|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
|
|
|
<head>
|
|
|
|
|
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
|
|
|
|
|
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
|
|
|
|
|
<meta name="generator" content="Doxygen 1.9.1"/>
|
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1"/>
|
|
|
|
|
<title>VMProfiler: vm::handler::profile Namespace Reference</title>
|
|
|
|
|
<link href="tabs.css" rel="stylesheet" type="text/css"/>
|
|
|
|
|
<script type="text/javascript" src="jquery.js"></script>
|
|
|
|
|
<script type="text/javascript" src="dynsections.js"></script>
|
|
|
|
|
<link href="search/search.css" rel="stylesheet" type="text/css"/>
|
|
|
|
|
<script type="text/javascript" src="search/searchdata.js"></script>
|
|
|
|
|
<script type="text/javascript" src="search/search.js"></script>
|
|
|
|
|
<link href="doxygen.css" rel="stylesheet" type="text/css" />
|
|
|
|
|
</head>
|
|
|
|
|
<body>
|
|
|
|
|
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
|
|
|
|
|
<div id="titlearea">
|
|
|
|
|
<table cellspacing="0" cellpadding="0">
|
|
|
|
|
<tbody>
|
|
|
|
|
<tr style="height: 56px;">
|
|
|
|
|
<td id="projectlogo"><img alt="Logo" src="icon.png"/></td>
|
|
|
|
|
<td id="projectalign" style="padding-left: 0.5em;">
|
|
|
|
|
<div id="projectname">VMProfiler
|
|
|
|
|
 <span id="projectnumber">v1.8</span>
|
|
|
|
|
</div>
|
|
|
|
|
<div id="projectbrief">vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.</div>
|
|
|
|
|
</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</tbody>
|
|
|
|
|
</table>
|
|
|
|
|
</div>
|
|
|
|
|
<!-- end header part -->
|
|
|
|
|
<!-- Generated by Doxygen 1.9.1 -->
|
|
|
|
|
<script type="text/javascript">
|
|
|
|
|
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
|
|
|
|
|
var searchBox = new SearchBox("searchBox", "search",false,'Search','.html');
|
|
|
|
|
/* @license-end */
|
|
|
|
|
</script>
|
|
|
|
|
<script type="text/javascript" src="menudata.js"></script>
|
|
|
|
|
<script type="text/javascript" src="menu.js"></script>
|
|
|
|
|
<script type="text/javascript">
|
|
|
|
|
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
|
|
|
|
|
$(function() {
|
|
|
|
|
initMenu('',true,false,'search.php','Search');
|
|
|
|
|
$(document).ready(function() { init_search(); });
|
|
|
|
|
});
|
|
|
|
|
/* @license-end */</script>
|
|
|
|
|
<div id="main-nav"></div>
|
|
|
|
|
<!-- window showing the filter options -->
|
|
|
|
|
<div id="MSearchSelectWindow"
|
|
|
|
|
onmouseover="return searchBox.OnSearchSelectShow()"
|
|
|
|
|
onmouseout="return searchBox.OnSearchSelectHide()"
|
|
|
|
|
onkeydown="return searchBox.OnSearchSelectKey(event)">
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
<!-- iframe showing the search results (closed by default) -->
|
|
|
|
|
<div id="MSearchResultsWindow">
|
|
|
|
|
<iframe src="javascript:void(0)" frameborder="0"
|
|
|
|
|
name="MSearchResults" id="MSearchResults">
|
|
|
|
|
</iframe>
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
<div id="nav-path" class="navpath">
|
|
|
|
|
<ul>
|
|
|
|
|
<li class="navelem"><a class="el" href="namespacevm.html">vm</a></li><li class="navelem"><a class="el" href="namespacevm_1_1handler.html">handler</a></li><li class="navelem"><a class="el" href="namespacevm_1_1handler_1_1profile.html">profile</a></li> </ul>
|
|
|
|
|
</div>
|
|
|
|
|
</div><!-- top -->
|
|
|
|
|
<div class="header">
|
|
|
|
|
<div class="summary">
|
|
|
|
|
<a href="#var-members">Variables</a> </div>
|
|
|
|
|
<div class="headertitle">
|
|
|
|
|
<div class="title">vm::handler::profile Namespace Reference</div> </div>
|
|
|
|
|
</div><!--header-->
|
|
|
|
|
<div class="contents">
|
|
|
|
|
|
|
|
|
|
<p>contains all profiles defined, as well as a vector of all of the defined profiles...
|
|
|
|
|
<a href="namespacevm_1_1handler_1_1profile.html#details">More...</a></p>
|
|
|
|
|
<table class="memberdecls">
|
|
|
|
|
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="var-members"></a>
|
|
|
|
|
Variables</h2></td></tr>
|
|
|
|
|
<tr class="memitem:a6c5922a24f03ad5104fad36b59cdb664"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a6c5922a24f03ad5104fad36b59cdb664">sregq</a></td></tr>
|
|
|
|
|
<tr class="separator:a6c5922a24f03ad5104fad36b59cdb664"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a4918ca8880971ab57dde31168d0c52ff"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a4918ca8880971ab57dde31168d0c52ff">sregdw</a></td></tr>
|
|
|
|
|
<tr class="separator:a4918ca8880971ab57dde31168d0c52ff"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a4f55c3b0945cb86413d3c40fc08d6db7"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a4f55c3b0945cb86413d3c40fc08d6db7">sregw</a></td></tr>
|
|
|
|
|
<tr class="separator:a4f55c3b0945cb86413d3c40fc08d6db7"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a414cfdeee11134889ee43e27db751810"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a414cfdeee11134889ee43e27db751810">lregq</a></td></tr>
|
|
|
|
|
<tr class="separator:a414cfdeee11134889ee43e27db751810"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:aa4ec0ea607d5a6f1288912ce4a888443"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#aa4ec0ea607d5a6f1288912ce4a888443">lregdw</a></td></tr>
|
|
|
|
|
<tr class="separator:aa4ec0ea607d5a6f1288912ce4a888443"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a9bd4c8f24b989dd0b4d2939f80ce229a"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a9bd4c8f24b989dd0b4d2939f80ce229a">lconstq</a></td></tr>
|
|
|
|
|
<tr class="memdesc:a9bd4c8f24b989dd0b4d2939f80ce229a"><td class="mdescLeft"> </td><td class="mdescRight">mov rax, [rsi] xor rax, rbx ; transformation bswap rax ; transformation lea rsi, [rsi+8] ; advance VIP<49> rol rax, 0Ch ; transformation inc rax ; transformation xor rbx, rax ; transformation (update rolling decrypt key) sub rbp, 8 mov [rbp+0], rax <a href="namespacevm_1_1handler_1_1profile.html#a9bd4c8f24b989dd0b4d2939f80ce229a">More...</a><br /></td></tr>
|
|
|
|
|
<tr class="separator:a9bd4c8f24b989dd0b4d2939f80ce229a"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a372c4bf2fd4e6925a143d2fa4f7b1d3c"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a372c4bf2fd4e6925a143d2fa4f7b1d3c">lconstdw</a></td></tr>
|
|
|
|
|
<tr class="memdesc:a372c4bf2fd4e6925a143d2fa4f7b1d3c"><td class="mdescLeft"> </td><td class="mdescRight">mov eax, [rsi-0x04] bswap eax add eax, ebx dec eax neg eax xor eax, 0x2FFD187C push rbx add [rsp], eax pop rbx sub rbp, 0x04 mov [rbp], eax add rsi, 0xFFFFFFFFFFFFFFFC <a href="namespacevm_1_1handler_1_1profile.html#a372c4bf2fd4e6925a143d2fa4f7b1d3c">More...</a><br /></td></tr>
|
|
|
|
|
<tr class="separator:a372c4bf2fd4e6925a143d2fa4f7b1d3c"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a10a05027b8a8e7b743b4864887ae2726"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a10a05027b8a8e7b743b4864887ae2726">lconstw</a></td></tr>
|
|
|
|
|
<tr class="separator:a10a05027b8a8e7b743b4864887ae2726"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a894ae9fb4ec1e6a1a2509e8180ecae09"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a894ae9fb4ec1e6a1a2509e8180ecae09">lconstbzxw</a></td></tr>
|
|
|
|
|
<tr class="separator:a894ae9fb4ec1e6a1a2509e8180ecae09"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a9564effe8ffeb39e275721e0061d2329"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a9564effe8ffeb39e275721e0061d2329">lconstbsxdw</a></td></tr>
|
|
|
|
|
<tr class="separator:a9564effe8ffeb39e275721e0061d2329"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a3e8dd1515687cbf22241bb7b0ac9c20a"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a3e8dd1515687cbf22241bb7b0ac9c20a">lconstbsxq</a></td></tr>
|
|
|
|
|
<tr class="separator:a3e8dd1515687cbf22241bb7b0ac9c20a"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:aaeefadf94f965a133da38f0018c3a3fa"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#aaeefadf94f965a133da38f0018c3a3fa">lconstdwsxq</a></td></tr>
