diff --git a/dependencies/vmprofiler b/dependencies/vmprofiler
index 5129d39..4cc0334 160000
--- a/dependencies/vmprofiler
+++ b/dependencies/vmprofiler
@@ -1 +1 @@
-Subproject commit 5129d39eb726e32a80417165ec37b597357664d4
+Subproject commit 4cc033468e9f3b3583d07f307b9f5e9179db8762
diff --git a/src/DarkStyle/framelesswindow/framelesswindow.ui b/src/DarkStyle/framelesswindow/framelesswindow.ui
index d0663da..2f413dc 100644
--- a/src/DarkStyle/framelesswindow/framelesswindow.ui
+++ b/src/DarkStyle/framelesswindow/framelesswindow.ui
@@ -143,7 +143,7 @@
color:rgb(153,153,153);
- VMProtect 2 - Virtual Instruction Trace Inspector
+ VMProtect 2 - Virtual Instruction Inspector (v1.5)
Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter
diff --git a/src/QVMProfiler.cpp b/src/QVMProfiler.cpp
index 02efe37..e62ad96 100644
--- a/src/QVMProfiler.cpp
+++ b/src/QVMProfiler.cpp
@@ -1,21 +1,20 @@
#include "QVMProfiler.h"
-QVMProfiler::QVMProfiler(QWidget *parent)
- : QMainWindow(parent),
- TraceFileBlob(nullptr),
- VMCtx(nullptr)
+QVMProfiler::QVMProfiler( QWidget *parent ) : QMainWindow( parent ), TraceFileBlob( nullptr ), VMCtx( nullptr )
{
- ui.setupUi(this);
+ ui.setupUi( this );
}
void QVMProfiler::on_actionCloseProgram_triggered()
-{ exit(0); }
+{
+ exit( 0 );
+}
void QVMProfiler::on_actionOpen_VMTrace_triggered()
{
- if (TraceFileBlob && VMCtx)
+ if ( TraceFileBlob && VMCtx )
{
- free(TraceFileBlob);
+ free( TraceFileBlob );
TraceFileBlob = nullptr;
TraceFileHeader = nullptr;
TraceEntryList = nullptr;
@@ -30,158 +29,113 @@ void QVMProfiler::on_actionOpen_VMTrace_triggered()
delete VMCtx;
}
- TraceFilePath = QFileDialog::getOpenFileName(this,
- tr("Open Trace"), "C:\\", tr("VMTrace Files (*.vmp2)"));
-
- if (TraceFilePath.isEmpty())
- {
- DbgMessage("Invalid Trace File... No File Selected...");
- return;
- }
-
- if (!std::filesystem::exists(TraceFilePath.toStdString().c_str()))
- {
- DbgMessage("Trace File Doesnt Exist...");
- return;
- }
-
- VMProtectedFilePath = QFileDialog::getOpenFileName(this,
- tr("Open VMProtected File"), "C:\\");
+ TraceFilePath = QFileDialog::getOpenFileName( this, tr( "Open Trace" ), "C:\\", tr( "VMTrace Files (*.vmp2)" ) );
- if (VMProtectedFilePath.isEmpty())
+ if ( TraceFilePath.isEmpty() )
{
- DbgMessage("Invalid VMProtected File... No File Selected...");
+ DbgMessage( "Invalid Trace File... No File Selected..." );
return;
}
- if (!std::filesystem::exists(VMProtectedFilePath.toStdString().c_str()))
+ if ( !std::filesystem::exists( TraceFilePath.toStdString().c_str() ) )
{
- DbgMessage("VMProtected File Doesnt Exist...");
+ DbgMessage( "Trace File Doesnt Exist..." );
return;
}
- bool Success = false;
- auto VMEntryRvaStr = QInputDialog::getText(0, "Input",
- "VMEntry Relative Virtual Address:", QLineEdit::Normal, "", &Success);
+ const auto TraceFileSize = std::filesystem::file_size( TraceFilePath.toStdString().c_str() );
- if (!Success || VMEntryRvaStr.isEmpty())
+ if ( !TraceFileSize )
{
- DbgMessage("Invalid VMEntry Relative Virtual Address...");
+ DbgMessage( "Invalid Trace File Size..." );
return;
}
- auto ImageBaseStr = QInputDialog::getText(0, "Input",
- "Image Base:", QLineEdit::Normal, "", &Success);
+ QFile File( TraceFilePath );
+ TraceFileBlob = malloc( TraceFileSize );
+ DbgMessage( QString( "Loading Trace File %1..." ).arg( TraceFilePath ) );
- if (!Success || ImageBaseStr.isEmpty())
+ if(!File.open( QIODevice::ReadOnly ))
