#include "QVirtualRoutines.h" QVirtualRoutines::QVirtualRoutines( QVMInspector *MainWindow ) : MainWindow( MainWindow ), ui( &MainWindow->ui ) { connect( ui->virtual_machine_enters, &QTreeWidget::itemSelectionChanged, this, &QVirtualRoutines::OnSelect ); } void QVirtualRoutines::UpdateVirtualMachineEnter( vm::ctx_t *g_vm_ctx ) { char buffer[ 256 ]; ZydisFormatter formatter; ZydisFormatterInit( &formatter, ZYDIS_FORMATTER_STYLE_INTEL ); ui->virtual_machine_enter_instrs->clear(); for ( auto [ instr, raw, addr ] : g_vm_ctx->vm_entry ) { ZydisFormatterFormatInstruction( &formatter, &instr, buffer, sizeof( buffer ), addr ); auto newItem = new QTreeWidgetItem(); newItem->setText( 0, QString::number( addr, 16 ) ); newItem->setText( 1, buffer ); ui->virtual_machine_enter_instrs->addTopLevelItem( newItem ); } } void QVirtualRoutines::UpdateCalcJmp( vm::ctx_t *g_vm_ctx ) { char buffer[ 256 ]; ZydisFormatter formatter; ZydisFormatterInit( &formatter, ZYDIS_FORMATTER_STYLE_INTEL ); ui->virtual_machine_enter_calc_jmp->clear(); for ( auto [ instr, raw, addr ] : g_vm_ctx->calc_jmp ) { ZydisFormatterFormatInstruction( &formatter, &instr, buffer, sizeof( buffer ), addr ); auto newItem = new QTreeWidgetItem(); newItem->setText( 0, QString::number( addr, 16 ) ); newItem->setText( 1, buffer ); ui->virtual_machine_enter_calc_jmp->addTopLevelItem( newItem ); } } void QVirtualRoutines::OnSelect() { if ( ui->virtual_machine_enters->selectedItems().empty() ) return; if ( MainWindow->g_vm_ctx ) delete MainWindow->g_vm_ctx; auto item = ui->virtual_machine_enters->selectedItems()[ 0 ]; if ( !item ) return; auto EntryRva = item->data( 0, Qt::UserRole ).value< std::uint32_t >(); MainWindow->g_vm_ctx = new vm::ctx_t( MainWindow->ModuleBase, MainWindow->ImgBase, MainWindow->ImgSize, EntryRva ); if ( !MainWindow->g_vm_ctx->init() ) { MainWindow->DbgMsg( "[!] failed to init vm::ctx_t...\n" ); return; } UpdateVirtualMachineEnter( MainWindow->g_vm_ctx ); UpdateCalcJmp( MainWindow->g_vm_ctx ); }