|
|
|
|
|
<tr class="separator:aaeefadf94f965a133da38f0018c3a3fa"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a15f60c9f437f9051a35d2f75865b8a96"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a15f60c9f437f9051a35d2f75865b8a96">lconstwsxq</a></td></tr>
|
|
|
|
|
<tr class="separator:a15f60c9f437f9051a35d2f75865b8a96"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:ae1b7c27b6a7e02e2ff12583429a50fc5"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#ae1b7c27b6a7e02e2ff12583429a50fc5">lconstwsxdw</a></td></tr>
|
|
|
|
|
<tr class="separator:ae1b7c27b6a7e02e2ff12583429a50fc5"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a6fec819ec586b0f38fd4dc9489a2faf8"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a6fec819ec586b0f38fd4dc9489a2faf8">addq</a></td></tr>
|
|
|
|
|
<tr class="memdesc:a6fec819ec586b0f38fd4dc9489a2faf8"><td class="mdescLeft"> </td><td class="mdescRight">mov rax, [rbp+0] add [rbp+8], rax pushfq pop qword ptr [rbp+0] <a href="namespacevm_1_1handler_1_1profile.html#a6fec819ec586b0f38fd4dc9489a2faf8">More...</a><br /></td></tr>
|
|
|
|
|
<tr class="separator:a6fec819ec586b0f38fd4dc9489a2faf8"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a5bf6399e884a3e41d3cb953f00d62c13"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a5bf6399e884a3e41d3cb953f00d62c13">adddw</a></td></tr>
|
|
|
|
|
<tr class="memdesc:a5bf6399e884a3e41d3cb953f00d62c13"><td class="mdescLeft"> </td><td class="mdescRight">mov ax, [rbp] sub rbp, 0x06 add [rbp+0x08], ax pushfq pop [rbp] <a href="namespacevm_1_1handler_1_1profile.html#a5bf6399e884a3e41d3cb953f00d62c13">More...</a><br /></td></tr>
|
|
|
|
|
<tr class="separator:a5bf6399e884a3e41d3cb953f00d62c13"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:ac6638f78fcb7d781db4476b11bd3c139"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#ac6638f78fcb7d781db4476b11bd3c139">addw</a></td></tr>
|
|
|
|
|
<tr class="separator:ac6638f78fcb7d781db4476b11bd3c139"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a8be3b9aa44bba9c01a0544356f4a35ad"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a8be3b9aa44bba9c01a0544356f4a35ad">shlq</a></td></tr>
|
|
|
|
|
<tr class="separator:a8be3b9aa44bba9c01a0544356f4a35ad"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a94b3e7b23ca523249a1b4149f2b221a9"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a94b3e7b23ca523249a1b4149f2b221a9">shldw</a></td></tr>
|
|
|
|
|
<tr class="separator:a94b3e7b23ca523249a1b4149f2b221a9"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a44a09dbad0ad33f4e9a3e03547befee1"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a44a09dbad0ad33f4e9a3e03547befee1">nandq</a></td></tr>
|
|
|
|
|
<tr class="separator:a44a09dbad0ad33f4e9a3e03547befee1"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a57bdbf79f0a2209d3599a6684b337d41"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a57bdbf79f0a2209d3599a6684b337d41">nanddw</a></td></tr>
|
|
|
|
|
<tr class="separator:a57bdbf79f0a2209d3599a6684b337d41"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a9c947e851b1e0829f15fb5fccb77c016"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a9c947e851b1e0829f15fb5fccb77c016">nandw</a></td></tr>
|
|
|
|
|
<tr class="separator:a9c947e851b1e0829f15fb5fccb77c016"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a64dd8aa864a3d3e6956cdb177947f739"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a64dd8aa864a3d3e6956cdb177947f739">writeq</a></td></tr>
|
|
|
|
|
<tr class="separator:a64dd8aa864a3d3e6956cdb177947f739"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a6a00ac48c8ce010f1d3d55573beb52aa"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a6a00ac48c8ce010f1d3d55573beb52aa">writedw</a></td></tr>
|
|
|
|
|
<tr class="separator:a6a00ac48c8ce010f1d3d55573beb52aa"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a1192aea2b68e7e979971a8b683819749"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a1192aea2b68e7e979971a8b683819749">writeb</a></td></tr>
|
|
|
|
|
<tr class="separator:a1192aea2b68e7e979971a8b683819749"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a6969c269658e6069415fc19924a8eff1"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a6969c269658e6069415fc19924a8eff1">readq</a></td></tr>
|
|
|
|
|
<tr class="separator:a6969c269658e6069415fc19924a8eff1"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a7dcb388eb57317a1fb30a882c1f659de"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a7dcb388eb57317a1fb30a882c1f659de">readdw</a></td></tr>
|
|
|
|
|
<tr class="separator:a7dcb388eb57317a1fb30a882c1f659de"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:ab32d8a91ff2c9e28a0e5062338d9ef14"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#ab32d8a91ff2c9e28a0e5062338d9ef14">shrq</a></td></tr>
|
|
|
|
|
<tr class="separator:ab32d8a91ff2c9e28a0e5062338d9ef14"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a53a3ad22aa1a2f0e83eeda486f447cfc"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a53a3ad22aa1a2f0e83eeda486f447cfc">shrw</a></td></tr>
|
|
|
|
|
<tr class="separator:a53a3ad22aa1a2f0e83eeda486f447cfc"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a5548b091697d700b516f23e807880d55"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a5548b091697d700b516f23e807880d55">lrflags</a></td></tr>
|
|
|
|
|
<tr class="separator:a5548b091697d700b516f23e807880d55"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a8f262e2cec2009b84e4b01c93a16d9bc"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a8f262e2cec2009b84e4b01c93a16d9bc">call</a></td></tr>
|
|
|
|
|
<tr class="memdesc:a8f262e2cec2009b84e4b01c93a16d9bc"><td class="mdescLeft"> </td><td class="mdescRight">mov rdx, [rbp] add rbp, 0x08 call rdx <a href="namespacevm_1_1handler_1_1profile.html#a8f262e2cec2009b84e4b01c93a16d9bc">More...</a><br /></td></tr>
|
|
|
|
|
<tr class="separator:a8f262e2cec2009b84e4b01c93a16d9bc"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a3d827f69b569476e699a96c16b0334f6"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a3d827f69b569476e699a96c16b0334f6">pushvsp</a></td></tr>
|
|
|
|
|
<tr class="separator:a3d827f69b569476e699a96c16b0334f6"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a570412f201d1738c4ac5ecac2dc90a2d"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a570412f201d1738c4ac5ecac2dc90a2d">mulq</a></td></tr>
|
|
|
|
|
<tr class="separator:a570412f201d1738c4ac5ecac2dc90a2d"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:af13cfd2b6021da3a4a6c49523d7ffb39"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#af13cfd2b6021da3a4a6c49523d7ffb39">divq</a></td></tr>
|
|
|
|
|
<tr class="memdesc:af13cfd2b6021da3a4a6c49523d7ffb39"><td class="mdescLeft"> </td><td class="mdescRight">mov rdx, [rbp] mov rax, [rbp+0x08] div [rbp+0x10] mov [rbp+0x08], rdx mov [rbp+0x10], rax pushfq pop [rbp] <a href="namespacevm_1_1handler_1_1profile.html#af13cfd2b6021da3a4a6c49523d7ffb39">More...</a><br /></td></tr>
|
|
|
|
|
<tr class="separator:af13cfd2b6021da3a4a6c49523d7ffb39"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a677748b24e229ec7417fa89092928fae"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a677748b24e229ec7417fa89092928fae">jmp</a></td></tr>
|
|
|
|
|
<tr class="memdesc:a677748b24e229ec7417fa89092928fae"><td class="mdescLeft"> </td><td class="mdescRight">mov esi, [rbp] add rbp, 0x08 lea r12, [0x0000000000048F29] mov rax, 0x00 ; image base bytes above 32bits... add rsi, rax mov rbx, rsi ; update decrypt key add rsi, [rbp] ; add module base address <a href="namespacevm_1_1handler_1_1profile.html#a677748b24e229ec7417fa89092928fae">More...</a><br /></td></tr>
|
|
|
|
|
