You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 lines
771 B
24 lines
771 B
3 years ago
|
#pragma once
|
||
|
#include <Zydis/Zydis.h>
|
||
|
#include <nt/image.hpp>
|
||
|
#include <vmprofiler.hpp>
|
||
|
|
||
|
#define ABS_TO_IMG( addr, mod_base, img_base ) ( addr - mod_base ) + img_base
|
||
|
#define LEA_R12_SIG "\x4C\x8D\x25\x00\x00\x00\x00"
|
||
|
#define LEA_R12_MASK "xxx????"
|
||
|
|
||
|
#define PUSH_4B_IMM "\x68\x00\x00\x00\x00"
|
||
|
#define PUSH_4B_MASK "x????"
|
||
|
|
||
|
namespace vm::locate
|
||
|
{
|
||
|
struct vm_handler_table_info_t
|
||
|
{
|
||
|
std::uint32_t rva, lea_r12_rva;
|
||
|
zydis_decoded_instr_t lea_r12_instr;
|
||
|
};
|
||
|
|
||
|
std::vector< vm_handler_table_info_t > all_handler_tables( std::uintptr_t module_base );
|
||
|
std::vector< std::pair< std::uint32_t, std::uint32_t > > all_vm_enters(
|
||
|
std::uintptr_t module_base, std::vector< vm_handler_table_info_t > &vm_handler_tables );
|
||
|
} // namespace vm::locate
|