|
|
@ -204,7 +204,6 @@ void qvm_inspector::update_virtual_instructions( std::uintptr_t rtn_addr, std::u
|
|
|
|
for ( auto &vinstr : code_blk->vinstrs )
|
|
|
|
for ( auto &vinstr : code_blk->vinstrs )
|
|
|
|
{
|
|
|
|
{
|
|
|
|
const auto profile = vm::handler::get_profile( vinstr.mnemonic_t );
|
|
|
|
const auto profile = vm::handler::get_profile( vinstr.mnemonic_t );
|
|
|
|
const auto &vm_handler = g_vm_ctx->vm_handlers[ vinstr.opcode ];
|
|
|
|
|
|
|
|
auto virt_instr_entry = new QTreeWidgetItem();
|
|
|
|
auto virt_instr_entry = new QTreeWidgetItem();
|
|
|
|
|
|
|
|
|
|
|
|
// virtual instruction image base'ed rva... (column 1)...
|
|
|
|
// virtual instruction image base'ed rva... (column 1)...
|
|
|
@ -251,7 +250,7 @@ void qvm_inspector::update_virtual_instructions( std::uintptr_t rtn_addr, std::u
|
|
|
|
.arg( code_blk->jcc.block_addr[ 0 ], 0, 16 )
|
|
|
|
.arg( code_blk->jcc.block_addr[ 0 ], 0, 16 )
|
|
|
|
.arg( code_blk->jcc.block_addr[ 1 ], 0, 16 ) );
|
|
|
|
.arg( code_blk->jcc.block_addr[ 1 ], 0, 16 ) );
|
|
|
|
|
|
|
|
|
|
|
|
auto entry_rva = vm_handler.address - module_base;
|
|
|
|
auto entry_rva = g_vm_ctx->vm_handlers[ vinstr.opcode ].address - module_base;
|
|
|
|
auto branch_entry1 = new QTreeWidgetItem(), branch_entry2 = new QTreeWidgetItem();
|
|
|
|
auto branch_entry1 = new QTreeWidgetItem(), branch_entry2 = new QTreeWidgetItem();
|
|
|
|
const auto block1_addr = code_blk->jcc.block_addr[ 0 ];
|
|
|
|
const auto block1_addr = code_blk->jcc.block_addr[ 0 ];
|
|
|
|
const auto block2_addr = code_blk->jcc.block_addr[ 1 ];
|
|
|
|
const auto block2_addr = code_blk->jcc.block_addr[ 1 ];
|
|
|
@ -273,13 +272,24 @@ void qvm_inspector::update_virtual_instructions( std::uintptr_t rtn_addr, std::u
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
update_virtual_instructions( rtn_addr, code_blk->jcc.block_addr[ 0 ], branch_entry1 );
|
|
|
|
update_virtual_instructions( rtn_addr, code_blk->jcc.block_addr[ 0 ], branch_entry1 );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ( g_vm_ctx )
|
|
|
|
|
|
|
|
delete g_vm_ctx;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ( !( g_vm_ctx = new vm::ctx_t( module_base, img_base, img_size, entry_rva ) )->init() )
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
dbg_print( QString( "> failed to init vm::ctx_t for jmp at = %1..." )
|
|
|
|
|
|
|
|
.arg( QString::number( code_blk->vip_begin, 16 ) ) );
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
update_virtual_instructions( rtn_addr, code_blk->jcc.block_addr[ 1 ], branch_entry2 );
|
|
|
|
update_virtual_instructions( rtn_addr, code_blk->jcc.block_addr[ 1 ], branch_entry2 );
|
|
|
|
virt_instr_entry->addChildren( { branch_entry1, branch_entry2 } );
|
|
|
|
virt_instr_entry->addChildren( { branch_entry1, branch_entry2 } );
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
case vm::instrs::jcc_type::absolute:
|
|
|
|
case vm::instrs::jcc_type::absolute:
|
|
|
|
{
|
|
|
|
{
|
|
|
|
auto entry_rva = vm_handler.address - module_base;
|
|
|
|
auto entry_rva = g_vm_ctx->vm_handlers[ vinstr.opcode ].address - module_base;
|
|
|
|
virt_instr_entry->setText( 3, QString( "; { 0x%1 }" ).arg( code_blk->jcc.block_addr[ 0 ], 0, 16 ) );
|
|
|
|
virt_instr_entry->setText( 3, QString( "; { 0x%1 }" ).arg( code_blk->jcc.block_addr[ 0 ], 0, 16 ) );
|
|
|
|
|
|
|
|
|
|
|
|
if ( g_vm_ctx )
|
|
|
|
if ( g_vm_ctx )
|
|
|
@ -292,7 +302,37 @@ void qvm_inspector::update_virtual_instructions( std::uintptr_t rtn_addr, std::u
|
|
|
|
return;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
update_virtual_instructions( rtn_addr, code_blk->jcc.block_addr[ 0 ], parent );
|
|
|
|
auto branch_entry1 = new QTreeWidgetItem();
|
|
|
|
|
|
|
|
branch_entry1->setText( 0, QString( "0x%1" ).arg( code_blk->jcc.block_addr[ 0 ], 0, 16 ) );
|
|
|
|
|
|
|
|
branch_entry1->setText( 3, QString( "; blk_0x%1" ).arg( code_blk->jcc.block_addr[ 0 ], 0, 16 ) );
|
|
|
|
|
|
|
|
update_virtual_instructions( rtn_addr, code_blk->jcc.block_addr[ 0 ], branch_entry1 );
|
|
|
|
|
|
|
|
virt_instr_entry->addChild( branch_entry1 );
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
case vm::instrs::jcc_type::switch_case:
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
auto entry_rva = g_vm_ctx->vm_handlers[ vinstr.opcode ].address - module_base;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ( g_vm_ctx )
|
|
|
|
|
|
|
|
delete g_vm_ctx;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ( !( g_vm_ctx = new vm::ctx_t( module_base, img_base, img_size, entry_rva ) )->init() )
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
dbg_print( QString( "> failed to init vm::ctx_t for jmp at = %1..." )
|
|
|
|
|
|
|
|
.arg( QString::number( code_blk->vip_begin, 16 ) ) );
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for ( auto branch_addr : code_blk->jcc.block_addr )
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
virt_instr_entry->setText( 3, QString( "; switch case" ) );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
auto branch_entry = new QTreeWidgetItem();
|
|
|
|
|
|
|
|
branch_entry->setText( 0, QString( "0x%1" ).arg( branch_addr, 0, 16 ) );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
update_virtual_instructions( rtn_addr, branch_addr, branch_entry );
|
|
|
|
|
|
|
|
virt_instr_entry->addChild( branch_entry );
|
|
|
|
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
default:
|
|
|
|