<tr class="separator:a677748b24e229ec7417fa89092928fae"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a355ddd09a3e6f6978304c70d3a33aff7"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a355ddd09a3e6f6978304c70d3a33aff7">lvsp</a></td></tr>
|
|
|
|
|
<tr class="memdesc:a355ddd09a3e6f6978304c70d3a33aff7"><td class="mdescLeft"> </td><td class="mdescRight">mov rbp [rbp+0] <a href="namespacevm_1_1handler_1_1profile.html#a355ddd09a3e6f6978304c70d3a33aff7">More...</a><br /></td></tr>
|
|
|
|
|
<tr class="separator:a355ddd09a3e6f6978304c70d3a33aff7"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a6c388fd726713355c8c37cb9776c83c7"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a6c388fd726713355c8c37cb9776c83c7">vmexit</a></td></tr>
|
|
|
|
|
<tr class="separator:a6c388fd726713355c8c37cb9776c83c7"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
<tr class="memitem:a39376b2fb191d8ff1af7ef0128f715ed"><td class="memItemLeft" align="right" valign="top">std::vector< <a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> * > </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html#a39376b2fb191d8ff1af7ef0128f715ed">all</a></td></tr>
|
|
|
|
|
<tr class="memdesc:a39376b2fb191d8ff1af7ef0128f715ed"><td class="mdescLeft"> </td><td class="mdescRight">a vector of pointers to all defined vm handler profiles... <a href="namespacevm_1_1handler_1_1profile.html#a39376b2fb191d8ff1af7ef0128f715ed">More...</a><br /></td></tr>
|
|
|
|
|
<tr class="separator:a39376b2fb191d8ff1af7ef0128f715ed"><td class="memSeparator" colspan="2"> </td></tr>
|
|
|
|
|
</table>
|
|
|
|
|
<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
|
|
|
|
|
<div class="textblock"><p>contains all profiles defined, as well as a vector of all of the defined profiles... </p>
|
|
|
|
|
</div><h2 class="groupheader">Variable Documentation</h2>
|
|
|
|
|
<a id="a5bf6399e884a3e41d3cb953f00d62c13"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a5bf6399e884a3e41d3cb953f00d62c13">◆ </a></span>adddw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::adddw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"ADDDW"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1abb62bc05ab9e2b13eea6e0a68a9a850f">ADDDW</a>,</div>
|
|
|
|
|
<div class="line"> NULL,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_ADD && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.disp.value == 0x8 &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_EAX;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> { <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_PUSHFQ; },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_POP && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1abb62bc05ab9e2b13eea6e0a68a9a850f"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1abb62bc05ab9e2b13eea6e0a68a9a850f">vm::handler::ADDDW</a></div><div class="ttdeci">@ ADDDW</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:51</div></div>
|
|
|
|
|
<div class="ttc" id="avmutils_8hpp_html_ad180fbf8cef52662febedec0f54b6188"><div class="ttname"><a href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a></div><div class="ttdeci">ZydisDecodedInstruction zydis_decoded_instr_t</div><div class="ttdef"><b>Definition:</b> vmutils.hpp:18</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
<p>mov ax, [rbp] sub rbp, 0x06 add [rbp+0x08], ax pushfq pop [rbp] </p>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a6fec819ec586b0f38fd4dc9489a2faf8"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a6fec819ec586b0f38fd4dc9489a2faf8">◆ </a></span>addq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::addq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"ADDQ"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a1c1d818ac0054ac2bab61885479fd10b">ADDQ</a>,</div>
|
|
|
|
|
<div class="line"> NULL,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_ADD && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.disp.value == 0x8 &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RAX;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> { <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_PUSHFQ; },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_POP && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1a1c1d818ac0054ac2bab61885479fd10b"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a1c1d818ac0054ac2bab61885479fd10b">vm::handler::ADDQ</a></div><div class="ttdeci">@ ADDQ</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:50</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
<p>mov rax, [rbp+0] add [rbp+8], rax pushfq pop qword ptr [rbp+0] </p>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="ac6638f78fcb7d781db4476b11bd3c139"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#ac6638f78fcb7d781db4476b11bd3c139">◆ </a></span>addw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::addw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"ADDW"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a658535c08ac0930a31bd92dfc8b2efc6">ADDW</a>,</div>
|
|
|
|
|
<div class="line"> NULL,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_ADD && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.disp.value == 0x8 &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_AX;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> { <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_PUSHFQ; },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_POP && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1a658535c08ac0930a31bd92dfc8b2efc6"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a658535c08ac0930a31bd92dfc8b2efc6">vm::handler::ADDW</a></div><div class="ttdeci">@ ADDW</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:52</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a39376b2fb191d8ff1af7ef0128f715ed"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a39376b2fb191d8ff1af7ef0128f715ed">◆ </a></span>all</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="mlabels">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="mlabels-left">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname">std::vector< <a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> * > vm::handler::profile::all</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</td>
|
|
|
|
|
<td class="mlabels-right">
|
|
|
|
|
<span class="mlabels"><span class="mlabel">inline</span></span> </td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a6c5922a24f03ad5104fad36b59cdb664">sregq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a4918ca8880971ab57dde31168d0c52ff">sregdw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a4f55c3b0945cb86413d3c40fc08d6db7">sregw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a414cfdeee11134889ee43e27db751810">lregq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#aa4ec0ea607d5a6f1288912ce4a888443">lregdw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a9bd4c8f24b989dd0b4d2939f80ce229a">lconstq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a894ae9fb4ec1e6a1a2509e8180ecae09">lconstbzxw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a9564effe8ffeb39e275721e0061d2329">lconstbsxdw</a>,</div>
|
|
|
|
|
<div class="line"> &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a3e8dd1515687cbf22241bb7b0ac9c20a">lconstbsxq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#aaeefadf94f965a133da38f0018c3a3fa">lconstdwsxq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a15f60c9f437f9051a35d2f75865b8a96">lconstwsxq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#ae1b7c27b6a7e02e2ff12583429a50fc5">lconstwsxdw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a372c4bf2fd4e6925a143d2fa4f7b1d3c">lconstdw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a10a05027b8a8e7b743b4864887ae2726">lconstw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a6fec819ec586b0f38fd4dc9489a2faf8">addq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a5bf6399e884a3e41d3cb953f00d62c13">adddw</a>,</div>
|
