You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
600 lines
42 KiB
600 lines
42 KiB
4 years ago
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
|
||
|
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
|
||
|
<meta name="generator" content="Doxygen 1.9.1"/>
|
||
|
<meta name="viewport" content="width=device-width, initial-scale=1"/>
|
||
|
<title>VMProfiler: vm::handler Namespace Reference</title>
|
||
|
<link href="tabs.css" rel="stylesheet" type="text/css"/>
|
||
|
<script type="text/javascript" src="jquery.js"></script>
|
||
|
<script type="text/javascript" src="dynsections.js"></script>
|
||
|
<link href="search/search.css" rel="stylesheet" type="text/css"/>
|
||
|
<script type="text/javascript" src="search/searchdata.js"></script>
|
||
|
<script type="text/javascript" src="search/search.js"></script>
|
||
|
<link href="doxygen.css" rel="stylesheet" type="text/css" />
|
||
|
</head>
|
||
|
<body>
|
||
|
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
|
||
|
<div id="titlearea">
|
||
|
<table cellspacing="0" cellpadding="0">
|
||
|
<tbody>
|
||
|
<tr style="height: 56px;">
|
||
|
<td id="projectlogo"><img alt="Logo" src="icon.png"/></td>
|
||
|
<td id="projectalign" style="padding-left: 0.5em;">
|
||
|
<div id="projectname">VMProfiler
|
||
|
 <span id="projectnumber">v1.8</span>
|
||
|
</div>
|
||
|
<div id="projectbrief">vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.</div>
|
||
|
</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
<!-- end header part -->
|
||
|
<!-- Generated by Doxygen 1.9.1 -->
|
||
|
<script type="text/javascript">
|
||
|
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
|
||
|
var searchBox = new SearchBox("searchBox", "search",false,'Search','.html');
|
||
|
/* @license-end */
|
||
|
</script>
|
||
|
<script type="text/javascript" src="menudata.js"></script>
|
||
|
<script type="text/javascript" src="menu.js"></script>
|
||
|
<script type="text/javascript">
|
||
|
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
|
||
|
$(function() {
|
||
|
initMenu('',true,false,'search.php','Search');
|
||
|
$(document).ready(function() { init_search(); });
|
||
|
});
|
||
|
/* @license-end */</script>
|
||
|
<div id="main-nav"></div>
|
||
|
<!-- window showing the filter options -->
|
||
|
<div id="MSearchSelectWindow"
|
||
|
onmouseover="return searchBox.OnSearchSelectShow()"
|
||
|
onmouseout="return searchBox.OnSearchSelectHide()"
|
||
|
onkeydown="return searchBox.OnSearchSelectKey(event)">
|
||
|
</div>
|
||
|
|
||
|
<!-- iframe showing the search results (closed by default) -->
|
||
|
<div id="MSearchResultsWindow">
|
||
|
<iframe src="javascript:void(0)" frameborder="0"
|
||
|
name="MSearchResults" id="MSearchResults">
|
||
|
</iframe>
|
||
|
</div>
|
||
|
|
||
|
<div id="nav-path" class="navpath">
|
||
|
<ul>
|
||
|
<li class="navelem"><a class="el" href="namespacevm.html">vm</a></li><li class="navelem"><a class="el" href="namespacevm_1_1handler.html">handler</a></li> </ul>
|
||
|
</div>
|
||
|
</div><!-- top -->
|
||
|
<div class="header">
|
||
|
<div class="summary">
|
||
|
<a href="#namespaces">Namespaces</a> |
|
||
|
<a href="#nested-classes">Classes</a> |
|
||
|
<a href="#typedef-members">Typedefs</a> |
|
||
|
<a href="#enum-members">Enumerations</a> |
|
||
|
<a href="#func-members">Functions</a> </div>
|
||
|
<div class="headertitle">
|
||
|
<div class="title">vm::handler Namespace Reference</div> </div>
|
||
|
</div><!--header-->
|
||
|
<div class="contents">
|
||
|
|
||
|
<p>contains all information pertaining to vm handler identification...