{
- DbgMessage("Invalid Image Base...");
+ DbgMessage( "Failed To Open Trace File..." );
return;
}
- VMEntryRva = VMEntryRvaStr.toULongLong(nullptr, 16);
- ImageBase = ImageBaseStr.toULongLong(nullptr, 16);
+ memcpy( TraceFileBlob, File.readAll().data(), TraceFileSize );
- ModuleBase = reinterpret_cast(
- LoadLibraryExA(VMProtectedFilePath.toStdString().c_str(),
- NULL, DONT_RESOLVE_DLL_REFERENCES));
-
- const auto TraceFileSize =
- std::filesystem::file_size(
- TraceFilePath.toStdString().c_str());
-
- if (!TraceFileSize)
+ if ( !InitTraceData() )
{
- DbgMessage("Invalid Trace File Size...");
- return;
- }
-
- DbgMessage(QString("Loading Trace File %1...").arg(TraceFilePath));
-
- // could use a QFile for all of this...
- const auto FileSize =
- std::filesystem::file_size(
- TraceFilePath.toStdString().c_str());
-
- // could use a QFile for all of this...
- TraceFileBlob = malloc(FileSize);
- std::ifstream TFile(TraceFilePath.toStdString().c_str(), std::ios::binary);
- TFile.read((char*)TraceFileBlob, FileSize);
- TFile.close();
-
- if (!InitTraceData())
- {
- DbgMessage("Failed To Init Trace Data...");
+ DbgMessage( "Failed To Init Trace Data..." );
return;
}
UpdateUI();
}
-void QVMProfiler::DbgPrint(QString DbgOutput)
+void QVMProfiler::DbgPrint( QString DbgOutput )
{
- ui.DbgOutputWindow->appendPlainText(DbgOutput);
+ ui.DbgOutputWindow->appendPlainText( DbgOutput );
}
-void QVMProfiler::DbgMessage(QString DbgOutput)
+void QVMProfiler::DbgMessage( QString DbgOutput )
{
QMessageBox MsgBox;
- MsgBox.setText(DbgOutput);
+ MsgBox.setText( DbgOutput );
MsgBox.exec();
- DbgPrint(DbgOutput);
+ DbgPrint( DbgOutput );
}
bool QVMProfiler::InitTraceData()
{
- TraceFileHeader =
- reinterpret_cast(TraceFileBlob);
-
- TraceEntryList =
- reinterpret_cast(
- reinterpret_cast(
- TraceFileBlob) + TraceFileHeader->entry_offset);
+ TraceFileHeader = reinterpret_cast< vmp2::v2::file_header * >( TraceFileBlob );
+ TraceEntryList = reinterpret_cast< vmp2::v2::entry_t * >( reinterpret_cast< std::uintptr_t >( TraceFileBlob ) +
+ TraceFileHeader->entry_offset );
const auto TraceMagicBytes = &TraceFileHeader->magic;
- if (memcmp(TraceMagicBytes, "VMP2", sizeof "VMP2" - 1) != 0)
+ if ( memcmp( TraceMagicBytes, "VMP2", sizeof "VMP2" - 1 ) != 0 )
{
- DbgMessage("Trace File Magic Bytes Are Invalid...\n");
+ DbgMessage( "Trace File Magic Bytes Are Invalid...\n" );
return false;
}
- DbgPrint("Trace File Magic Bytes Are Valid....");
- if (!vm::util::flatten(VMEntry, VMEntryRva + ModuleBase))
+ VMEntryRva = TraceFileHeader->vm_entry_rva;
+ ImageBase = TraceFileHeader->image_base;
+ ModuleBase = reinterpret_cast< std::uintptr_t >( TraceFileHeader ) + TraceFileHeader->module_offset;
+
+ DbgPrint( "Trace File Magic Bytes Are Valid...." );
+ if ( !vm::util::flatten( VMEntry, VMEntryRva + ModuleBase ) )
{
- DbgMessage("Failed To Flatten VMEntry...\n");
+ DbgMessage( "Failed To Flatten VMEntry...\n" );
return false;
}
- vm::util::deobfuscate(VMEntry);
- DbgPrint("Flattened VMEntry...");
- DbgPrint("Deobfuscated VMEntry...");
+ vm::util::deobfuscate( VMEntry );
+ DbgPrint( "Flattened VMEntry..." );
+ DbgPrint( "Deobfuscated VMEntry..." );
- char buffer[256];
+ char buffer[ 256 ];
ZydisFormatter formatter;
- ZydisFormatterInit(&formatter, ZYDIS_FORMATTER_STYLE_INTEL);
+ ZydisFormatterInit( &formatter, ZYDIS_FORMATTER_STYLE_INTEL );
- for (auto& Instr : VMEntry)
