From e7e84336813bdc73e74ffd5b16f924abcfa62612 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Sun, 22 Aug 2021 22:52:41 -0700 Subject: [PATCH] beginning to change things to upper case + added some more code to update virtual routines... --- CMakeLists.txt | 1 + cmake.toml | 1 + .../framelesswindow/framelesswindow.ui | 4 +- src/main.cpp | 6 +- src/qvirt_handlers.cpp | 26 ++-- src/qvirt_handlers.h | 12 +- src/qvirt_instrs.cpp | 47 ++++--- src/qvirt_instrs.h | 17 +-- src/qvminspector.cpp | 115 ++++++++++-------- src/qvminspector.h | 40 +++--- src/qvminspector.ui | 27 +--- 11 files changed, 147 insertions(+), 149 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8835914..7d5012c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -77,6 +77,7 @@ list(APPEND vmprofiler-qt_SOURCES "src/darkstyle/mainwindow.h" "src/darkstyle/mainwindow.ui" "src/darkstyle/framelesswindow.qrc" + "src/darkstyle/framelesswindow/framelesswindow.ui" "dependencies/ia32-doc/out/ia32.hpp" ) diff --git a/cmake.toml b/cmake.toml index 248c7a5..137513e 100644 --- a/cmake.toml +++ b/cmake.toml @@ -29,6 +29,7 @@ sources = [ "src/darkstyle/**.h", "src/darkstyle/mainwindow.ui", "src/darkstyle/framelesswindow.qrc", + "src/darkstyle/framelesswindow/framelesswindow.ui", "dependencies/ia32-doc/out/ia32.hpp" ] diff --git a/src/darkstyle/framelesswindow/framelesswindow.ui b/src/darkstyle/framelesswindow/framelesswindow.ui index 4bc3f0d..2421768 100644 --- a/src/darkstyle/framelesswindow/framelesswindow.ui +++ b/src/darkstyle/framelesswindow/framelesswindow.ui @@ -6,8 +6,8 @@ 0 0 - 1737 - 1157 + 1311 + 897 diff --git a/src/main.cpp b/src/main.cpp index bb0ceab..feda939 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -14,9 +14,9 @@ int WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int QApplication app( __argc, __argv ); QApplication::setStyle( new DarkStyle ); FramelessWindow frameless_window; - const auto window = new qvminspector_t; - qvirt_instrs_t virt_instr( window ); - qvirt_handlers_t virt_handlers( window ); + const auto window = new QVMInspector; + QVirtualMachineInstructions virt_instr( window ); + QVirtualMachineHandlers virt_handlers( window ); frameless_window.setContent( window ); frameless_window.setWindowIcon( QIcon( "icon.ico" ) ); diff --git a/src/qvirt_handlers.cpp b/src/qvirt_handlers.cpp index 00c412b..78b5030 100644 --- a/src/qvirt_handlers.cpp +++ b/src/qvirt_handlers.cpp @@ -1,11 +1,12 @@ #include "qvirt_handlers.h" -qvirt_handlers_t::qvirt_handlers_t( qvminspector_t *vminspector ) : vminspector( vminspector ), ui( &vminspector->ui ) +QVirtualMachineHandlers::QVirtualMachineHandlers( QVMInspector *MainWindow ) + : MainWindow( MainWindow ), ui( &MainWindow->ui ) { - connect( ui->virt_handlers_tree, &QTreeWidget::itemSelectionChanged, this, &qvirt_handlers_t::on_select ); + connect( ui->virt_handlers_tree, &QTreeWidget::itemSelectionChanged, this, &QVirtualMachineHandlers::OnSelect ); } -void qvirt_handlers_t::update_transforms( vm::handler::handler_t &vm_handler ) +void QVirtualMachineHandlers::UpdateTransforms( vm::handler::handler_t &vm_handler ) { char buffer[ 256 ]; ZydisFormatter formatter; @@ -19,7 +20,7 @@ void qvirt_handlers_t::update_transforms( vm::handler::handler_t &vm_handler ) if ( transform_type == vm::transform::type::generic0 && transform_instr.mnemonic == ZYDIS_MNEMONIC_INVALID ) continue; - auto new_transform_entry = new qtree_widget_item_t(); + auto new_transform_entry = new QTreeWidgetItem(); switch ( transform_type ) { @@ -52,7 +53,7 @@ void qvirt_handlers_t::update_transforms( vm::handler::handler_t &vm_handler ) } } -void qvirt_handlers_t::update_instrs( vm::handler::handler_t &vm_handler ) +void QVirtualMachineHandlers::UpdateInstrs( vm::handler::handler_t &vm_handler ) { char buffer[ 256 ]; ZydisFormatter formatter; @@ -64,19 +65,18 @@ void qvirt_handlers_t::update_instrs( vm::handler::handler_t &vm_handler ) // display vm handler instructions... for ( const auto &instr : vm_handler_instrs ) { - auto new_instr = new qtree_widget_item_t(); - new_instr->setText( - 0, qstring_t::number( ( instr.addr - vminspector->module_base ) + vminspector->image_base, 16 ) ); + auto new_instr = new QTreeWidgetItem(); + new_instr->setText( 0, QString::number( ( instr.addr - MainWindow->ModuleBase ) + MainWindow->ImgBase, 16 ) ); ZydisFormatterFormatInstruction( &formatter, &instr.instr, buffer, sizeof( buffer ), - ( instr.addr - vminspector->module_base ) + vminspector->image_base ); + ( instr.addr - MainWindow->ModuleBase ) + MainWindow->ImgBase ); new_instr->setText( 1, buffer ); ui->virt_handler_instrs_tree->addTopLevelItem( new_instr ); } } -void qvirt_handlers_t::on_select() +void QVirtualMachineHandlers::OnSelect() { if ( ui->virt_handlers_tree->selectedItems().empty() ) return; @@ -86,10 +86,10 @@ void qvirt_handlers_t::on_select() if ( !item ) return; - if ( !vminspector->vmctx ) + if ( !MainWindow->vmctx ) return; const auto handler_idx = item->data( 0, Qt::UserRole ).value< std::uint8_t >(); - update_instrs( vminspector->vmctx->vm_handlers[ handler_idx ] ); - update_transforms( vminspector->vmctx->vm_handlers[ handler_idx ] ); + UpdateInstrs( MainWindow->vmctx->vm_handlers[ handler_idx ] ); + UpdateTransforms( MainWindow->vmctx->vm_handlers[ handler_idx ] ); } \ No newline at end of file diff --git a/src/qvirt_handlers.h b/src/qvirt_handlers.h index 2022692..1270c8d 100644 --- a/src/qvirt_handlers.h +++ b/src/qvirt_handlers.h @@ -2,18 +2,18 @@ #define NOMINMAX #include "qvminspector.h" -class qvirt_handlers_t : public QObject +class QVirtualMachineHandlers : public QObject { Q_OBJECT public: - explicit qvirt_handlers_t( qvminspector_t *vminspector ); + explicit QVirtualMachineHandlers( QVMInspector *MainWindow ); private: Ui::QVMProfilerClass *ui; - qvminspector_t *vminspector; - void update_transforms( vm::handler::handler_t &vm_handler ); - void update_instrs( vm::handler::handler_t &vm_handler ); + QVMInspector *MainWindow; + void UpdateTransforms( vm::handler::handler_t &vm_handler ); + void UpdateInstrs( vm::handler::handler_t &vm_handler ); private slots: - void on_select(); + void OnSelect(); }; \ No newline at end of file diff --git a/src/qvirt_instrs.cpp b/src/qvirt_instrs.cpp index f8dbb8e..1cd493f 100644 --- a/src/qvirt_instrs.cpp +++ b/src/qvirt_instrs.cpp @@ -1,11 +1,12 @@ #include "qvirt_instrs.h" -qvirt_instrs_t::qvirt_instrs_t( qvminspector_t *vminspector ) : vminspector( vminspector ), ui( &vminspector->ui ) +QVirtualMachineInstructions::QVirtualMachineInstructions( QVMInspector *MainWindow ) + : MainWindow( MainWindow ), ui( &MainWindow->ui ) { - connect( ui->virt_instrs, &QTreeWidget::itemSelectionChanged, this, &qvirt_instrs_t::on_select ); + connect( ui->virt_instrs, &QTreeWidget::itemSelectionChanged, this, &QVirtualMachineInstructions::OnSelect ); } -void qvirt_instrs_t::on_select() +void QVirtualMachineInstructions::OnSelect() { if ( ui->virt_instrs->selectedItems().empty() ) return; @@ -20,13 +21,13 @@ void qvirt_instrs_t::on_select() if ( !virt_instr ) return; - update_native_regs( virt_instr ); - update_virtual_regs( virt_instr ); - update_virtual_stack( virt_instr ); - update_vm_handler_info( virt_instr ); + UpdateNativeRegisters( virt_instr ); + UpdateVirtualRegisters( virt_instr ); + UpdateVirtualStack( virt_instr ); + UpdateVMHandlerInfo( virt_instr ); } -void qvirt_instrs_t::update_native_regs( vm::instrs::virt_instr_t *virt_instr ) +void QVirtualMachineInstructions::UpdateNativeRegisters( vm::instrs::virt_instr_t *virt_instr ) { const auto &trace_data = virt_instr->trace_data; @@ -52,15 +53,14 @@ void qvirt_instrs_t::update_native_regs( vm::instrs::virt_instr_t *virt_instr ) ui->native_regs->topLevelItem( 16 )->child( 8 )->setText( 1, QString::number( flags.interrupt_enable_flag ) ); } -void qvirt_instrs_t::update_virtual_regs( vm::instrs::virt_instr_t *virt_instr ) +void QVirtualMachineInstructions::UpdateVirtualRegisters( vm::instrs::virt_instr_t *virt_instr ) { const auto &trace_data = virt_instr->trace_data; // set VIP in virtual registers window... ui->virt_regs->topLevelItem( 0 )->setText( - 1, - QString::number( - ( trace_data.vip - vminspector->file_header->module_base ) + vminspector->file_header->image_base, 16 ) ); + 1, QString::number( ( trace_data.vip - MainWindow->FileHeader->ModuleBase ) + MainWindow->FileHeader->ImgBase, + 16 ) ); // set VSP in virtual registers window... ui->virt_regs->topLevelItem( 1 )->setText( 1, QString::number( trace_data.regs.rbp, 16 ) ); @@ -73,38 +73,37 @@ void qvirt_instrs_t::update_virtual_regs( vm::instrs::virt_instr_t *virt_instr ) ui->virt_regs->topLevelItem( idx )->setText( 1, QString::number( trace_data.vregs.qword[ idx - 4 ], 16 ) ); } -void qvirt_instrs_t::update_virtual_stack( vm::instrs::virt_instr_t *virt_instr ) +void QVirtualMachineInstructions::UpdateVirtualStack( vm::instrs::virt_instr_t *virt_instr ) { ui->virt_stack->clear(); const auto &trace_data = virt_instr->trace_data; for ( auto idx = 0u; idx < sizeof( trace_data.vsp ) / 8; ++idx ) { - auto new_stack_entry = new qtree_widget_item_t(); - new_stack_entry->setText( 0, qstring_t::number( trace_data.regs.rbp + ( idx * 8 ), 16 ) ); - new_stack_entry->setText( 1, qstring_t::number( trace_data.vsp.qword[ idx ], 16 ) ); + auto new_stack_entry = new QTreeWidgetItem(); + new_stack_entry->setText( 0, QString::number( trace_data.regs.rbp + ( idx * 8 ), 16 ) ); + new_stack_entry->setText( 1, QString::number( trace_data.vsp.qword[ idx ], 16 ) ); ui->virt_stack->addTopLevelItem( new_stack_entry ); } } -void qvirt_instrs_t::update_vm_handler_info( vm::instrs::virt_instr_t *virt_instr ) +void QVirtualMachineInstructions::UpdateVMHandlerInfo( vm::instrs::virt_instr_t *virt_instr ) { char buffer[ 256 ]; ZydisFormatter formatter; ZydisFormatterInit( &formatter, ZYDIS_FORMATTER_STYLE_INTEL ); ui->vm_handler_instrs->clear(); - const auto &vm_handler_instrs = vminspector->vmctx->vm_handlers[ virt_instr->opcode ].instrs; + const auto &vm_handler_instrs = MainWindow->vmctx->vm_handlers[ virt_instr->opcode ].instrs; // display vm handler instructions... for ( const auto &instr : vm_handler_instrs ) { - auto new_instr = new qtree_widget_item_t(); - new_instr->setText( - 0, qstring_t::number( ( instr.addr - vminspector->module_base ) + vminspector->image_base, 16 ) ); + auto new_instr = new QTreeWidgetItem(); + new_instr->setText( 0, QString::number( ( instr.addr - MainWindow->ModuleBase ) + MainWindow->ImgBase, 16 ) ); ZydisFormatterFormatInstruction( &formatter, &instr.instr, buffer, sizeof( buffer ), - ( instr.addr - vminspector->module_base ) + vminspector->image_base ); + ( instr.addr - MainWindow->ModuleBase ) + MainWindow->ImgBase ); new_instr->setText( 1, buffer ); ui->vm_handler_instrs->addTopLevelItem( new_instr ); @@ -112,14 +111,14 @@ void qvirt_instrs_t::update_vm_handler_info( vm::instrs::virt_instr_t *virt_inst // display vm handler transformations... ui->vm_handler_transforms->clear(); - const auto &vm_handler_transforms = vminspector->vmctx->vm_handlers[ virt_instr->opcode ].transforms; + const auto &vm_handler_transforms = MainWindow->vmctx->vm_handlers[ virt_instr->opcode ].transforms; for ( auto [ transform_type, transform_instr ] : vm_handler_transforms ) { if ( transform_type == vm::transform::type::generic0 && transform_instr.mnemonic == ZYDIS_MNEMONIC_INVALID ) continue; - auto new_transform_entry = new qtree_widget_item_t(); + auto new_transform_entry = new QTreeWidgetItem(); switch ( transform_type ) { diff --git a/src/qvirt_instrs.h b/src/qvirt_instrs.h index d09326f..1e512ed 100644 --- a/src/qvirt_instrs.h +++ b/src/qvirt_instrs.h @@ -2,20 +2,21 @@ #define NOMINMAX #include "qvminspector.h" -class qvirt_instrs_t : public QObject +class QVirtualMachineInstructions : public QObject { Q_OBJECT public: - explicit qvirt_instrs_t( qvminspector_t *vminspector ); + explicit QVirtualMachineInstructions( QVMInspector *MainWindow ); private: Ui::QVMProfilerClass *ui; - qvminspector_t *vminspector; - void update_native_regs( vm::instrs::virt_instr_t *virt_instr ); - void update_virtual_regs( vm::instrs::virt_instr_t *virt_instr ); - void update_virtual_stack( vm::instrs::virt_instr_t *virt_instr ); - void update_vm_handler_info( vm::instrs::virt_instr_t *virt_instr ); + QVMInspector *MainWindow; + + void UpdateNativeRegisters( vm::instrs::virt_instr_t *virt_instr ); + void UpdateVirtualRegisters( vm::instrs::virt_instr_t *virt_instr ); + void UpdateVirtualStack( vm::instrs::virt_instr_t *virt_instr ); + void UpdateVMHandlerInfo( vm::instrs::virt_instr_t *virt_instr ); private slots: - void on_select(); + void