvminspector_t *vminspector ) : vminspector( vminspector ), ui( &vminspector->ui ) +{ + connect( ui->virt_handlers_tree, &QTreeWidget::itemSelectionChanged, this, &qvirt_handlers_t::on_select ); +} + +void qvirt_handlers_t::update_transforms( vm::handler::handler_t &vm_handler ) +{ + char buffer[ 256 ]; + ZydisFormatter formatter; + ZydisFormatterInit( &formatter, ZYDIS_FORMATTER_STYLE_INTEL ); + + ui->virt_handler_transforms_tree->clear(); + const auto &vm_handler_transforms = vm_handler.transforms; + + for ( auto [ transform_type, transform_instr ] : vm_handler_transforms ) + { + if ( transform_type == vm::transform::type::generic0 && transform_instr.mnemonic == ZYDIS_MNEMONIC_INVALID ) + continue; + + auto new_transform_entry = new qtree_widget_item_t(); + + switch ( transform_type ) + { + case vm::transform::type::rolling_key: + { + new_transform_entry->setText( 0, "Key Transform" ); + break; + } + case vm::transform::type::generic0: + case vm::transform::type::generic1: + case vm::transform::type::generic2: + case vm::transform::type::generic3: + { + new_transform_entry->setText( 0, "Generic" ); + break; + } + case vm::transform::type::update_key: + { + new_transform_entry->setText( 0, "Update Key" ); + break; + } + default: + throw std::invalid_argument( "invalid transformation type..." ); + } + + ZydisFormatterFormatInstruction( &formatter, &transform_instr, buffer, sizeof( buffer ), NULL ); + + new_transform_entry->setText( 1, buffer ); + ui->virt_handler_transforms_tree->addTopLevelItem( new_transform_entry ); + } +} + +void qvirt_handlers_t::update_instrs( vm::handler::handler_t &vm_handler ) +{ + char buffer[ 256 ]; + ZydisFormatter formatter; + ZydisFormatterInit( &formatter, ZYDIS_FORMATTER_STYLE_INTEL ); + + ui->virt_handler_instrs_tree->clear(); + const auto &vm_handler_instrs = vm_handler.instrs; + + // display vm handler instructions... + for ( const auto &instr : vm_handler_instrs ) + { + auto new_instr = new qtree_widget_item_t(); + new_instr->setText( + 0, qstring_t::number( ( instr.addr - vminspector->module_base ) + vminspector->image_base, 16 ) ); + + ZydisFormatterFormatInstruction( &formatter, &instr.instr, buffer, sizeof( buffer ), + ( instr.addr - vminspector->module_base ) + vminspector->image_base ); + + new_instr->setText( 1, buffer ); + ui->virt_handler_instrs_tree->addTopLevelItem( new_instr ); + } +} + +void qvirt_handlers_t::on_select() +{ + auto item = ui->virt_handlers_tree->selectedItems()[ 0 ]; + + if ( !item ) + return; + + if ( !vminspector->vmctx ) + return; + + const auto handler_idx = item->data( 0, Qt::UserRole ).value< std::uint8_t >(); + update_instrs( vminspector->vmctx->vm_handlers[ handler_idx ] ); + update_transforms( vminspector->vmctx->vm_handlers[ handler_idx ] ); +} \ No newline at end of file diff --git a/src/qvirt_handlers.h b/src/qvirt_handlers.h new file mode 100644 index 0000000..2022692 --- /dev/null +++ b/src/qvirt_handlers.h @@ -0,0 +1,19 @@ +#pragma once +#define NOMINMAX +#include "qvminspector.h" + +class qvirt_handlers_t : public QObject +{ + Q_OBJECT + public: + explicit qvirt_handlers_t( qvminspector_t *vminspector ); + + private: + Ui::QVMProfilerClass *ui; + qvminspector_t *vminspector; + void update_transforms( vm::handler::handler_t &vm_handler ); + void update_instrs( vm::handler::handler_t &vm_handler ); + + private slots: + void on_select(); +}; \ No newline at end of file diff --git a/src/qvminspector.cpp b/src/qvminspector.cpp index 336c355..1d7e89c 100644 --- a/src/qvminspector.cpp +++ b/src/qvminspector.cpp @@ -11,7 +11,6 @@ qvminspector_t::qvminspector_t( qwidget_t *parent ) : qmain_window_t( parent ), connect( ui.action_open, &QAction::triggered, this, &qvminspector_t::on_open ); connect( ui.action_close, &QAction::triggered, this, &qvminspector_t::on_close ); connect( ui.lift_all_button, &QAction::triggered, this, &qvminspector_t::on_lift_all ); - connect( ui.lift_specific_block_button, &QAction::triggered, this, &qvminspector_t::on_lift_block ); } void qvminspector_t::on_lift_all() @@ -53,13 +52,8 @@ void qvminspector_t::on_lift_all() auto vinstr = &code_block->vinstr[ idx ]; if ( vinstr->mnemonic_t == vm::handler::INVALID ) { - std::printf( "> unable to lift to VTIL... unknown virtual instruction handler #%d... " - "please define a vm handler profile for this virtual instruction and try again..." - " you can also create your first contribution to this open source project by submitting" - " a merge request with your changes! :)\n", - vinstr->opcode ); - - return; + rtn->nop(); + continue; } const auto result = std::find_if( @@ -68,13 +62,8 @@ void qvminspector_t::on_lift_all() if ( result == vm::lifters::all.end() ) { - std::printf( "> unable to lift to VTIL... unknown virtual instruction handler lifter for #%d... " - "please define a vm handler lifter for this vm handler and try again..." - " you can also create your first contribution to this open source project by submitting" - " a merge request with your changes! :)\n", - vinstr->opcode ); - - return; + rtn->nop(); + continue; } // lift the virtual instruction... @@ -86,37 +75,6 @@ void qvminspector_t::on_lift_all() vtil::debug::dump( first ); } -void qvminspector_t::on_lift_block() -{ - if ( !file_header ) - return; - - auto lift_block_select = new QDialog(); - auto layout = new QVBoxLayout(); - - for ( auto [ code_block, code_block_num ] = std::tuple{ first_block, 0u }; - code_block_num < file_header->code_block_count; - code_block = reinterpret_cast< vmp2::v3::code_block_t * >( reinterpret_cast< std::uintptr_t >( code_block ) + - code_block->next_block_offset ), - ++code_block_num ) - { - auto new_button = new QPushButton(); - new_button->setText( - QString( "block_%1" ) - .arg( ABS_TO_IMG( code_block->vip_begin, file_header->module_base, file_header->image_base ), 0u, - 16 ) ); - - new_button->setProperty( - "addr", ABS_TO_IMG( code_block->vip_begin, file_header->module_base, file_header->image_base ) ); - - layout->addWidget( new_button ); - } - - lift_block_select->setWindowTitle( "Select A Block" ); - lift_block_select->setLayout( layout ); - lift_block_select->exec(); -} - void qvminspector_t::on_close() { exit( 0 ); @@ -161,7 +119,6 @@ void qvminspector_t::on_open() qfile_t open_file( file_path ); file_header = reinterpret_cast< vmp2::v3::file_header * >( malloc( file_size ) ); - dbg_msg( qstring_t( "loading vmp2 file %1..." ).arg( file_path ) ); if ( !open_file.open( QIODevice::ReadOnly ) ) { @@ -214,9 +171,10 @@ bool qvminspector_t::init_data() vm_entry_rva = file_header->vm_entry_rva; image_base = file_header->image_base; + image_size = file_header->module_size; module_base = reinterpret_cast< std::uintptr_t >( file_header ) + file_header->module_offset; - vmctx = new vm::ctx_t( module_base, image_base, image_base, vm_entry_rva ); + vmctx = new vm::ctx_t( module_base, image_base, image_size, vm_entry_rva ); if ( !vmctx->init() ) { @@ -356,6 +314,34 @@ void qvminspector_t::add_branch_children( qtree_widget_item_t *item, std::uintpt void qvminspector_t::update_ui() { + // add vm handlers to the vm handler tree... + ui.virt_handlers_tree->clear(); + for ( auto idx = 0u; idx < vmctx->vm_handlers.size(); ++idx ) + { + auto new_handler_entry = new qtree_widget_item_t; + new_handler_entry->setData( 0, Qt::UserRole, idx ); + new_handler_entry->setText( 0, QString( "%1" ).arg( idx ) ); + new_handler_entry->setText( + 1, QString( "%1" ).arg( + ABS_TO_IMG( vmctx->vm_handlers[ idx ].address, module_base, file_header->image_base ), 0, 16 ) ); + + new_handler_entry->setText( 2, vmctx->vm_handlers[ idx ].profile ? vmctx->vm_handlers[ idx ].profile->name + : "UNDEFINED" ); + + new_handler_entry->setText( 3, QString( "%1" ).arg( vmctx->vm_handlers[ idx ].imm_size ) ); + + if ( vmctx->vm_handlers[ idx ].profile && vmctx->vm_handlers[ idx ].imm_size ) + new_handler_entry->setText( 4, vmctx->vm_handlers[ idx ].profile->extention == + vm::handler::extention_t::sign_extend + ? "SIGN EXTENDED" + : "ZERO EXTENDED" ); + else + new_handler_entry->setText( 4, "UNDEFINED" ); + + ui.virt_handlers_tree->addTopLevelItem( new_handler_entry ); + } + ui.virt_handlers_tree->topLevelItem( 0 )->setSelected( true ); + // for each code block insert their virtual instructions // into the virtual instruction tree... also put meta data about the code // block above the virtual instructions... if the code block has a JCC (with two branches) @@ -470,18 +456,4 @@ void qvminspector_t::update_ui() finish: // bad code... ui.virt_instrs->topLevelItem( 0 )->setSelected( true ); -} - -bool qvminspector_t::event( QEvent *event ) -{ - if ( event->type() == QEvent::KeyPress ) - { - auto kevent = static_cast< QKeyEvent * >( event ); - if ( kevent->key() == Qt::Key::Key_F5 ) - { - - return true; - } - } - return false; } \ No newline at end of file diff --git a/src/qvminspector.h b/src/qvminspector.h index 2eaf615..cffd635 100644 --- a/src/qvminspector.h +++ b/src/qvminspector.h @@ -28,6 +28,7 @@ using qmsg_box_t = QMessageBox; class qvminspector_t : public qmain_window_t { friend class qvirt_instrs_t; + friend class qvirt_handlers_t; Q_OBJECT public: qvminspector_t( qwidget_t *parent = Q_NULLPTR ); @@ -36,10 +37,6 @@ class qvminspector_t : public qmain_window_t void on_open(); void on_close(); void on_lift_all(); - void on_lift_block(); - - protected: - bool event( QEvent *event ); private: void dbg_print( qstring_t DbgOutput ); @@ -51,7 +48,7 @@ class qvminspector_t : public qmain_window_t Ui::QVMProfilerClass ui; qstring_t file_path; qstring_t VMProtectedFilePath; - std::uint64_t image_base, vm_entry_rva, module_base; + std::uint64_t image_base, vm_entry_rva, module_base, image_size; vm::ctx_t *vmctx; vmp2::v3::file_header *file_header; diff --git a/src/qvminspector.ui b/src/qvminspector.ui index ca9e741..26fa6a6 100644 --- a/src/qvminspector.ui +++ b/src/qvminspector.ui @@ -7,7 +7,7 @@ 0 0 1496 - 1038 + 1093 @@ -29,7 +29,7 @@ 0 - + Virtual Instructions @@ -45,7 +45,7 @@ 0 0 1452 - 799 + 854 @@ -415,7 +415,7 @@ 0 0 672 - 210 + 228 @@ -508,6 +508,101 @@ Virtual Machine Handlers + + + + + Virtual Machine Handler List + + + + + + + Index + + + + + Address + + + + + Name + + + + + Imm Size + + + + + Sign Extended Imm + + + + + + + + + + + Virtual Machine Handler Information + + + + + + Virtual Machine Handler Instructions + + + + + + + Address + + + + + Instruction + + + + + + + + + + + Virtual Machine Handler Transforms + + + + + + + Address + + + + + Instruction + + + + + + + + + + + @@ -533,7 +628,6 @@ VTIL - @@ -599,7 +693,7 @@ Close - + Lift Specific Block diff --git a/vmprofiler-qt.vcxproj b/vmprofiler-qt.vcxproj index 8a53167..623c921 100644 --- a/vmprofiler-qt.vcxproj +++ b/vmprofiler-qt.vcxproj @@ -44,12 +44,10 @@ + - - - @@ -67,6 +65,8 @@ + + diff --git a/vmprofiler-qt.vcxproj.filters b/vmprofiler-qt.vcxproj.filters index 32375cd..b6359a4 100644 --- a/vmprofiler-qt.vcxproj.filters +++ b/vmprofiler-qt.vcxproj.filters @@ -42,11 +42,11 @@ Source Files\darkstyle + + Source Files + - - Header Files - Header Files @@ -59,6 +59,12 @@ Header Files\darkstyle\framelesswindow + + Header Files + + + Header Files + From a3ba8eaa98a389ba91dbc50f2810f0d77d9799f9 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Fri, 11 Jun 2021 23:04:32 -0700 Subject: [PATCH 5/9] added something to prevent vtil from asserting... --- src/qvminspector.