+ for ( auto &Instr : VMEntry )
{
- ZydisFormatterFormatInstruction(&formatter, &Instr.instr, buffer, sizeof(buffer),
- (Instr.addr - TraceFileHeader->module_base) + ImageBase);
+ ZydisFormatterFormatInstruction( &formatter, &Instr.instr, buffer, sizeof( buffer ),
+ ( Instr.addr - TraceFileHeader->module_base ) + ImageBase );
- DbgPrint(QString("> %1 %2").arg(
- QString::number((Instr.addr - TraceFileHeader->module_base) + ImageBase, 16)).arg(buffer));
+ DbgPrint( QString( "> %1 %2" )
+ .arg( QString::number( ( Instr.addr - TraceFileHeader->module_base ) + ImageBase, 16 ) )
+ .arg( buffer ) );
}
- VMHandlerTable = vm::handler::table::get(VMEntry);
- if (!vm::handler::get_all(ModuleBase, ImageBase, VMEntry, VMHandlerTable, VMHandlers))
+ VMHandlerTable = vm::handler::table::get( VMEntry );
+ if ( !vm::handler::get_all( ModuleBase, ImageBase, VMEntry, VMHandlerTable, VMHandlers ) )
{
- DbgMessage("Failed To Get All VM Handler Meta Data...\n");
+ DbgMessage( "Failed To Get All VM Handler Meta Data...\n" );
return false;
}
- DbgPrint("Located All VM Handlers...");
- VMCtx = new vm::vmctx_t(TraceFileHeader,
- TraceEntryList, VMHandlers, ModuleBase, ImageBase);
+ DbgPrint( "Located All VM Handlers..." );
+ VMCtx = new vm::vmctx_t( TraceFileHeader, TraceEntryList, VMHandlers, ModuleBase, ImageBase );
return true;
}
@@ -189,151 +143,136 @@ bool QVMProfiler::InitTraceData()
void QVMProfiler::UpdateUI()
{
ui.VirtualInstructionTree->clear();
- for (auto [VirtInstr, TraceEntry] = VMCtx->step(); TraceEntry && !VirtInstr.empty();
- std::tie(VirtInstr, TraceEntry) = VMCtx->step())
+ for ( auto [ VirtInstr, TraceEntry ] = VMCtx->step(); TraceEntry && !VirtInstr.empty();
+ std::tie( VirtInstr, TraceEntry ) = VMCtx->step() )
{
auto InstructionTraceData = new QTreeWidgetItem();
- InstructionTraceData->setText(0, QString::number((TraceEntry->vip - TraceFileHeader->module_base) + ImageBase, 16));
+ InstructionTraceData->setText(
+ 0, QString::number( ( TraceEntry->vip - TraceFileHeader->module_base ) + ImageBase, 16 ) );
- if (VMHandlers[TraceEntry->handler_idx].imm_size)
+ if ( VMHandlers[ TraceEntry->handler_idx ].imm_size )
{
QString SecondOperandBytes;
- auto numByteOperand = VMHandlers[TraceEntry->handler_idx].imm_size / 8;
- auto spaceIdx = VirtInstr.find(" ") + 1;
- auto ImmValue = QString(VirtInstr.substr(
- spaceIdx, VirtInstr.size() - spaceIdx).c_str()).toULongLong(nullptr, 16);
+ auto numByteOperand = VMHandlers[ TraceEntry->handler_idx ].imm_size / 8;
+ auto spaceIdx = VirtInstr.find( " " ) + 1;
+ auto ImmValue =
+ QString( VirtInstr.substr( spaceIdx, VirtInstr.size() - spaceIdx ).c_str() ).toULongLong( nullptr, 16 );
- for (auto idx = 0u; idx < numByteOperand; ++idx)
+ for ( auto idx = 0u; idx < numByteOperand; ++idx )
{
- SecondOperandBytes.append(QString::number(*(
- reinterpret_cast(&ImmValue) + idx), 16));
+ SecondOperandBytes.append(
+ QString::number( *( reinterpret_cast< std::uint8_t * >( &ImmValue ) + idx ), 16 ) );
- SecondOperandBytes.append(" ");
+ SecondOperandBytes.append( " " );
}
- InstructionTraceData->setText(1, QString::number(
- TraceEntry->handler_idx, 16).append(" - ").append(SecondOperandBytes));
+ InstructionTraceData->setText(
+ 1, QString::number( TraceEntry->handler_idx, 16 ).append( " - " ).append( SecondOperandBytes ) );
}
else
{
// else we just put the first operand byte (vm handler index)...
- InstructionTraceData->setText(1, QString::number(TraceEntry->handler_idx, 16));