|
||
|
<a href="namespacevm_1_1handler.html#details">More...</a></p>
|
||
|
<table class="memberdecls">
|
||
|
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="namespaces"></a>
|
||
|
Namespaces</h2></td></tr>
|
||
|
<tr class="memitem:namespacevm_1_1handler_1_1profile"><td class="memItemLeft" align="right" valign="top">  </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1profile.html">profile</a></td></tr>
|
||
|
<tr class="memdesc:namespacevm_1_1handler_1_1profile"><td class="mdescLeft"> </td><td class="mdescRight">contains all profiles defined, as well as a vector of all of the defined profiles... <br /></td></tr>
|
||
|
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
<tr class="memitem:namespacevm_1_1handler_1_1table"><td class="memItemLeft" align="right" valign="top">  </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html">table</a></td></tr>
|
||
|
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
</table><table class="memberdecls">
|
||
|
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="nested-classes"></a>
|
||
|
Classes</h2></td></tr>
|
||
|
<tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct  </td><td class="memItemRight" valign="bottom"><a class="el" href="structvm_1_1handler_1_1handler__t.html">handler_t</a></td></tr>
|
||
|
<tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight"><a class="el" href="structvm_1_1handler_1_1handler__t.html" title="handler_t contains all the information for a vm handler such as its immidate value size (zero if ther...">handler_t</a> contains all the information for a vm handler such as its immidate value size (zero if there is no imm), the transformations applied to the imm to decrypt it (if any), a pointer to the profile (nullptr if there is none), and other meta data... <a href="structvm_1_1handler_1_1handler__t.html#details">More...</a><br /></td></tr>
|
||
|
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
<tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct  </td><td class="memItemRight" valign="bottom"><a class="el" href="structvm_1_1handler_1_1profile__t.html">profile_t</a></td></tr>
|
||
|
<tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">pre defined vm handler profile containing all compiled time known information about a vm handler... <a href="structvm_1_1handler_1_1profile__t.html#details">More...</a><br /></td></tr>
|
||
|
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
</table><table class="memberdecls">
|
||
|
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
|
||
|
Typedefs</h2></td></tr>
|
||
|
<tr class="memitem:a1016539777a69d79479f5fdf066440be"><td class="memItemLeft" align="right" valign="top">using </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#a1016539777a69d79479f5fdf066440be">zydis_callback_t</a> = std::function< bool(const <a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr) ></td></tr>
|
||
|
<tr class="memdesc:a1016539777a69d79479f5fdf066440be"><td class="mdescLeft"> </td><td class="mdescRight">zydis callback lambda used to pattern match native instructions... <a href="namespacevm_1_1handler.html#a1016539777a69d79479f5fdf066440be">More...</a><br /></td></tr>
|
||
|
<tr class="separator:a1016539777a69d79479f5fdf066440be"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
</table><table class="memberdecls">
|
||
|
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="enum-members"></a>
|
||
|
Enumerations</h2></td></tr>
|
||
|
<tr class="memitem:a83cdfb05acdea9268310c37165bd13c1"><td class="memItemLeft" align="right" valign="top">enum  </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1">mnemonic_t</a> { <br />
|
||
|
  <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a9bb151fee0df242f0a304a3785191465">INVALID</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a9ee93798eb7945788dfe63a908a3f423">LRFLAGS</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aa9f0e1b43f89c1e555a7d3577f5c7b8f">PUSHVSP</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a65232b40f75ab995af9eea0d5aee6444">MULQ</a>
|
||
|
, <br />
|
||
|
  <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a3b8d706f88294ce7a8a8b08a9f5ff394">DIVQ</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a20b781d295b3872217cec880fc659ff9">CALL</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1ad9ceecb5b5d78d7467ae3187dd3b0bd8">JMP</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aca4bfa0932d82166e9731d77d4ddd42e">VMEXIT</a>
|
||
|
, <br />
|
||
|
  <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a9c71d9caebd124594f42632b6df8c1df">LVSP</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a624092452de9f6648610ceffce32f78e">SREGQ</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1ac41895fb285b8cb4ebe33755fc9b4974">SREGDW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a918bd3d416c98957043ace785146adeb">SREGW</a>