|
|
|
|
<div class="line"> &<a class="code" href="namespacevm_1_1handler_1_1profile.html#ac6638f78fcb7d781db4476b11bd3c139">addw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a355ddd09a3e6f6978304c70d3a33aff7">lvsp</a>,</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a8be3b9aa44bba9c01a0544356f4a35ad">shlq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a94b3e7b23ca523249a1b4149f2b221a9">shldw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a64dd8aa864a3d3e6956cdb177947f739">writeq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a6a00ac48c8ce010f1d3d55573beb52aa">writedw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a1192aea2b68e7e979971a8b683819749">writeb</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a44a09dbad0ad33f4e9a3e03547befee1">nandq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a57bdbf79f0a2209d3599a6684b337d41">nanddw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a9c947e851b1e0829f15fb5fccb77c016">nandw</a>,</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> &<a class="code" href="namespacevm_1_1handler_1_1profile.html#ab32d8a91ff2c9e28a0e5062338d9ef14">shrq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a53a3ad22aa1a2f0e83eeda486f447cfc">shrw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a6969c269658e6069415fc19924a8eff1">readq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a7dcb388eb57317a1fb30a882c1f659de">readdw</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a570412f201d1738c4ac5ecac2dc90a2d">mulq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a3d827f69b569476e699a96c16b0334f6">pushvsp</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#af13cfd2b6021da3a4a6c49523d7ffb39">divq</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a677748b24e229ec7417fa89092928fae">jmp</a>,</div>
|
|
|
|
|
<div class="line"> &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a5548b091697d700b516f23e807880d55">lrflags</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a6c388fd726713355c8c37cb9776c83c7">vmexit</a>, &<a class="code" href="namespacevm_1_1handler_1_1profile.html#a8f262e2cec2009b84e4b01c93a16d9bc">call</a> }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a10a05027b8a8e7b743b4864887ae2726"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a10a05027b8a8e7b743b4864887ae2726">vm::handler::profile::lconstw</a></div><div class="ttdeci">vm::handler::profile_t lconstw</div><div class="ttdef"><b>Definition:</b> lconst.cpp:50</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a1192aea2b68e7e979971a8b683819749"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a1192aea2b68e7e979971a8b683819749">vm::handler::profile::writeb</a></div><div class="ttdeci">vm::handler::profile_t writeb</div><div class="ttdef"><b>Definition:</b> write.cpp:85</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a15f60c9f437f9051a35d2f75865b8a96"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a15f60c9f437f9051a35d2f75865b8a96">vm::handler::profile::lconstwsxq</a></div><div class="ttdeci">vm::handler::profile_t lconstwsxq</div><div class="ttdef"><b>Definition:</b> lconst.cpp:171</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a355ddd09a3e6f6978304c70d3a33aff7"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a355ddd09a3e6f6978304c70d3a33aff7">vm::handler::profile::lvsp</a></div><div class="ttdeci">vm::handler::profile_t lvsp</div><div class="ttdoc">mov rbp [rbp+0]</div><div class="ttdef"><b>Definition:</b> lvsp.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a372c4bf2fd4e6925a143d2fa4f7b1d3c"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a372c4bf2fd4e6925a143d2fa4f7b1d3c">vm::handler::profile::lconstdw</a></div><div class="ttdeci">vm::handler::profile_t lconstdw</div><div class="ttdoc">mov eax, [rsi-0x04] bswap eax add eax, ebx dec eax neg eax xor eax, 0x2FFD187C push rbx add [rsp],...</div><div class="ttdef"><b>Definition:</b> lconst.cpp:28</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a3d827f69b569476e699a96c16b0334f6"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a3d827f69b569476e699a96c16b0334f6">vm::handler::profile::pushvsp</a></div><div class="ttdeci">vm::handler::profile_t pushvsp</div><div class="ttdef"><b>Definition:</b> pushvsp.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a3e8dd1515687cbf22241bb7b0ac9c20a"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a3e8dd1515687cbf22241bb7b0ac9c20a">vm::handler::profile::lconstbsxq</a></div><div class="ttdeci">vm::handler::profile_t lconstbsxq</div><div class="ttdef"><b>Definition:</b> lconst.cpp:121</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a414cfdeee11134889ee43e27db751810"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a414cfdeee11134889ee43e27db751810">vm::handler::profile::lregq</a></div><div class="ttdeci">vm::handler::profile_t lregq</div><div class="ttdef"><b>Definition:</b> lreg.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a44a09dbad0ad33f4e9a3e03547befee1"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a44a09dbad0ad33f4e9a3e03547befee1">vm::handler::profile::nandq</a></div><div class="ttdeci">vm::handler::profile_t nandq</div><div class="ttdef"><b>Definition:</b> nand.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a4918ca8880971ab57dde31168d0c52ff"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a4918ca8880971ab57dde31168d0c52ff">vm::handler::profile::sregdw</a></div><div class="ttdeci">vm::handler::profile_t sregdw</div><div class="ttdef"><b>Definition:</b> sreg.cpp:38</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a4f55c3b0945cb86413d3c40fc08d6db7"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a4f55c3b0945cb86413d3c40fc08d6db7">vm::handler::profile::sregw</a></div><div class="ttdeci">vm::handler::profile_t sregw</div><div class="ttdef"><b>Definition:</b> sreg.cpp:72</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a53a3ad22aa1a2f0e83eeda486f447cfc"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a53a3ad22aa1a2f0e83eeda486f447cfc">vm::handler::profile::shrw</a></div><div class="ttdeci">vm::handler::profile_t shrw</div><div class="ttdef"><b>Definition:</b> shr.cpp:64</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a5548b091697d700b516f23e807880d55"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a5548b091697d700b516f23e807880d55">vm::handler::profile::lrflags</a></div><div class="ttdeci">vm::handler::profile_t lrflags</div><div class="ttdef"><b>Definition:</b> lflags.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a570412f201d1738c4ac5ecac2dc90a2d"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a570412f201d1738c4ac5ecac2dc90a2d">vm::handler::profile::mulq</a></div><div class="ttdeci">vm::handler::profile_t mulq</div><div class="ttdef"><b>Definition:</b> mul.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a57bdbf79f0a2209d3599a6684b337d41"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a57bdbf79f0a2209d3599a6684b337d41">vm::handler::profile::nanddw</a></div><div class="ttdeci">vm::handler::profile_t nanddw</div><div class="ttdef"><b>Definition:</b> nand.cpp:68</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a5bf6399e884a3e41d3cb953f00d62c13"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a5bf6399e884a3e41d3cb953f00d62c13">vm::handler::profile::adddw</a></div><div class="ttdeci">vm::handler::profile_t adddw</div><div class="ttdoc">mov ax, [rbp] sub rbp, 0x06 add [rbp+0x08], ax pushfq pop [rbp]</div><div class="ttdef"><b>Definition:</b> add.cpp:28</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a64dd8aa864a3d3e6956cdb177947f739"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a64dd8aa864a3d3e6956cdb177947f739">vm::handler::profile::writeq</a></div><div class="ttdeci">vm::handler::profile_t writeq</div><div class="ttdef"><b>Definition:</b> write.