+ InstructionTraceData->setText( 1, QString::number( TraceEntry->handler_idx, 16 ) );
}
- InstructionTraceData->setText(2, VirtInstr.c_str());
- ui.VirtualInstructionTree->addTopLevelItem(InstructionTraceData);
+ InstructionTraceData->setText( 2, VirtInstr.c_str() );
+ ui.VirtualInstructionTree->addTopLevelItem( InstructionTraceData );
}
- ui.VirtualInstructionTree->topLevelItem(0)->setSelected(true);
+ ui.VirtualInstructionTree->topLevelItem( 0 )->setSelected( true );
}
void QVMProfiler::on_VirtualInstructionTree_itemSelectionChanged()
{
- auto SelectedItem = ui.VirtualInstructionTree->selectedItems()[0];
- auto VIPAddr = SelectedItem->data(0, 0).toString().toULongLong(nullptr, 16);
- vmp2::entry_t* Entry = nullptr;
+ auto SelectedItem = ui.VirtualInstructionTree->selectedItems()[ 0 ];
+ auto VIPAddr = SelectedItem->data( 0, 0 ).toString().toULongLong( nullptr, 16 );
+ vmp2::v2::entry_t *Entry = nullptr;
- for (auto idx = 0u; idx < TraceFileHeader->entry_count; ++idx)
+ for ( auto idx = 0u; idx < TraceFileHeader->entry_count; ++idx )
{
- if ((TraceEntryList[idx].vip - TraceFileHeader->module_base) + ImageBase == VIPAddr)
+ if ( ( TraceEntryList[ idx ].vip - TraceFileHeader->module_base ) + ImageBase == VIPAddr )
{
- Entry = &TraceEntryList[idx];
+ Entry = &TraceEntryList[ idx ];
break;
}
}
- ui.VirtualRegisterTree->topLevelItem(0)->setText(1,
- QString::number((Entry->vip - TraceFileHeader->module_base) + ImageBase, 16));
+ ui.VirtualRegisterTree->topLevelItem( 0 )->setText(
+ 1, QString::number( ( Entry->vip - TraceFileHeader->module_base ) + ImageBase, 16 ) );
- ui.VirtualRegisterTree->topLevelItem(1)->setText(1,
- QString::number(Entry->regs.rbp, 16));
+ ui.VirtualRegisterTree->topLevelItem( 1 )->setText( 1, QString::number( Entry->regs.rbp, 16 ) );
- ui.VirtualRegisterTree->topLevelItem(2)->setText(1,
- QString::number(Entry->decrypt_key, 16));
+ ui.VirtualRegisterTree->topLevelItem( 2 )->setText( 1, QString::number( Entry->decrypt_key, 16 ) );
- for (auto idx = 4; idx < 28; ++idx)
- ui.VirtualRegisterTree->topLevelItem(idx)->setText(1,
- QString::number(Entry->vregs.qword[idx - 4], 16));
+ for ( auto idx = 4; idx < 28; ++idx )
+ ui.VirtualRegisterTree->topLevelItem( idx )->setText( 1, QString::number( Entry->vregs.qword[ idx - 4 ], 16 ) );
- for (auto idx = 0u; idx < 15; ++idx)
- ui.NativeRegisterTree->topLevelItem(idx)->setText(1,
- QString::number(Entry->regs.raw[idx], 16));
+ for ( auto idx = 0u; idx < 15; ++idx )
+ ui.NativeRegisterTree->topLevelItem( idx )->setText( 1, QString::number( Entry->regs.raw[ idx ], 16 ) );
- ui.NativeRegisterTree->topLevelItem(
- 16)->setText(1, QString::number(Entry->regs.rflags, 16));
+ ui.NativeRegisterTree->topLevelItem( 16 )->setText( 1, QString::number( Entry->regs.rflags, 16 ) );
rflags flags;
flags.flags = Entry->regs.rflags;
- ui.NativeRegisterTree->topLevelItem(16)->child(0)->setText(
- 1, QString::number(flags.zero_flag));
+ ui.NativeRegisterTree->topLevelItem( 16 )->child( 0 )->setText( 1, QString::number( flags.zero_flag ) );
- ui.NativeRegisterTree->topLevelItem(16)->child(1)->setText(
- 1, QString::number(flags.parity_flag));
+ ui.NativeRegisterTree->topLevelItem( 16 )->child( 1 )->setText( 1, QString::number( flags.parity_flag ) );
- ui.NativeRegisterTree->topLevelItem(16)->child(2)->setText(
- 1, QString::number(flags.auxiliary_carry_flag));