OnSelect(); }; \ No newline at end of file diff --git a/src/qvminspector.cpp b/src/qvminspector.cpp index 78279f2..3079746 100644 --- a/src/qvminspector.cpp +++ b/src/qvminspector.cpp @@ -1,29 +1,30 @@ #include "qvminspector.h" -qvminspector_t::qvminspector_t( qwidget_t *parent ) : qmain_window_t( parent ), file_header( nullptr ), vmctx( nullptr ) +QVMInspector::QVMInspector( QWidget *parent ) : QMainWindow( parent ), FileHeader( nullptr ), vmctx( nullptr ) { ui.setupUi( this ); ui.virt_instrs->setColumnWidth( 0, 180 ); ui.virt_instrs->setColumnWidth( 1, 150 ); ui.virt_instrs->setColumnWidth( 2, 190 ); ui.virt_instrs->setColumnWidth( 3, 200 ); + ui.virtual_machine_enters->setColumnWidth( 0, 180 ); - connect( ui.action_open, &QAction::triggered, this, &qvminspector_t::on_open ); - connect( ui.action_close, &QAction::triggered, this, &qvminspector_t::on_close ); + connect( ui.action_open, &QAction::triggered, this, &QVMInspector::OnOpen ); + connect( ui.action_close, &QAction::triggered, this, &QVMInspector::OnClose ); } -void qvminspector_t::on_close() +void QVMInspector::OnClose() { exit( 0 ); } -void qvminspector_t::on_open() +void QVMInspector::OnOpen() { - if ( file_header ) - free( file_header ); + if ( FileHeader ) + free( FileHeader ); - file_header = nullptr; - image_base = 0u, vm_entry_rva = 0u, module_base = 0u; + FileHeader = nullptr; + ImgBase = 0u, ModuleBase = 0u; file_path = QFileDialog::getOpenFileName( this, tr( "open vmp2 file" ), std::filesystem::current_path().string().c_str(), tr( "vmp2 file (*.vmp2)" ) ); @@ -32,13 +33,13 @@ void qvminspector_t::on_open() if ( file_path.isEmpty() ) { - dbg_msg( "invalid vmp2 file... no file selected..." ); + DbgMsg( "invalid vmp2 file... no file selected..." ); return; } if ( !std::filesystem::exists( _file_path ) ) { - dbg_msg( "vmp2 file does not exist..." ); + DbgMsg( "vmp2 file does not exist..." ); return; } @@ -46,96 +47,112 @@ void qvminspector_t::on_open() if ( !file_size ) { - dbg_msg( "invalid vmp2 file size..." ); + DbgMsg( "invalid vmp2 file size..." ); return; } - qfile_t open_file( file_path ); - file_header = reinterpret_cast< vmp2::v4::file_header * >( malloc( file_size ) ); + QFile open_file( file_path ); + FileHeader = reinterpret_cast< vmp2::v4::FileHeader * >( malloc( file_size ) ); if ( !open_file.open( QIODevice::ReadOnly ) ) { - dbg_msg( "failed to open vmp2 file..." ); + DbgMsg( "failed to open vmp2 file..." ); return; } - memcpy( file_header, open_file.readAll().data(), file_size ); + memcpy( FileHeader, open_file.readAll().data(), file_size ); - if ( !init_data() ) + if ( !InitData() ) { - dbg_msg( "failed to init vmp2 file data..." ); + DbgMsg( "failed to init vmp2 file data..." ); return; } } -void qvminspector_t::dbg_print( qstring_t dbg_output ) +void QVMInspector::DbgPrint( QString dbg_output ) { ui.dbg_output_window->appendPlainText( dbg_output ); } -void qvminspector_t::dbg_msg( qstring_t dbg_output ) +void QVMInspector::DbgMsg( QString dbg_output ) { - qmsg_box_t msg_box; + QMessageBox msg_box; msg_box.setText( dbg_output ); msg_box.exec(); - dbg_print( dbg_output ); + DbgPrint( dbg_output ); } -bool