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a677748b24e229ec7417fa89092928fae"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a677748b24e229ec7417fa89092928fae">vm::handler::profile::jmp</a></div><div class="ttdeci">vm::handler::profile_t jmp</div><div class="ttdoc">mov esi, [rbp] add rbp, 0x08 lea r12, [0x0000000000048F29] mov rax, 0x00 ; image base bytes above 32b...</div><div class="ttdef"><b>Definition:</b> jmp.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a6969c269658e6069415fc19924a8eff1"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a6969c269658e6069415fc19924a8eff1">vm::handler::profile::readq</a></div><div class="ttdeci">vm::handler::profile_t readq</div><div class="ttdef"><b>Definition:</b> read.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a6a00ac48c8ce010f1d3d55573beb52aa"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a6a00ac48c8ce010f1d3d55573beb52aa">vm::handler::profile::writedw</a></div><div class="ttdeci">vm::handler::profile_t writedw</div><div class="ttdef"><b>Definition:</b> write.cpp:45</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a6c388fd726713355c8c37cb9776c83c7"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a6c388fd726713355c8c37cb9776c83c7">vm::handler::profile::vmexit</a></div><div class="ttdeci">vm::handler::profile_t vmexit</div><div class="ttdef"><b>Definition:</b> vmexit.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a6c5922a24f03ad5104fad36b59cdb664"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a6c5922a24f03ad5104fad36b59cdb664">vm::handler::profile::sregq</a></div><div class="ttdeci">vm::handler::profile_t sregq</div><div class="ttdef"><b>Definition:</b> sreg.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a6fec819ec586b0f38fd4dc9489a2faf8"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a6fec819ec586b0f38fd4dc9489a2faf8">vm::handler::profile::addq</a></div><div class="ttdeci">vm::handler::profile_t addq</div><div class="ttdoc">mov rax, [rbp+0] add [rbp+8], rax pushfq pop qword ptr [rbp+0]</div><div class="ttdef"><b>Definition:</b> add.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a7dcb388eb57317a1fb30a882c1f659de"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a7dcb388eb57317a1fb30a882c1f659de">vm::handler::profile::readdw</a></div><div class="ttdeci">vm::handler::profile_t readdw</div><div class="ttdef"><b>Definition:</b> read.cpp:27</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a894ae9fb4ec1e6a1a2509e8180ecae09"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a894ae9fb4ec1e6a1a2509e8180ecae09">vm::handler::profile::lconstbzxw</a></div><div class="ttdeci">vm::handler::profile_t lconstbzxw</div><div class="ttdef"><b>Definition:</b> lconst.cpp:72</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a8be3b9aa44bba9c01a0544356f4a35ad"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a8be3b9aa44bba9c01a0544356f4a35ad">vm::handler::profile::shlq</a></div><div class="ttdeci">vm::handler::profile_t shlq</div><div class="ttdef"><b>Definition:</b> shl.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a8f262e2cec2009b84e4b01c93a16d9bc"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a8f262e2cec2009b84e4b01c93a16d9bc">vm::handler::profile::call</a></div><div class="ttdeci">vm::handler::profile_t call</div><div class="ttdoc">mov rdx, [rbp] add rbp, 0x08 call rdx</div><div class="ttdef"><b>Definition:</b> call.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a94b3e7b23ca523249a1b4149f2b221a9"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a94b3e7b23ca523249a1b4149f2b221a9">vm::handler::profile::shldw</a></div><div class="ttdeci">vm::handler::profile_t shldw</div><div class="ttdef"><b>Definition:</b> shl.cpp:64</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a9564effe8ffeb39e275721e0061d2329"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a9564effe8ffeb39e275721e0061d2329">vm::handler::profile::lconstbsxdw</a></div><div class="ttdeci">vm::handler::profile_t lconstbsxdw</div><div class="ttdef"><b>Definition:</b> lconst.cpp:95</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a9bd4c8f24b989dd0b4d2939f80ce229a"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a9bd4c8f24b989dd0b4d2939f80ce229a">vm::handler::profile::lconstq</a></div><div class="ttdeci">vm::handler::profile_t lconstq</div><div class="ttdoc">mov rax, [rsi] xor rax, rbx ; transformation bswap rax ; transformation lea rsi, [rsi+8] ; advance VI...</div><div class="ttdef"><b>Definition:</b> lconst.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_a9c947e851b1e0829f15fb5fccb77c016"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#a9c947e851b1e0829f15fb5fccb77c016">vm::handler::profile::nandw</a></div><div class="ttdeci">vm::handler::profile_t nandw</div><div class="ttdef"><b>Definition:</b> nand.cpp:115</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_aa4ec0ea607d5a6f1288912ce4a888443"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#aa4ec0ea607d5a6f1288912ce4a888443">vm::handler::profile::lregdw</a></div><div class="ttdeci">vm::handler::profile_t lregdw</div><div class="ttdef"><b>Definition:</b> lreg.cpp:39</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_aaeefadf94f965a133da38f0018c3a3fa"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#aaeefadf94f965a133da38f0018c3a3fa">vm::handler::profile::lconstdwsxq</a></div><div class="ttdeci">vm::handler::profile_t lconstdwsxq</div><div class="ttdef"><b>Definition:</b> lconst.cpp:147</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_ab32d8a91ff2c9e28a0e5062338d9ef14"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#ab32d8a91ff2c9e28a0e5062338d9ef14">vm::handler::profile::shrq</a></div><div class="ttdeci">vm::handler::profile_t shrq</div><div class="ttdef"><b>Definition:</b> shr.cpp:5</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_ac6638f78fcb7d781db4476b11bd3c139"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#ac6638f78fcb7d781db4476b11bd3c139">vm::handler::profile::addw</a></div><div class="ttdeci">vm::handler::profile_t addw</div><div class="ttdef"><b>Definition:</b> add.cpp:51</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_ae1b7c27b6a7e02e2ff12583429a50fc5"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#ae1b7c27b6a7e02e2ff12583429a50fc5">vm::handler::profile::lconstwsxdw</a></div><div class="ttdeci">vm::handler::profile_t lconstwsxdw</div><div class="ttdef"><b>Definition:</b> lconst.cpp:197</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_1_1profile_html_af13cfd2b6021da3a4a6c49523d7ffb39"><div class="ttname"><a href="namespacevm_1_1handler_1_1profile.html#af13cfd2b6021da3a4a6c49523d7ffb39">vm::handler::profile::divq</a></div><div class="ttdeci">vm::handler::profile_t divq</div><div class="ttdoc">mov rdx, [rbp] mov rax, [rbp+0x08] div [rbp+0x10] mov [rbp+0x08], rdx mov [rbp+0x10],...</div><div class="ttdef"><b>Definition:</b> div.cpp:5</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
<p>a vector of pointers to all defined vm handler profiles... </p>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a8f262e2cec2009b84e4b01c93a16d9bc"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a8f262e2cec2009b84e4b01c93a16d9bc">◆ </a></span>call</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::call</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"CALL"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a20b781d295b3872217cec880fc659ff9">CALL</a>,</div>
|
|
|
|
|
<div class="line"> NULL,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RDX &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_ADD &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x8;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_CALL &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RDX;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1a20b781d295b3872217cec880fc659ff9"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a20b781d295b3872217cec880fc659ff9">vm::handler::CALL</a></div><div class="ttdeci">@ CALL</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:19</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
