vmp2
/
vmprofiler
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b336e0145d'
${ noResults }
vmprofiler/include/vmp2.hpp

274 lines
5.8 KiB
Raw Normal View History Unescape

added code, testing sub module to zydis...
4 years ago
#pragma once
added vm::calc_jmp::get_advancement
4 years ago
#include <transform.hpp>
cleaned the code a bunch, preparing for doxygen...
3 years ago
#include <vmhandlers.hpp>
added vmp2 file format v3
4 years ago
#define VMP_MAGIC '2PMV'
added code, testing sub module to zydis...
4 years ago
namespace vmp2
{
added clang format, its 90% ok
4 years ago
enum class exec_type_t
{
forward,
backward
};
added code, testing sub module to zydis...
4 years ago
added clang format, its 90% ok
4 years ago
enum class version_t
{
invalid,
testing out
4 years ago
v1 = 0x101,
added vmp2 file format v3
4 years ago
v2 = 0x102,
added scn.hpp/cpp for sanity checks... created .vmp2 file format v4...
3 years ago
v3 = 0x103,
v4 = 0x104
added clang format, its 90% ok
4 years ago
};
added code, testing sub module to zydis...
4 years ago
testing out
4 years ago
namespace v1
added clang format, its 90% ok
4 years ago
{
testing out
4 years ago
struct file_header
{
u32 magic; // VMP2
u64 epoch_time;
u64 module_base;
exec_type_t advancement;
version_t version;
added code, testing sub module to zydis...
4 years ago
testing out
4 years ago
u32 entry_count;
u32 entry_offset;
};
added code, testing sub module to zydis...
4 years ago
testing out
4 years ago
struct entry_t
added clang format, its 90% ok
4 years ago
{
testing out
4 years ago
u8 handler_idx;
u64 decrypt_key;
u64 vip;
union
{
struct
{
u64 r15;
u64 r14;
u64 r13;
u64 r12;
u64 r11;
u64 r10;
u64 r9;
u64 r8;
u64 rbp;
u64 rdi;
u64 rsi;
u64 rdx;
u64 rcx;
u64 rbx;
u64 rax;
u64 rflags;
};
u64 raw[ 16 ];
} regs;
union
{
u64 qword[ 0x28 ];
u8 raw[ 0x140 ];
} vregs;
union
added clang format, its 90% ok
4 years ago
{
testing out
4 years ago
u64 qword[ 0x20 ];
u8 raw[ 0x100 ];
} vsp;
};
} // namespace v1
namespace v2
{
struct file_header
added clang format, its 90% ok
4 years ago
{
testing out
4 years ago
u32 magic; // VMP2
u64 epoch_time;
version_t version;
added code, testing sub module to zydis...
4 years ago
testing out
4 years ago
u64 module_base;
u64 image_base;
u64 vm_entry_rva;
exec_type_t advancement;
u32 module_offset;
u32 module_size;
u32 entry_count;
u32 entry_offset;
};
struct entry_t
added clang format, its 90% ok
4 years ago
{
testing out
4 years ago
u8 handler_idx;
u64 decrypt_key;
u64 vip;
union
{
struct
{
u64 r15;
u64 r14;
u64 r13;
u64 r12;
u64 r11;
u64 r10;
u64 r9;
u64 r8;
u64 rbp;
u64 rdi;
u64 rsi;
u64 rdx;
u64 rcx;
u64 rbx;
u64 rax;
u64 rflags;
};
u64 raw[ 16 ];
} regs;
union
{
u64 qword[ 0x28 ];
u8 raw[ 0x140 ];
} vregs;
union
{
u64 qword[ 0x20 ];
u8 raw[ 0x100 ];
} vsp;
};
added vmp2 file format v3
4 years ago
} // namespace v2
cleaned the code a bunch, preparing for doxygen...
3 years ago
} // namespace vmp2
namespace vm
{
namespace instrs
{
struct virt_instr_t
{
vm::handler::mnemonic_t mnemonic_t;
std::uint8_t opcode; // aka vm handler idx...
// can be used to look at values on the stack...
vmp2::v2::entry_t trace_data;
struct
{
bool has_imm;
struct
{
std::uint8_t imm_size; // size in bits...
union
{
std::int64_t s;
std::uint64_t u;
};
} imm;
} operand;
};
enum class jcc_type
{
none,
branching,
added scn.hpp/cpp for sanity checks... created .vmp2 file format v4...
3 years ago
absolute,
switch_case
cleaned the code a bunch, preparing for doxygen...
3 years ago
};
struct jcc_data
{
bool has_jcc;
jcc_type type;
added scn.hpp/cpp for sanity checks... created .vmp2 file format v4...
3 years ago
std::vector< std::uintptr_t > block_addr;
cleaned the code a bunch, preparing for doxygen...
3 years ago
};
struct code_block_t
{
std::uintptr_t vip_begin;
jcc_data jcc;
std::vector< virt_instr_t > vinstrs;
};
} // namespace instrs
} // namespace vm
namespace vmp2
{
namespace v3
{
struct file_header
{
u32 magic; // VMP2
u64 epoch_time;
version_t version;
u64 module_base;
u64 image_base;
u64 vm_entry_rva;
u32 module_offset;
u32 module_size;
u32 code_block_offset;
u32 code_block_count;
};
struct code_block_t
{
std::uintptr_t vip_begin;
std::uintptr_t next_block_offset;
vm::instrs::jcc_data jcc;
// serialized from std::vector<virt_instr_t>...
std::uint32_t vinstr_count;
vm::instrs::virt_instr_t vinstr[];
};
} // namespace v3
} // namespace vmp2
added scn.hpp/cpp for sanity checks... created .vmp2 file format v4...
3 years ago
#pragma pack( push, 1 )
namespace vmp2
{
namespace v4
{
struct file_header
{
u32 magic; // VMP2
u64 epoch_time;
version_t version;
u64 module_base;
u64 image_base;
u64 vm_entry_rva;
u32 module_offset;
u32 module_size;
u32 rtn_count;
u32 rtn_offset;
};
struct code_block_t
{
std::uintptr_t vip_begin;
std::uintptr_t next_block_offset;
std::uint32_t vinstr_count;
changed a few file format structures...
3 years ago
bool has_jcc;
vm::instrs::jcc_type jcc_type;
std::uint32_t num_block_addrs;
std::uintptr_t branch_addr[ 1 ];
added scn.hpp/cpp for sanity checks... created .vmp2 file format v4...
3 years ago
vm::instrs::virt_instr_t vinstr[ 1 ];
};
struct rtn_t
{
u32 code_block_count;
vmp2::v4::code_block_t code_blocks[ 1 ];
};
} // namespace v4
#pragma pack( pop )
} // namespace vmp2