|
||
|
, <br />
|
||
|
  <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a52308ac93a020fa701b6dee83c3d58f3">LREGQ</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1ac04ea404828638e83dee7b69ef22810f">LREGDW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a7691f0a92bb227b10a879f701b807c6c">LCONSTQ</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aa8a6a0d6b5d0cc301380df7bbdcf42b8">LCONSTBZXW</a>
|
||
|
, <br />
|
||
|
  <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aed58a3d6bbdb580c2817a128eb1ffe11">LCONSTBSXQ</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1accb986463feaa5f71f92067dc688aa93">LCONSTBSXDW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aa57a3ad6bd862f3e73785b6ac54c1591">LCONSTDWSXQ</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1adf57df5a2ccfeec8f29a0ca75bdf595b">LCONSTWSXQ</a>
|
||
|
, <br />
|
||
|
  <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a1b719f2ae2d0a537fa2965ebd8b467d7">LCONSTWSXDW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a21632363cca2c18a0bc30ddd9e718a6b">LCONSTDW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1acf151e8e073bb5fc5d0e967fe68a92b7">LCONSTW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aedc758f639062bd366e49b155618225b">READQ</a>
|
||
|
, <br />
|
||
|
  <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a483ae76aeaa24a4278793ac99f32e45b">READDW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a20f6daaede6cf418b6e3cb7a5b242a47">READW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a24fc686c7f66e479c8c1ae145bf2ba14">WRITEQ</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1af92bc6344b93fea2c0e5d1fdf8500160">WRITEDW</a>
|
||
|
, <br />
|
||
|
  <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1ae5197ebd4240e18268cdeca4371c25d5">WRITEW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aa5646e9d21720029b354bfeca29f6241">WRITEB</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a1c1d818ac0054ac2bab61885479fd10b">ADDQ</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1abb62bc05ab9e2b13eea6e0a68a9a850f">ADDDW</a>
|
||
|
, <br />
|
||
|
  <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a658535c08ac0930a31bd92dfc8b2efc6">ADDW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1ae820c14a2d48db026b12e60ef2bf55b3">SHLQ</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1ab8cddf6b4543c598ccb714551141aa81">SHLDW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1ac14306e538f382de3093cc8f3d4d95ec">SHRQ</a>
|
||
|
, <br />
|
||
|
  <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1ab36694ea7404c953f0fefdd201592d37">SHRW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1a2731b10387427c3422e7d822575bf55a">NANDQ</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1ae64f69da87f4b139ed9d2444589ef3f0">NANDDW</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1aea25395449f2b159a0b9e1547c9b7d13">NANDW</a>
|
||
|
<br />
|
||
|
}</td></tr>
|
||
|
<tr class="memdesc:a83cdfb05acdea9268310c37165bd13c1"><td class="mdescLeft"> </td><td class="mdescRight">vm handler mnemonic... so you dont need to compare strings! <a href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1">More...</a><br /></td></tr>
|
||
|
<tr class="separator:a83cdfb05acdea9268310c37165bd13c1"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
<tr class="memitem:ac79240b14c7251b5358709c130821e07"><td class="memItemLeft" align="right" valign="top">enum  </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07">extention_t</a> { <a class="el" href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07a8dffe0c4e6ca7a545daca4edac325522">none</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07acae8cc1c1114ea88d7d8affeecb19b1d">sign_extend</a>
|
||
|
, <a class="el" href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07a6ff2bd786349a5d9affb290a9c602725">zero_extend</a>
|
||
|
}</td></tr>
|
||
|
<tr class="memdesc:ac79240b14c7251b5358709c130821e07"><td class="mdescLeft"> </td><td class="mdescRight">how sign extention is handled... <a href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07">More...</a><br /></td></tr>
|
||
|
<tr class="separator:ac79240b14c7251b5358709c130821e07"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
</table><table class="memberdecls">
|
||
|
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
|
||
|
Functions</h2></td></tr>
|
||
|
<tr class="memitem:ab830e56e2b4ee32851937ae0fe1a4918"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ab830e56e2b4ee32851937ae0fe1a4918">has_imm</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &vm_handler)</td></tr>
|
||
|