<p>mov rdx, [rbp] add rbp, 0x08 call rdx </p>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="af13cfd2b6021da3a4a6c49523d7ffb39"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#af13cfd2b6021da3a4a6c49523d7ffb39">◆ </a></span>divq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::divq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
<p>mov rdx, [rbp] mov rax, [rbp+0x08] div [rbp+0x10] mov [rbp+0x08], rdx mov [rbp+0x10], rax pushfq pop [rbp] </p>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a677748b24e229ec7417fa89092928fae"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a677748b24e229ec7417fa89092928fae">◆ </a></span>jmp</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::jmp</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
<p>mov esi, [rbp] add rbp, 0x08 lea r12, [0x0000000000048F29] mov rax, 0x00 ; image base bytes above 32bits... add rsi, rax mov rbx, rsi ; update decrypt key add rsi, [rbp] ; add module base address </p>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a9564effe8ffeb39e275721e0061d2329"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a9564effe8ffeb39e275721e0061d2329">◆ </a></span>lconstbsxdw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lconstbsxdw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LCONSTBSXDW"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1accb986463feaa5f71f92067dc688aa93">LCONSTBSXDW</a>,</div>
|
|
|
|
|
<div class="line"> 8,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> { <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_CWDE; },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_SUB &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x4;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_EAX;</div>
|
|
|
|
|
<div class="line"> } } },</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07acae8cc1c1114ea88d7d8affeecb19b1d">vm::handler::extention_t::sign_extend</a> }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1accb986463feaa5f71f92067dc688aa93"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1accb986463feaa5f71f92067dc688aa93">vm::handler::LCONSTBSXDW</a></div><div class="ttdeci">@ LCONSTBSXDW</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:34</div></div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_ac79240b14c7251b5358709c130821e07acae8cc1c1114ea88d7d8affeecb19b1d"><div class="ttname"><a href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07acae8cc1c1114ea88d7d8affeecb19b1d">vm::handler::sign_extend</a></div><div class="ttdeci">@ sign_extend</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:76</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a3e8dd1515687cbf22241bb7b0ac9c20a"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a3e8dd1515687cbf22241bb7b0ac9c20a">◆ </a></span>lconstbsxq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lconstbsxq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LCONSTBSXQ"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aed58a3d6bbdb580c2817a128eb1ffe11">LCONSTBSXQ</a>,</div>
|
|
|
|
|
<div class="line"> 8,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> { <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_CDQE; },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_SUB &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x8;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RAX;</div>
|
|
|
|
|
<div class="line"> } } },</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07acae8cc1c1114ea88d7d8affeecb19b1d">vm::handler::extention_t::sign_extend</a> }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1aed58a3d6bbdb580c2817a128eb1ffe11"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aed58a3d6bbdb580c2817a128eb1ffe11">vm::handler::LCONSTBSXQ</a></div><div class="ttdeci">@ LCONSTBSXQ</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:33</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a894ae9fb4ec1e6a1a2509e8180ecae09"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a894ae9fb4ec1e6a1a2509e8180ecae09">◆ </a></span>lconstbzxw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lconstbzxw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LCONSTBZXW"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aa8a6a0d6b5d0cc301380df7bbdcf42b8">LCONSTBZXW</a>,</div>
|
|
|
|
|
<div class="line"> 8,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_SUB &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x2;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_AX;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1aa8a6a0d6b5d0cc301380df7bbdcf42b8"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aa8a6a0d6b5d0cc301380df7bbdcf42b8">vm::handler::LCONSTBZXW</a></div><div class="ttdeci">@ LCONSTBZXW</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:32</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a372c4bf2fd4e6925a143d2fa4f7b1d3c"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a372c4bf2fd4e6925a143d2fa4f7b1d3c">◆ </a></span>lconstdw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lconstdw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LCONSTDW"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a21632363cca2c18a0bc30ddd9e718a6b">LCONSTDW</a>,</div>
|
|
|
|
|
<div class="line"> 32,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_SUB &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x4;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_EAX;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1a21632363cca2c18a0bc30ddd9e718a6b"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a21632363cca2c18a0bc30ddd9e718a6b">vm::handler::LCONSTDW</a></div><div class="ttdeci">@ LCONSTDW</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:38</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
<p>mov eax, [rsi-0x04] bswap eax add eax, ebx dec eax neg eax xor eax, 0x2FFD187C push rbx add [rsp], eax pop rbx sub rbp, 0x04 mov [rbp], eax add rsi, 0xFFFFFFFFFFFFFFFC </p>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="aaeefadf94f965a133da38f0018c3a3fa"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#aaeefadf94f965a133da38f0018c3a3fa">◆ </a></span>lconstdwsxq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lconstdwsxq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LCONSTDWSXQ"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aa57a3ad6bd862f3e73785b6ac54c1591">LCONSTDWSXQ</a>,</div>
|
|
|
|
|
<div class="line"> 32,</div>
|
|
|
|
|
<div class="line"> { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> { <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_CDQE; },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_SUB && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE && instr.operands[ 1 ].imm.value.u == 0x8;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RAX;</div>
|
|
|
|
|
<div class="line"> } },</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07acae8cc1c1114ea88d7d8affeecb19b1d">vm::handler::extention_t::sign_extend</a> }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1aa57a3ad6bd862f3e73785b6ac54c1591"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aa57a3ad6bd862f3e73785b6ac54c1591">vm::handler::LCONSTDWSXQ</a></div><div class="ttdeci">@ LCONSTDWSXQ</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:35</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a9bd4c8f24b989dd0b4d2939f80ce229a"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a9bd4c8f24b989dd0b4d2939f80ce229a">◆ </a></span>lconstq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lconstq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LCONSTQ"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a7691f0a92bb227b10a879f701b807c6c">LCONSTQ</a>,</div>