+ ui.NativeRegisterTree->topLevelItem( 16 )->child( 2 )->setText( 1, QString::number( flags.auxiliary_carry_flag ) );
- ui.NativeRegisterTree->topLevelItem(16)->child(3)->setText(
- 1, QString::number(flags.overflow_flag));
+ ui.NativeRegisterTree->topLevelItem( 16 )->child( 3 )->setText( 1, QString::number( flags.overflow_flag ) );
- ui.NativeRegisterTree->topLevelItem(16)->child(4)->setText(
- 1, QString::number(flags.sign_flag));
+ ui.NativeRegisterTree->topLevelItem( 16 )->child( 4 )->setText( 1, QString::number( flags.sign_flag ) );
- ui.NativeRegisterTree->topLevelItem(16)->child(5)->setText(
- 1, QString::number(flags.direction_flag));
+ ui.NativeRegisterTree->topLevelItem( 16 )->child( 5 )->setText( 1, QString::number( flags.direction_flag ) );
- ui.NativeRegisterTree->topLevelItem(16)->child(6)->setText(
- 1, QString::number(flags.carry_flag));
+ ui.NativeRegisterTree->topLevelItem( 16 )->child( 6 )->setText( 1, QString::number( flags.carry_flag ) );
- ui.NativeRegisterTree->topLevelItem(16)->child(7)->setText(
- 1, QString::number(flags.trap_flag));
+ ui.NativeRegisterTree->topLevelItem( 16 )->child( 7 )->setText( 1, QString::number( flags.trap_flag ) );
- ui.NativeRegisterTree->topLevelItem(16)->child(8)->setText(
- 1, QString::number(flags.interrupt_enable_flag));
+ ui.NativeRegisterTree->topLevelItem( 16 )->child( 8 )->setText( 1, QString::number( flags.interrupt_enable_flag ) );
ui.VirtualStackTree->clear();
- for (auto idx = 0u; idx < sizeof(Entry->vsp) / 8; ++idx)
+ for ( auto idx = 0u; idx < sizeof( Entry->vsp ) / 8; ++idx )
{
auto newEntry = new QTreeWidgetItem();
- newEntry->setText(0, QString::number(Entry->regs.rbp - (idx * 8), 16));
- newEntry->setText(1, QString::number(Entry->vsp.qword[idx], 16));
- ui.VirtualStackTree->addTopLevelItem(newEntry);
+ newEntry->setText( 0, QString::number( Entry->regs.rbp - ( idx * 8 ), 16 ) );
+ newEntry->setText( 1, QString::number( Entry->vsp.qword[ idx ], 16 ) );
+ ui.VirtualStackTree->addTopLevelItem( newEntry );
}
ui.VMHandlerInstructionsTree->clear();
- auto InstrVec = &VMHandlers[Entry->handler_idx].instrs;
+ auto InstrVec = &VMHandlers[ Entry->handler_idx ].instrs;
- char buffer[256];
+ char buffer[ 256 ];
ZydisFormatter formatter;
- ZydisFormatterInit(&formatter, ZYDIS_FORMATTER_STYLE_INTEL);
+ ZydisFormatterInit( &formatter, ZYDIS_FORMATTER_STYLE_INTEL );
- for (auto idx = 0u; idx < InstrVec->size(); ++idx)
+ for ( auto idx = 0u; idx < InstrVec->size(); ++idx )
{
auto newEntry = new QTreeWidgetItem();
- newEntry->setText(0, QString::number(
- (InstrVec->at(idx).addr - ModuleBase) + ImageBase, 16));
+ newEntry->setText( 0, QString::number( ( InstrVec->at( idx ).addr - ModuleBase ) + ImageBase, 16 ) );
- ZydisFormatterFormatInstruction(&formatter, &InstrVec->at(idx).instr,
- buffer, sizeof(buffer), (InstrVec->at(idx).addr - ModuleBase) + ImageBase);
+ ZydisFormatterFormatInstruction( &formatter, &InstrVec->at( idx ).instr, buffer, sizeof( buffer ),
+ ( InstrVec->at( idx ).addr - ModuleBase ) + ImageBase );
- newEntry->setText(1, buffer);
- ui.VMHandlerInstructionsTree->addTopLevelItem(newEntry);
+ newEntry->setText( 1, buffer );
+ ui.VMHandlerInstructionsTree->addTopLevelItem( newEntry );
}
ui.VMHandlerTransformationsTree->clear();
- auto HandlerTransforms = &VMHandlers[Entry->handler_idx].transforms;
+ auto HandlerTransforms = &VMHandlers[ Entry->handler_idx ].transforms;