<tr class="memdesc:ab830e56e2b4ee32851937ae0fe1a4918"><td class="mdescLeft"> </td><td class="mdescRight">given a vm handler returns true if the vm handler decrypts an operand... <a href="namespacevm_1_1handler.html#ab830e56e2b4ee32851937ae0fe1a4918">More...</a><br /></td></tr>
|
||
|
<tr class="separator:ab830e56e2b4ee32851937ae0fe1a4918"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
<tr class="memitem:a073cb14b6691023771ad8eada2452138"><td class="memItemLeft" align="right" valign="top">std::optional< std::uint8_t > </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#a073cb14b6691023771ad8eada2452138">imm_size</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &vm_handler)</td></tr>
|
||
|
<tr class="memdesc:a073cb14b6691023771ad8eada2452138"><td class="mdescLeft"> </td><td class="mdescRight">gets the imm size of a vm handler... <a href="namespacevm_1_1handler.html#a073cb14b6691023771ad8eada2452138">More...</a><br /></td></tr>
|
||
|
<tr class="separator:a073cb14b6691023771ad8eada2452138"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
<tr class="memitem:aa04be3f452edc65f17c38ef91fbed341"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#aa04be3f452edc65f17c38ef91fbed341">get</a> (<a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &vm_entry, <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &vm_handler, std::uintptr_t handler_addr)</td></tr>
|
||
|
<tr class="memdesc:aa04be3f452edc65f17c38ef91fbed341"><td class="mdescLeft"> </td><td class="mdescRight">gets a vm handler, puts all of the native instructions inside of the vm_handler param... <a href="namespacevm_1_1handler.html#aa04be3f452edc65f17c38ef91fbed341">More...</a><br /></td></tr>
|
||
|
<tr class="separator:aa04be3f452edc65f17c38ef91fbed341"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
<tr class="memitem:ae40eade4312e1383ae334ad2e0adacbf"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ae40eade4312e1383ae334ad2e0adacbf">get_all</a> (std::uintptr_t module_base, std::uintptr_t image_base, <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &vm_entry, std::uintptr_t *vm_handler_table, std::vector< <a class="el" href="structvm_1_1handler_1_1handler__t.html">handler_t</a> > &vm_handlers)</td></tr>
|
||
|
<tr class="memdesc:ae40eade4312e1383ae334ad2e0adacbf"><td class="mdescLeft"> </td><td class="mdescRight">get all 256 vm handlers... <a href="namespacevm_1_1handler.html#ae40eade4312e1383ae334ad2e0adacbf">More...</a><br /></td></tr>
|
||
|
<tr class="separator:ae40eade4312e1383ae334ad2e0adacbf"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
<tr class="memitem:ad63629408ca7f8b34169a38399ffcf02"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ad63629408ca7f8b34169a38399ffcf02">get_operand_transforms</a> (<a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &vm_handler, <a class="el" href="namespacevm_1_1transform.html#af3bd71c380a50beece9341287b7cc025">transform::map_t</a> &transforms)</td></tr>
|
||
|
<tr class="memdesc:ad63629408ca7f8b34169a38399ffcf02"><td class="mdescLeft"> </td><td class="mdescRight">get operand decryption instructions given a vm handler... <a href="namespacevm_1_1handler.html#ad63629408ca7f8b34169a38399ffcf02">More...</a><br /></td></tr>
|
||
|
<tr class="separator:ad63629408ca7f8b34169a38399ffcf02"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
<tr class="memitem:ad410231628efa1c4ee7fe9a8c4c7db90"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ad410231628efa1c4ee7fe9a8c4c7db90">get_profile</a> (<a class="el" href="structvm_1_1handler_1_1handler__t.html">handler_t</a> &vm_handler)</td></tr>
|
||
|
<tr class="memdesc:ad410231628efa1c4ee7fe9a8c4c7db90"><td class="mdescLeft"> </td><td class="mdescRight">get a vm handler profile given a <a class="el" href="structvm_1_1handler_1_1handler__t.html" title="handler_t contains all the information for a vm handler such as its immidate value size (zero if ther...">handler_t</a>... <a href="namespacevm_1_1handler.html#ad410231628efa1c4ee7fe9a8c4c7db90">More...</a><br /></td></tr>
|
||
|
<tr class="separator:ad410231628efa1c4ee7fe9a8c4c7db90"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
<tr class="memitem:a0ba01b3a015d7f25b83261e9183a2e40"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#a0ba01b3a015d7f25b83261e9183a2e40">get_profile</a> (<a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1">vm::handler::mnemonic_t</a> mnemonic)</td></tr>
|
||
|
<tr class="memdesc:a0ba01b3a015d7f25b83261e9183a2e40"><td class="mdescLeft"> </td><td class="mdescRight">get a vm handler profile given the mnemonic of the vm handler... <a href="namespacevm_1_1handler.html#a0ba01b3a015d7f25b83261e9183a2e40">More...</a><br /></td></tr>
|
||
|
<tr class="separator:a0ba01b3a015d7f25b83261e9183a2e40"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