qvminspector_t::init_data() +bool QVMInspector::InitData() { - if ( file_header->magic != VMP_MAGIC ) + if ( FileHeader->magic != VMP_MAGIC ) { - dbg_msg( "invalid magic bytes for vmp2 file..." ); + DbgMsg( "invalid magic bytes for vmp2 file..." ); return false; } - dbg_print( "valid magic bytes for vmp2 file..." ); + DbgPrint( "valid magic bytes for vmp2 file..." ); - if ( file_header->version != vmp2::version_t::v4 ) + if ( FileHeader->version != vmp2::version_t::v4 ) { - dbg_msg( "invalid vmp2 file version... " - "this vminspector is compiled for version 4...\n" ); + DbgMsg( "invalid vmp2 file version... " + "this vminspector is compiled for version 4...\n" ); return false; } - vm_entry_rva = file_header->vm_entry_rva; - image_base = file_header->image_base; - image_size = file_header->module_size; + ImgBase = FileHeader->ImgBase; + ImgSize = FileHeader->module_size; + ModuleBase = reinterpret_cast< std::uintptr_t >( FileHeader ) + FileHeader->module_offset; - module_base = reinterpret_cast< std::uintptr_t >( file_header ) + file_header->module_offset; - return true; -} - -void qvminspector_t::add_branch_children( qtree_widget_item_t *item, std::uintptr_t branch_addr ) -{ + if ( !SerializeVmp2( VirtRtns ) ) + { + DbgMsg( "failed to serialize vmp2 file format...\n" ); + return false; + } + UpdateUI(); + return true; } -void qvminspector_t::update_ui() +void QVMInspector::UpdateUI() { - + ui.virtual_machine_enters->clear(); + for ( auto &[ rtn_rva, rtn_blks ] : VirtRtns ) + { + auto new_item = new QTreeWidgetItem(); + new_item->setText( 0, QString( "rtn_%1" ).arg( rtn_rva + FileHeader->ImgBase, 0, 16 ) ); + new_item->setText( 1, QString( "%1" ).arg( rtn_rva + FileHeader->ImgBase, 0, 16 ) ); + new_item->setText( 2, QString( "%1" ).arg( rtn_blks.size() ) ); + + std::for_each( rtn_blks.begin(), rtn_blks.end(), [ & ]( vm::instrs::code_block_t &code_blk ) { + auto new_child = new QTreeWidgetItem(); + new_child->setText( 0, QString( "blk_%1" ).arg( code_blk.vip_begin, 0, 16 ) ); + new_child->setText( 1, QString( "%1" ).arg( code_blk.vip_begin, 0, 16 ) ); + new_child->setText( 2, QString( "%1" ).arg( code_blk.vinstrs.size() ) ); + new_item->addChild( new_child ); + } ); + + ui.virtual_machine_enters->addTopLevelItem( new_item ); + } } -bool qvminspector_t::serialize_vmp2( std::vector< rtn_data_t > &virt_rtns, std::vector< std::uint8_t > &vmp2file ) +bool QVMInspector::SerializeVmp2( std::vector< rtn_data_t > &VirtRtns ) { - const auto file_header = reinterpret_cast< vmp2::v4::file_header * >( vmp2file.data() ); - - if ( file_header->version != vmp2::version_t::v4 ) + if ( FileHeader->version != vmp2::version_t::v4 ) { std::printf( "[!] invalid vmp2 file version... this build uses v3...