- for (auto [TransformType, TransformInstr] : *HandlerTransforms)
+ for ( auto [ TransformType, TransformInstr ] : *HandlerTransforms )
{
- if (TransformType == vm::transform::type::generic0 &&
- TransformInstr.mnemonic == ZYDIS_MNEMONIC_INVALID)
+ if ( TransformType == vm::transform::type::generic0 && TransformInstr.mnemonic == ZYDIS_MNEMONIC_INVALID )
continue;
auto newEntry = new QTreeWidgetItem();
- switch (TransformType)
+ switch ( TransformType )
{
case vm::transform::type::rolling_key:
{
- newEntry->setText(0, "Key Transform");
+ newEntry->setText( 0, "Key Transform" );
break;
}
case vm::transform::type::generic0:
@@ -341,22 +280,21 @@ void QVMProfiler::on_VirtualInstructionTree_itemSelectionChanged()
case vm::transform::type::generic2:
case vm::transform::type::generic3:
{
- newEntry->setText(0, "Generic");
+ newEntry->setText( 0, "Generic" );
break;
}
case vm::transform::type::update_key:
{
- newEntry->setText(0, "Update Key");
+ newEntry->setText( 0, "Update Key" );
break;
}
default:
- throw std::invalid_argument("invalid transformation type...");
+ throw std::invalid_argument( "invalid transformation type..." );
}
- ZydisFormatterFormatInstruction(&formatter, &TransformInstr,
- buffer, sizeof(buffer), NULL);
+ ZydisFormatterFormatInstruction( &formatter, &TransformInstr, buffer, sizeof( buffer ), NULL );
- newEntry->setText(1, buffer);
- ui.VMHandlerTransformationsTree->addTopLevelItem(newEntry);
+ newEntry->setText( 1, buffer );
+ ui.VMHandlerTransformationsTree->addTopLevelItem( newEntry );
}
}
\ No newline at end of file
diff --git a/src/QVMProfiler.h b/src/QVMProfiler.h
index 0ab2500..61f7085 100644
--- a/src/QVMProfiler.h
+++ b/src/QVMProfiler.h
@@ -1,33 +1,33 @@
#pragma once
#include
+#include
#include
#include
-#include
#include
#include
#include
#include
+#include "ia32.hpp"
#include "ui_QVMProfiler.h"
-#include "vmp2.hpp"
#include "vmctx.h"
-#include "ia32.hpp"
+#include "vmp2.hpp"
class QVMProfiler : public QMainWindow
{
Q_OBJECT
-public:
- QVMProfiler(QWidget *parent = Q_NULLPTR);
+ public:
+ QVMProfiler( QWidget *parent = Q_NULLPTR );
-private slots:
+ private slots:
void on_actionOpen_VMTrace_triggered();
void on_actionCloseProgram_triggered();
void on_VirtualInstructionTree_itemSelectionChanged();
-private:
- void DbgPrint(QString DbgOutput);
- void DbgMessage(QString DbgOutput);
+ private:
+ void DbgPrint( QString DbgOutput );
+ void DbgMessage( QString DbgOutput );
void UpdateUI();
bool InitTraceData();
@@ -36,13 +36,13 @@ private:
QString VMProtectedFilePath;
std::uint64_t ImageBase, VMEntryRva, ModuleBase;
- std::vector VMHandlers;
+ std::vector< vm::handler::handler_t > VMHandlers;
zydis_routine_t VMEntry;
- std::uintptr_t* VMHandlerTable;
- vm::vmctx_t* VMCtx;
+ std::uintptr_t *VMHandlerTable;
+ vm::vmctx_t *VMCtx;
- void* TraceFileBlob;
- vmp2::file_header* TraceFileHeader;
- vmp2::entry_t* TraceEntryList;
+ void *TraceFileBlob;
+ vmp2::v2::file_header *TraceFileHeader;
+ vmp2::v2::entry_t *TraceEntryList;
};
diff --git a/src/vmctx.cpp b/src/vmctx.cpp
index 4eed1ea..3fae6f1 100644
--- a/src/vmctx.cpp
+++ b/src/vmctx.cpp
@@ -2,13 +2,13 @@
namespace vm
{
- vmctx_t::vmctx_t( vmp2::file_header *file_header, vmp2::entry_t *entry_list,
+ vmctx_t::vmctx_t( vmp2::v2::file_header *file_header, vmp2::v2::entry_t *entry_list,
std::vector< vm::handler::handler_t > &vm_handlers, std::uintptr_t module_base, std::uintptr_t image_base )