<tr class="memitem:ae5e88e98b57b69a61e344e17386a06c3"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ae5e88e98b57b69a61e344e17386a06c3">get_all</a> (std::uintptr_t module_base, std::uintptr_t image_base, <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &vm_entry, std::uintptr_t *vm_handler_table, std::vector< <a class="el" href="structvm_1_1handler_1_1handler__t.html">vm::handler::handler_t</a> > &vm_handlers)</td></tr>
|
||
|
<tr class="separator:ae5e88e98b57b69a61e344e17386a06c3"><td class="memSeparator" colspan="2"> </td></tr>
|
||
|
</table>
|
||
|
<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
|
||
|
<div class="textblock"><p>contains all information pertaining to vm handler identification... </p>
|
||
|
</div><h2 class="groupheader">Typedef Documentation</h2>
|
||
|
<a id="a1016539777a69d79479f5fdf066440be"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#a1016539777a69d79479f5fdf066440be">◆ </a></span>zydis_callback_t</h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname">using <a class="el" href="namespacevm_1_1handler.html#a1016539777a69d79479f5fdf066440be">vm::handler::zydis_callback_t</a> = typedef std::function< bool( const <a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &instr ) ></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
<p>zydis callback lambda used to pattern match native instructions... </p>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
<h2 class="groupheader">Enumeration Type Documentation</h2>
|
||
|
<a id="ac79240b14c7251b5358709c130821e07"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#ac79240b14c7251b5358709c130821e07">◆ </a></span>extention_t</h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname">enum <a class="el" href="namespacevm_1_1handler.html#ac79240b14c7251b5358709c130821e07">vm::handler::extention_t</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
<p>how sign extention is handled... </p>
|
||
|
<table class="fieldtable">
|
||
|
<tr><th colspan="2">Enumerator</th></tr><tr><td class="fieldname"><a id="ac79240b14c7251b5358709c130821e07a8dffe0c4e6ca7a545daca4edac325522"></a>none </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="ac79240b14c7251b5358709c130821e07acae8cc1c1114ea88d7d8affeecb19b1d"></a>sign_extend </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="ac79240b14c7251b5358709c130821e07a6ff2bd786349a5d9affb290a9c602725"></a>zero_extend </td><td class="fielddoc"></td></tr>
|
||
|
</table>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
<a id="a83cdfb05acdea9268310c37165bd13c1"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#a83cdfb05acdea9268310c37165bd13c1">◆ </a></span>mnemonic_t</h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname">enum <a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1">vm::handler::mnemonic_t</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
<p>vm handler mnemonic... so you dont need to compare strings! </p>
|
||
|
<table class="fieldtable">
|
||
|
<tr><th colspan="2">Enumerator</th></tr><tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a9bb151fee0df242f0a304a3785191465"></a>INVALID </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a9ee93798eb7945788dfe63a908a3f423"></a>LRFLAGS </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1aa9f0e1b43f89c1e555a7d3577f5c7b8f"></a>PUSHVSP </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a65232b40f75ab995af9eea0d5aee6444"></a>MULQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a3b8d706f88294ce7a8a8b08a9f5ff394"></a>DIVQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a20b781d295b3872217cec880fc659ff9"></a>CALL </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1ad9ceecb5b5d78d7467ae3187dd3b0bd8"></a>JMP </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1aca4bfa0932d82166e9731d77d4ddd42e"></a>VMEXIT </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a9c71d9caebd124594f42632b6df8c1df"></a>LVSP </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a624092452de9f6648610ceffce32f78e"></a>SREGQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1ac41895fb285b8cb4ebe33755fc9b4974"></a>SREGDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a918bd3d416c98957043ace785146adeb"></a>SREGW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a52308ac93a020fa701b6dee83c3d58f3"></a>LREGQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1ac04ea404828638e83dee7b69ef22810f"></a>LREGDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a7691f0a92bb227b10a879f701b807c6c"></a>LCONSTQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1aa8a6a0d6b5d0cc301380df7bbdcf42b8"></a>LCONSTBZXW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1aed58a3d6bbdb580c2817a128eb1ffe11"></a>LCONSTBSXQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1accb986463feaa5f71f