|
|
|
|
|
<div class="line"> 64,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_SUB &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x8;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RAX;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1a7691f0a92bb227b10a879f701b807c6c"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a7691f0a92bb227b10a879f701b807c6c">vm::handler::LCONSTQ</a></div><div class="ttdeci">@ LCONSTQ</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:31</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
<p>mov rax, [rsi] xor rax, rbx ; transformation bswap rax ; transformation lea rsi, [rsi+8] ; advance VIP<49> rol rax, 0Ch ; transformation inc rax ; transformation xor rbx, rax ; transformation (update rolling decrypt key) sub rbp, 8 mov [rbp+0], rax </p>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a10a05027b8a8e7b743b4864887ae2726"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a10a05027b8a8e7b743b4864887ae2726">◆ </a></span>lconstw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lconstw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LCONSTW"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1acf151e8e073bb5fc5d0e967fe68a92b7">LCONSTW</a>,</div>
|
|
|
|
|
<div class="line"> 16,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_SUB &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x2;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_AX;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1acf151e8e073bb5fc5d0e967fe68a92b7"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1acf151e8e073bb5fc5d0e967fe68a92b7">vm::handler::LCONSTW</a></div><div class="ttdeci">@ LCONSTW</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:39</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="ae1b7c27b6a7e02e2ff12583429a50fc5"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#ae1b7c27b6a7e02e2ff12583429a50fc5">◆ </a></span>lconstwsxdw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lconstwsxdw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LCONSTWSXDW"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a1b719f2ae2d0a537fa2965ebd8b467d7">LCONSTWSXDW</a>,</div>
|
|
|
|
|
<div class="line"> 16,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> { <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_CWDE; },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_SUB &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x4;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_EAX;</div>
|
|
|
|
|
<div class="line"> } } },</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07acae8cc1c1114ea88d7d8affeecb19b1d">vm::handler::extention_t::sign_extend</a> }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1a1b719f2ae2d0a537fa2965ebd8b467d7"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a1b719f2ae2d0a537fa2965ebd8b467d7">vm::handler::LCONSTWSXDW</a></div><div class="ttdeci">@ LCONSTWSXDW</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:37</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a15f60c9f437f9051a35d2f75865b8a96"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a15f60c9f437f9051a35d2f75865b8a96">◆ </a></span>lconstwsxq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lconstwsxq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LCONSTWSXQ"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1adf57df5a2ccfeec8f29a0ca75bdf595b">LCONSTWSXQ</a>,</div>
|
|
|
|
|
<div class="line"> 16,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> { <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_CDQE; },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_SUB &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x8;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RAX;</div>
|
|
|
|
|
<div class="line"> } } },</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07acae8cc1c1114ea88d7d8affeecb19b1d">vm::handler::extention_t::sign_extend</a> }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1adf57df5a2ccfeec8f29a0ca75bdf595b"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1adf57df5a2ccfeec8f29a0ca75bdf595b">vm::handler::LCONSTWSXQ</a></div><div class="ttdeci">@ LCONSTWSXQ</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:36</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="aa4ec0ea607d5a6f1288912ce4a888443"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#aa4ec0ea607d5a6f1288912ce4a888443">◆ </a></span>lregdw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lregdw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a414cfdeee11134889ee43e27db751810"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a414cfdeee11134889ee43e27db751810">◆ </a></span>lregq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lregq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a5548b091697d700b516f23e807880d55"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a5548b091697d700b516f23e807880d55">◆ </a></span>lrflags</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lrflags</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LRFLAGS"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a9ee93798eb7945788dfe63a908a3f423">LRFLAGS</a>,</div>
|
|
|
|
|
<div class="line"> NULL,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_PUSH && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_ADD &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x8;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> { <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_POPFQ; } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1a9ee93798eb7945788dfe63a908a3f423"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a9ee93798eb7945788dfe63a908a3f423">vm::handler::LRFLAGS</a></div><div class="ttdeci">@ LRFLAGS</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:15</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a355ddd09a3e6f6978304c70d3a33aff7"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a355ddd09a3e6f6978304c70d3a33aff7">◆ </a></span>lvsp</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::lvsp</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"LVSP"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a9c71d9caebd124594f42632b6df8c1df">LVSP</a>,</div>
|
|
|
|
|
<div class="line"> NULL,</div>
|
|
|
|
|
<div class="line"> { { []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1a9c71d9caebd124594f42632b6df8c1df"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a9c71d9caebd124594f42632b6df8c1df">vm::handler::LVSP</a></div><div class="ttdeci">@ LVSP</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:22</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
<p>mov rbp [rbp+0] </p>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a570412f201d1738c4ac5ecac2dc90a2d"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a570412f201d1738c4ac5ecac2dc90a2d">◆ </a></span>mulq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::mulq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a57bdbf79f0a2209d3599a6684b337d41"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a57bdbf79f0a2209d3599a6684b337d41">◆ </a></span>nanddw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::nanddw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a44a09dbad0ad33f4e9a3e03547befee1"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a44a09dbad0ad33f4e9a3e03547befee1">◆ </a></span>nandq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::nandq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a9c947e851b1e0829f15fb5fccb77c016"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a9c947e851b1e0829f15fb5fccb77c016">◆ </a></span>nandw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::nandw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a3d827f69b569476e699a96c16b0334f6"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a3d827f69b569476e699a96c16b0334f6">◆ </a></span>pushvsp</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::pushvsp</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"PUSHVSP"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aa9f0e1b43f89c1e555a7d3577f5c7b8f">PUSHVSP</a>,</div>