: module_base( module_base ), image_base( image_base ), entry_list( entry_list ), file_header( file_header ),
vm_handlers( vm_handlers ), idx( 0 )
{}
- std::pair< std::string, const vmp2::entry_t * > vmctx_t::step() const
+ std::pair< std::string, const vmp2::v2::entry_t * > vmctx_t::step() const
{
if ( idx >= file_header->entry_count )
return {};
diff --git a/src/vmctx.h b/src/vmctx.h
index 5dca2ab..58cd9b6 100644
--- a/src/vmctx.h
+++ b/src/vmctx.h
@@ -6,19 +6,19 @@ namespace vm
class vmctx_t
{
public:
- explicit vmctx_t( vmp2::file_header *file_header, vmp2::entry_t *entry_list,
+ explicit vmctx_t( vmp2::v2::file_header *file_header, vmp2::v2::entry_t *entry_list,
std::vector< vm::handler::handler_t > &vm_handlers, std::uintptr_t module_base,
std::uintptr_t image_base );
- std::pair< std::string, const vmp2::entry_t * > step() const;
+ std::pair< std::string, const vmp2::v2::entry_t * > step() const;
private:
std::uintptr_t get_imm( vmp2::exec_type_t exec_type_t, std::uint32_t vip_offset, std::uint8_t imm_size ) const;
mutable std::uint32_t idx;
const std::uintptr_t image_base, module_base;
- const vmp2::entry_t *entry_list;
- const vmp2::file_header *file_header;
+ const vmp2::v2::entry_t *entry_list;
+ const vmp2::v2::file_header *file_header;
std::vector< vm::handler::handler_t > vm_handlers;
};
} // namespace vm
\ No newline at end of file
diff --git a/src/vmprofiler-qt.vcxproj b/src/vmprofiler-qt.vcxproj
index 69d425e..b797c36 100644
--- a/src/vmprofiler-qt.vcxproj
+++ b/src/vmprofiler-qt.vcxproj
@@ -182,10 +182,13 @@
{88a23124-5640-35a0-b890-311d7a67a7d2}
-
+
{d0b6092a-9944-4f24-9486-4b7dae372619}
+
+
+
diff --git a/src/vmprofiler-qt.vcxproj.filters b/src/vmprofiler-qt.vcxproj.filters
index 117d426..dda7c68 100644
--- a/src/vmprofiler-qt.vcxproj.filters
+++ b/src/vmprofiler-qt.vcxproj.filters
@@ -259,4 +259,9 @@
Resource Files
+
+
+ Resource Files
+
+
\ No newline at end of file
diff --git a/vmprofiler-qt.sln b/vmprofiler-qt.sln
index ca079c3..d93b0fd 100644
--- a/vmprofiler-qt.sln
+++ b/vmprofiler-qt.sln
@@ -7,7 +7,7 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vmprofiler-qt", "src\vmprof
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Zydis", "dependencies\vmprofiler\dependencies\zydis\msvc\zydis\Zydis.vcxproj", "{88A23124-5640-35A0-B890-311D7A67A7D2}"
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vmprofiler", "dependencies\vmprofiler\src\vmprofiler.vcxproj", "{D0B6092A-9944-4F24-9486-4B7DAE372619}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vmprofiler", "dependencies\vmprofiler\vmprofiler.vcxproj", "{D0B6092A-9944-4F24-9486-4B7DAE372619}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -148,50 +148,50 @@ Global
{D0B6092A-9944-4F24-9486-4B7DAE372619}.DBG|x64.ActiveCfg = DBG|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.DBG|x64.Build.0 = DBG|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.DBG|x86.ActiveCfg = DBG|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x64.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x64.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x86.Build.0 = Release|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x64.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x64.Build.0 = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x86.Build.0 = DBG|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x64.ActiveCfg = DBG|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x64.Build.0 = DBG|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x86.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x64.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x64.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x86.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x64.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x64.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x86.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x64.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x64.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x86.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x64.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x64.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x86.Build.0 = Release|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x86.Build.0 = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x64.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x64.Build.0 = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x86.Build.0 = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x64.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x64.Build.0 = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x86.Build.0 = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x64.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x64.Build.0 = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x86.Build.0 = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x64.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x64.Build.0 = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug|x86.Build.0 = DBG|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x64.ActiveCfg = Release|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x64.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x86.Build.0 = Release|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x86.Build.0 = DBG|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x64.ActiveCfg = Release|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x64.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x86.Build.0 = Release|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x86.Build.0 = DBG|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x64.ActiveCfg = Release|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x64.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x86.Build.0 = Release|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x86.Build.0 = DBG|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x64.ActiveCfg = Release|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x64.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x86.Build.0 = Release|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x86.Build.0 = DBG|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x64.ActiveCfg = Release|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x64.Build.0 = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x86.ActiveCfg = Release|x64
- {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x86.Build.0 = Release|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x86.ActiveCfg = DBG|x64
+ {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x86.Build.0 = DBG|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x64.ActiveCfg = Release|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x64.Build.0 = Release|x64
{D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x86.ActiveCfg = Release|x64