92067dc688aa93"></a>LCONSTBSXDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1aa57a3ad6bd862f3e73785b6ac54c1591"></a>LCONSTDWSXQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1adf57df5a2ccfeec8f29a0ca75bdf595b"></a>LCONSTWSXQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a1b719f2ae2d0a537fa2965ebd8b467d7"></a>LCONSTWSXDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a21632363cca2c18a0bc30ddd9e718a6b"></a>LCONSTDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1acf151e8e073bb5fc5d0e967fe68a92b7"></a>LCONSTW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1aedc758f639062bd366e49b155618225b"></a>READQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a483ae76aeaa24a4278793ac99f32e45b"></a>READDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a20f6daaede6cf418b6e3cb7a5b242a47"></a>READW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a24fc686c7f66e479c8c1ae145bf2ba14"></a>WRITEQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1af92bc6344b93fea2c0e5d1fdf8500160"></a>WRITEDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1ae5197ebd4240e18268cdeca4371c25d5"></a>WRITEW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1aa5646e9d21720029b354bfeca29f6241"></a>WRITEB </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a1c1d818ac0054ac2bab61885479fd10b"></a>ADDQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1abb62bc05ab9e2b13eea6e0a68a9a850f"></a>ADDDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a658535c08ac0930a31bd92dfc8b2efc6"></a>ADDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1ae820c14a2d48db026b12e60ef2bf55b3"></a>SHLQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1ab8cddf6b4543c598ccb714551141aa81"></a>SHLDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1ac14306e538f382de3093cc8f3d4d95ec"></a>SHRQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1ab36694ea7404c953f0fefdd201592d37"></a>SHRW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1a2731b10387427c3422e7d822575bf55a"></a>NANDQ </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1ae64f69da87f4b139ed9d2444589ef3f0"></a>NANDDW </td><td class="fielddoc"></td></tr>
|
||
|
<tr><td class="fieldname"><a id="a83cdfb05acdea9268310c37165bd13c1aea25395449f2b159a0b9e1547c9b7d13"></a>NANDW </td><td class="fielddoc"></td></tr>
|
||
|
</table>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
<h2 class="groupheader">Function Documentation</h2>
|
||
|
<a id="aa04be3f452edc65f17c38ef91fbed341"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#aa04be3f452edc65f17c38ef91fbed341">◆ </a></span>get()</h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname">bool vm::handler::get </td>
|
||
|
<td>(</td>
|
||
|
<td class="paramtype"><a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> & </td>
|
||
|
<td class="paramname"><em>vm_entry</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype"><a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> & </td>
|
||
|
<td class="paramname"><em>vm_handler</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype">std::uintptr_t </td>
|
||
|
<td class="paramname"><em>handler_addr</em> </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td></td>
|
||
|
<td>)</td>
|
||
|
<td></td><td></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
<p>gets a vm handler, puts all of the native instructions inside of the vm_handler param... </p>
|
||
|
<dl class="params"><dt>Parameters</dt><dd>
|
||
|
<table class="params">
|
||
|
<tr><td class="paramname">vm_entry</td><td>reference to a zydis_routine_t containing the native instructions of a vm entry...</td></tr>
|
||
|
<tr><td class="paramname">vm_handler</td><td>reference to a zydis_routine_t that will get filled with the native instructions of the vm handler...</td></tr>
|
||
|
<tr><td class="paramname">handler_addr</td><td>linear virtual address to the first instruction of the vm handler...</td></tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<dl class="section return"><dt>Returns</dt><dd>returns true if the native instructions of the vm handler was extracted...</dd></dl>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
<a id="ae40eade4312e1383ae334ad2e0adacbf"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#ae40eade4312e1383ae334ad2e0adacbf">◆ </a></span>get_all() <span class="overload">[1/2]</span></h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname">bool vm::handler::get_all </td>
|
||
|
<td>(</td>
|
||
|
<td class="paramtype">std::uintptr_t </td>
|
||
|
<td class="paramname"><em>module_base</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype">std::uintptr_t </td>
|
||
|
<td class="paramname"><em>image_base</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype"><a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> & </td>