|
|
|
|
|
<div class="line"> NULL,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RAX &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RBP;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_SUB &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x8;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RAX;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1aa9f0e1b43f89c1e555a7d3577f5c7b8f"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aa9f0e1b43f89c1e555a7d3577f5c7b8f">vm::handler::PUSHVSP</a></div><div class="ttdeci">@ PUSHVSP</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:16</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a7dcb388eb57317a1fb30a882c1f659de"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a7dcb388eb57317a1fb30a882c1f659de">◆ </a></span>readdw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::readdw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"READDW"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a483ae76aeaa24a4278793ac99f32e45b">READDW</a>,</div>
|
|
|
|
|
<div class="line"> NULL,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_ADD &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].imm.value.u == 0x4;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_EAX &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RAX;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_EAX;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1a483ae76aeaa24a4278793ac99f32e45b"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a483ae76aeaa24a4278793ac99f32e45b">vm::handler::READDW</a></div><div class="ttdeci">@ READDW</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:42</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a6969c269658e6069415fc19924a8eff1"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a6969c269658e6069415fc19924a8eff1">◆ </a></span>readq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::readq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"READQ"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aedc758f639062bd366e49b155618225b">READQ</a>,</div>
|
|
|
|
|
<div class="line"> NULL,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RAX &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RAX;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RAX;</div>
|
|
|
|
|
<div class="line"> } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1aedc758f639062bd366e49b155618225b"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aedc758f639062bd366e49b155618225b">vm::handler::READQ</a></div><div class="ttdeci">@ READQ</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:41</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a94b3e7b23ca523249a1b4149f2b221a9"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a94b3e7b23ca523249a1b4149f2b221a9">◆ </a></span>shldw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::shldw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a8be3b9aa44bba9c01a0544356f4a35ad"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a8be3b9aa44bba9c01a0544356f4a35ad">◆ </a></span>shlq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::shlq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="ab32d8a91ff2c9e28a0e5062338d9ef14"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#ab32d8a91ff2c9e28a0e5062338d9ef14">◆ </a></span>shrq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::shrq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a53a3ad22aa1a2f0e83eeda486f447cfc"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a53a3ad22aa1a2f0e83eeda486f447cfc">◆ </a></span>shrw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::shrw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a4918ca8880971ab57dde31168d0c52ff"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a4918ca8880971ab57dde31168d0c52ff">◆ </a></span>sregdw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::sregdw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a6c5922a24f03ad5104fad36b59cdb664"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a6c5922a24f03ad5104fad36b59cdb664">◆ </a></span>sregq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::sregq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a4f55c3b0945cb86413d3c40fc08d6db7"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a4f55c3b0945cb86413d3c40fc08d6db7">◆ </a></span>sregw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::sregw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a6c388fd726713355c8c37cb9776c83c7"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a6c388fd726713355c8c37cb9776c83c7">◆ </a></span>vmexit</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::vmexit</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
<b>Initial value:</b><div class="fragment"><div class="line">= {</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> <span class="stringliteral">"VMEXIT"</span>,</div>
|
|
|
|
|
<div class="line"> <a class="code" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aca4bfa0932d82166e9731d77d4ddd42e">VMEXIT</a>,</div>
|
|
|
|
|
<div class="line"> NULL,</div>
|
|
|
|
|
<div class="line"> { { </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> {</div>
|
|
|
|
|
<div class="line"> <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_MOV &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RSP &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&</div>
|
|
|
|
|
<div class="line"> instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RBP;</div>
|
|
|
|
|
<div class="line"> },</div>
|
|
|
|
|
<div class="line"> </div>
|
|
|
|
|
<div class="line"> []( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) -> <span class="keywordtype">bool</span> { <span class="keywordflow">return</span> instr.mnemonic == ZYDIS_MNEMONIC_RET; } } } }</div>
|
|
|
|
|
<div class="ttc" id="anamespacevm_1_1handler_html_a83cdfb05acdea9268310c37165bd13c1aca4bfa0932d82166e9731d77d4ddd42e"><div class="ttname"><a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aca4bfa0932d82166e9731d77d4ddd42e">vm::handler::VMEXIT</a></div><div class="ttdeci">@ VMEXIT</div><div class="ttdef"><b>Definition:</b> vmprofiles.hpp:21</div></div>
|
|
|
|
|
</div><!-- fragment -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a1192aea2b68e7e979971a8b683819749"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a1192aea2b68e7e979971a8b683819749">◆ </a></span>writeb</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::writeb</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a6a00ac48c8ce010f1d3d55573beb52aa"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a6a00ac48c8ce010f1d3d55573beb52aa">◆ </a></span>writedw</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::writedw</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
<a id="a64dd8aa864a3d3e6956cdb177947f739"></a>
|
|
|
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a64dd8aa864a3d3e6956cdb177947f739">◆ </a></span>writeq</h2>
|
|
|
|
|
|
|
|
|
|
<div class="memitem">
|
|
|
|
|
<div class="memproto">
|
|
|
|
|
<table class="memname">
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> vm::handler::profile::writeq</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</table>
|
|
|
|
|
</div><div class="memdoc">
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
</div><!-- contents -->
|
|
|
|
|
<!-- start footer part -->
|
|
|
|
|
<hr class="footer"/><address class="footer"><small>
|
|
|
|
|
Generated by <a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1
|
|
|
|
|
</small></address>
|
|
|
|
|
</body>
|
|
|
|
|
</html>
|