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/qvminspector.cpp b/src/qvminspector.cpp index 1d7e89c..4d85bae 100644 --- a/src/qvminspector.cpp +++ b/src/qvminspector.cpp @@ -43,6 +43,8 @@ void qvminspector_t::on_lift_all() else { first = rtn; + if ( !rtn->is_complete() ) + rtn->vexit( 0u ); rtn = rtn->fork( ABS_TO_IMG( code_block->vip_begin, file_header->module_base, file_header->image_base ) ); } From 203349e6e3430b175a024454b0f137408d1972d3 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Sat, 12 Jun 2021 21:28:54 -0700 Subject: [PATCH 6/9] updated vmprofiler dep and frameless ui title to say v1.7 BETA --- dependencies/vmprofiler | 2 +- src/darkstyle/framelesswindow/framelesswindow.ui | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dependencies/vmprofiler b/dependencies/vmprofiler index 44e412c..a99d7a9 160000 --- a/dependencies/vmprofiler +++ b/dependencies/vmprofiler @@ -1 +1 @@ -Subproject commit 44e412cffb14c98806b1eb5a91bbccf5180b9dbb +Subproject commit a99d7a9f0a9924abc24d5fdef35a181e14bb294e diff --git a/src/darkstyle/framelesswindow/framelesswindow.ui b/src/darkstyle/framelesswindow/framelesswindow.ui index 7bb5ecd..d31de48 100644 --- a/src/darkstyle/framelesswindow/framelesswindow.ui +++ b/src/darkstyle/framelesswindow/framelesswindow.ui @@ -143,7 +143,7 @@ color:rgb(153,153,153); - VMProtect 2 - Virtual Instruction Inspector (v1.6 BETA) + VMProtect 2 - Virtual Instruction Inspector (v1.7 BETA) Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter From 060b11873a880743feea81f98b64173bb4d5b6a6 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Sat, 12 Jun 2021 19:44:06 -0700 Subject: [PATCH 7/9] updated vmprofiler dep... --- dependencies/vmprofiler | 2 +- src/qvminspector.cpp | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/dependencies/vmprofiler b/dependencies/vmprofiler index a99d7a9..63fe1e0 160000 --- a/dependencies/vmprofiler +++ b/dependencies/vmprofiler @@ -1 +1 @@ -Subproject commit a99d7a9f0a9924abc24d5fdef35a181e14bb294e +Subproject commit 63fe1e07fabad8c3cad4b1e6ab44c9d46e82bc19 diff --git a/src/qvminspector.cpp b/src/qvminspector.cpp index 4d85bae..55e55ec 100644 --- a/src/qvminspector.cpp +++ b/src/qvminspector.cpp @@ -18,15 +18,13 @@ void qvminspector_t::on_lift_all() if ( !first_block || !file_header ) return; - // if there was an older console try and free it.. FreeConsole(); - if ( !AllocConsole() ) return; freopen_s( reinterpret_cast< FILE ** >( stdin ), "CONIN$", "r", stdin ); freopen_s( reinterpret_cast< FILE ** >( stdout ), "CONOUT$", "w", stdout ); - SetConsoleTitleA( "[VTIL] - blew the brains out the coupe..." ); + SetConsoleTitleA( "[VTIL] - lifted and optimized output..." ); vtil::basic_block *rtn = nullptr, *first = nullptr; for ( auto [ code_block, code_block_num ] = std::tuple{ first_block, 0u }; @@ -54,6 +52,8 @@ void qvminspector_t::on_lift_all() auto vinstr = &code_block->vinstr[ idx ]; if ( vinstr->mnemonic_t == vm::handler::INVALID ) { + std::printf( "[WARNING] vm handler #%d is not implimented, the VTIL output may be incorrect!\n", + vinstr->opcode ); rtn->nop(); continue; } @@ -64,6 +64,8 @@ void qvminspector_t::on_lift_all() if ( result == vm::lifters::all.end() ) { + std::printf( "[WARNING] vm handler #%d lifter is not implimented, the VTIL output may be incorrect!\n", + vinstr->opcode ); rtn->nop(); continue; } From b328170e51bfd0a381545ccb8f3401aef7da7b33 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Sat, 12 Jun 2021 22:16:18 -0700 Subject: [PATCH 8/9] updated vmprofiler dep... --- dependencies/vmprofiler | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies/vmprofiler b/dependencies/vmprofiler index 63fe1e0..e75104f 160000 --- a/dependencies/vmprofiler +++ b/dependencies/vmprofiler @@ -1 +1 @@ -Subproject commit 63fe1e07fabad8c3cad4b1e6ab44c9d46e82bc19 +Subproject commit e75104fbb3b07540be51fcef169e9eaffd1cfee2 From ff76e51cca55904432cc443bd95336ca83d41427 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Sun, 13 Jun 2021 05:18:36 +0000 Subject: [PATCH 9/9] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 34729b0..31088c1 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@
- +