|
||
|
<td class="paramname"><em>vm_entry</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype">std::uintptr_t * </td>
|
||
|
<td class="paramname"><em>vm_handler_table</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype">std::vector< <a class="el" href="structvm_1_1handler_1_1handler__t.html">handler_t</a> > & </td>
|
||
|
<td class="paramname"><em>vm_handlers</em> </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td></td>
|
||
|
<td>)</td>
|
||
|
<td></td><td></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
<p>get all 256 vm handlers... </p>
|
||
|
<dl class="params"><dt>Parameters</dt><dd>
|
||
|
<table class="params">
|
||
|
<tr><td class="paramname">module_base</td><td>linear virtual address of the module base...</td></tr>
|
||
|
<tr><td class="paramname">image_base</td><td>image base from optional nt header... <a href="https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_optional_header64">IMAGE_OPTIONAL_HEADER64</a>...</td></tr>
|
||
|
<tr><td class="paramname">vm_entry</td><td>zydis_routine_t containing the deobfuscated and flattened vm entry native instructions...</td></tr>
|
||
|
<tr><td class="paramname">vm_handler_table</td><td>linear virtual address to the vm handler table...</td></tr>
|
||
|
<tr><td class="paramname">vm_handlers</td><td>vector of <a class="el" href="structvm_1_1handler_1_1handler__t.html" title="handler_t contains all the information for a vm handler such as its immidate value size (zero if ther...">handler_t</a>'s that will be filled with the vm handlers...</td></tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<dl class="section return"><dt>Returns</dt><dd>returns true if all vm handlers were extracted, else false...</dd></dl>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
<a id="ae5e88e98b57b69a61e344e17386a06c3"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#ae5e88e98b57b69a61e344e17386a06c3">◆ </a></span>get_all() <span class="overload">[2/2]</span></h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname">bool vm::handler::get_all </td>
|
||
|
<td>(</td>
|
||
|
<td class="paramtype">std::uintptr_t </td>
|
||
|
<td class="paramname"><em>module_base</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype">std::uintptr_t </td>
|
||
|
<td class="paramname"><em>image_base</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype"><a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> & </td>
|
||
|
<td class="paramname"><em>vm_entry</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype">std::uintptr_t * </td>
|
||
|
<td class="paramname"><em>vm_handler_table</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype">std::vector< <a class="el" href="structvm_1_1handler_1_1handler__t.html">vm::handler::handler_t</a> > & </td>
|
||
|
<td class="paramname"><em>vm_handlers</em> </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td></td>
|
||
|
<td>)</td>
|
||
|
<td></td><td></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
<a id="ad63629408ca7f8b34169a38399ffcf02"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#ad63629408ca7f8b34169a38399ffcf02">◆ </a></span>get_operand_transforms()</h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname">bool vm::handler::get_operand_transforms </td>
|
||
|
<td>(</td>
|
||
|
<td class="paramtype"><a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> & </td>
|
||
|
<td class="paramname"><em>vm_handler</em>, </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td class="paramkey"></td>
|
||
|
<td></td>
|
||
|
<td class="paramtype"><a class="el" href="namespacevm_1_1transform.html#af3bd71c380a50beece9341287b7cc025">transform::map_t</a> & </td>
|
||
|
<td class="paramname"><em>transforms</em> </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td></td>
|
||
|
<td>)</td>
|
||
|
<td></td><td></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
<p>get operand decryption instructions given a vm handler... </p>
|
||
|
<dl class="params"><dt>Parameters</dt><dd>
|
||
|
<table class="params">
|
||
|
<tr><td class="paramname">vm_handler</td><td>reference to a zydis_routine_t containing the deobfuscated and flattened vm handler native instructions...</td></tr>
|
||
|
<tr><td class="paramname">transforms</td><td>reference to a <a class="el" href="namespacevm_1_1transform.html#af3bd71c380a50beece9341287b7cc025" title="map of transform type to zydis decoded instruction of the transform...">transform::map_t</a> that will get filled up with the transforms needed to decrypt operands...</td></tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<dl class="section return"><dt>Returns</dt><dd>returns true if the transformations were extracted successfully</dd></dl>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