\n" ); return false; } - auto first_rtn = reinterpret_cast< vmp2::v4::rtn_t * >( reinterpret_cast< std::uintptr_t >( file_header ) + - file_header->rtn_offset ); + auto first_rtn = reinterpret_cast< vmp2::v4::rtn_t * >( reinterpret_cast< std::uintptr_t >( FileHeader ) + + FileHeader->rtn_offset ); - for ( auto [ rtn_block, rtn_idx ] = std::pair{ first_rtn, 0ull }; rtn_idx < file_header->rtn_count; + for ( auto [ rtn_block, rtn_idx ] = std::pair{ first_rtn, 0ull }; rtn_idx < FileHeader->rtn_count; ++rtn_idx, rtn_block = reinterpret_cast< vmp2::v4::rtn_t * >( reinterpret_cast< std::uintptr_t >( rtn_block ) + rtn_block->size ) ) { - virt_rtns.push_back( { rtn_block->vm_enter_offset, {} } ); + VirtRtns.push_back( { rtn_block->vm_enter_offset, {} } ); for ( auto [ code_block, block_idx ] = std::pair{ &rtn_block->code_blocks[ 0 ], 0ull }; block_idx < rtn_block->code_block_count; ++block_idx, code_block = reinterpret_cast< vmp2::v4::code_block_t * >( @@ -155,7 +172,7 @@ bool qvminspector_t::serialize_vmp2( std::vector< rtn_data_t > &virt_rtns, std:: for ( auto idx = 0u; idx < code_block->vinstr_count; ++idx ) _code_block.vinstrs.push_back( block_vinstrs[ idx ] ); - virt_rtns.back().rtn_blks.push_back( _code_block ); + VirtRtns.back().rtn_blks.push_back( _code_block ); } } diff --git a/src/qvminspector.h b/src/qvminspector.h index a3a0b3c..37625e0 100644 --- a/src/qvminspector.h +++ b/src/qvminspector.h @@ -19,43 +19,37 @@ #define ABS_TO_IMG( addr, mod_base, img_base ) ( addr - mod_base ) + img_base Q_DECLARE_METATYPE( vm::instrs::virt_instr_t * ) -using qmain_window_t = QMainWindow; -using qwidget_t = QWidget; -using qstring_t = QString; -using qfile_t = QFile; -using qtree_widget_item_t = QTreeWidgetItem; -using qmsg_box_t = QMessageBox; - struct rtn_data_t { std::uint32_t rtn_rva; std::vector< vm::instrs::code_block_t > rtn_blks; }; -class qvminspector_t : public qmain_window_t +class QVMInspector : public QMainWindow { - friend class qvirt_instrs_t; - friend class qvirt_handlers_t; + friend class QVirtualMachineInstructions; + friend class QVirtualMachineHandlers; Q_OBJECT public: - qvminspector_t( qwidget_t *parent = Q_NULLPTR ); - static bool serialize_vmp2( std::vector< rtn_data_t > &virt_rtns, std::vector< std::uint8_t > &vmp2file ); + QVMInspector( QWidget *parent = Q_NULLPTR ); private slots: - void on_open(); - void on_close(); + void OnOpen(); + void OnClose(); private: - void dbg_print( qstring_t DbgOutput ); - void dbg_msg( qstring_t DbgOutput ); - void update_ui(); - void add_branch_children( qtree_widget_item_t *item, std::uintptr_t branch_addr ); - bool init_data(); + void DbgPrint( QString DbgOutput ); + void DbgMsg( QString DbgOutput ); + void UpdateUI(); + bool SerializeVmp2( std::vector< rtn_data_t > &VirtRtns ); + bool InitData(); Ui::QVMProfilerClass ui; - qstring_t file_path; - qstring_t VMProtectedFilePath; - std::uint64_t image_base, vm_entry_rva, module_base, image_size; + QString file_path; + + std::uint64_t ImgBase, ModuleBase, ImgSize; vm::ctx_t *vmctx; - vmp2::v4::file_header *file_header; + + vmp2::v4::FileHeader *FileHeader; + std::vector< rtn_data_t > VirtRtns; }; \ No newline at end of file diff --git a/src/qvminspector.ui b/src/qvminspector.ui index a108884..ded20a2 100644 --- a/src/qvminspector.ui +++ b/src/qvminspector.ui @@ -27,7 +27,7 @@ - 1 + 2 @@ -44,8 +44,8 @@ 0 0 - 1370 - 854 + 428 + 408 @@ -414,8 +414,8 @@ 0 0 - 631 - 228 + 98 + 89 @@ -629,14 +629,9 @@ - Number Of Code Blocks + Number Of Nodes - - - - - @@ -666,11 +661,6 @@ Instruction - - - - - @@ -694,11 +684,6 @@ Instruction - - - - -