<a id="ad410231628efa1c4ee7fe9a8c4c7db90"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#ad410231628efa1c4ee7fe9a8c4c7db90">◆ </a></span>get_profile() <span class="overload">[1/2]</span></h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> * vm::handler::get_profile </td>
|
||
|
<td>(</td>
|
||
|
<td class="paramtype"><a class="el" href="structvm_1_1handler_1_1handler__t.html">handler_t</a> & </td>
|
||
|
<td class="paramname"><em>vm_handler</em></td><td>)</td>
|
||
|
<td></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
<p>get a vm handler profile given a <a class="el" href="structvm_1_1handler_1_1handler__t.html" title="handler_t contains all the information for a vm handler such as its immidate value size (zero if ther...">handler_t</a>... </p>
|
||
|
<dl class="params"><dt>Parameters</dt><dd>
|
||
|
<table class="params">
|
||
|
<tr><td class="paramname">vm_handler</td><td>reference to a <a class="el" href="structvm_1_1handler_1_1handler__t.html" title="handler_t contains all the information for a vm handler such as its immidate value size (zero if ther...">handler_t</a> structure that contains all the information of a given vm handler...</td></tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<dl class="section return"><dt>Returns</dt><dd>returns a pointer to the vm profile, else a nullptr...</dd></dl>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
<a id="a0ba01b3a015d7f25b83261e9183a2e40"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#a0ba01b3a015d7f25b83261e9183a2e40">◆ </a></span>get_profile() <span class="overload">[2/2]</span></h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> * vm::handler::get_profile </td>
|
||
|
<td>(</td>
|
||
|
<td class="paramtype"><a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1">vm::handler::mnemonic_t</a> </td>
|
||
|
<td class="paramname"><em>mnemonic</em></td><td>)</td>
|
||
|
<td></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
<p>get a vm handler profile given the mnemonic of the vm handler... </p>
|
||
|
<dl class="params"><dt>Parameters</dt><dd>
|
||
|
<table class="params">
|
||
|
<tr><td class="paramname">mnemonic</td><td>mnemonic of the vm handler...</td></tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<dl class="section return"><dt>Returns</dt><dd>returns a pointer to the profile if the given menmonic is implimented, else a nullptr...</dd></dl>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
<a id="ab830e56e2b4ee32851937ae0fe1a4918"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#ab830e56e2b4ee32851937ae0fe1a4918">◆ </a></span>has_imm()</h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname">bool vm::handler::has_imm </td>
|
||
|
<td>(</td>
|
||
|
<td class="paramtype">const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> & </td>
|
||
|
<td class="paramname"><em>vm_handler</em></td><td>)</td>
|
||
|
<td></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
<p>given a vm handler returns true if the vm handler decrypts an operand... </p>
|
||
|
<dl class="params"><dt>Parameters</dt><dd>
|
||
|
<table class="params">
|
||
|
<tr><td class="paramname">vm_handler</td><td>const reference to a vm handler...</td></tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<dl class="section return"><dt>Returns</dt><dd>returns true if the vm handler decrypts an operand, else false...</dd></dl>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
<a id="a073cb14b6691023771ad8eada2452138"></a>
|
||
|
<h2 class="memtitle"><span class="permalink"><a href="#a073cb14b6691023771ad8eada2452138">◆ </a></span>imm_size()</h2>
|
||
|
|
||
|
<div class="memitem">
|
||
|
<div class="memproto">
|
||
|
<table class="memname">
|
||
|
<tr>
|
||
|
<td class="memname">std::optional< std::uint8_t > vm::handler::imm_size </td>
|
||
|
<td>(</td>
|
||
|
<td class="paramtype">const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> & </td>
|
||
|
<td class="paramname"><em>vm_handler</em></td><td>)</td>
|
||
|
<td></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</div><div class="memdoc">
|
||
|
|
||
|
<p>gets the imm size of a vm handler... </p>
|
||
|
<dl class="params"><dt>Parameters</dt><dd>
|
||
|
<table class="params">
|
||
|
<tr><td class="paramname">vm_handler</td><td>const reference to a vm handler...</td></tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<dl class="section return"><dt>Returns</dt><dd>returns the imm size, otherwise returns an empty optional value...</dd></dl>
|
||
|
|
||
|
</div>
|
||
|
</div>
|
||
|
</div><!-- contents -->
|
||
|
<!-- start footer part -->
|
||
|
<hr class="footer"/><address class="footer"><small>
|
||
|
Generated by <a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1
|
||
|
</small></address>
|
||
|
</body>
|
||
|
</html>
|