vmp2
/
vmprofiler
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fc46c63445'
${ noResults }
vmprofiler/src/calc_jmp.cpp

33 lines
1016 B
Raw Normal View History Unescape

changed a bunch of stuff, cleaned the source
3 years ago
#include <vmprofiler.hpp>
namespace vm
{
fixed clang-format disaster
3 years ago
namespace calc_jmp
{
bool get(const zydis_routine_t& vm_entry, zydis_routine_t& calc_jmp)
{
auto result = std::find_if(vm_entry.begin(), vm_entry.end(),
[](const zydis_instr_t& instr_data) -> bool
{
// mov/movsx/movzx rax/eax/ax/al, [rsi]
if (instr_data.instr.operand_count > 1 &&
(instr_data.instr.mnemonic == ZYDIS_MNEMONIC_MOV ||
instr_data.instr.mnemonic == ZYDIS_MNEMONIC_MOVSX ||
instr_data.instr.mnemonic == ZYDIS_MNEMONIC_MOVZX) &&
instr_data.instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
util::reg::to64(instr_data.instr.operands[0].reg.value) == ZYDIS_REGISTER_RAX &&
instr_data.instr.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr_data.instr.operands[1].mem.base == ZYDIS_REGISTER_RSI)
return true;
return false;
}
);
changed a bunch of stuff, cleaned the source
3 years ago
fixed clang-format disaster
3 years ago
if (result == vm_entry.end())
return false;
changed a bunch of stuff, cleaned the source
3 years ago
fixed clang-format disaster
3 years ago
calc_jmp.insert(calc_jmp.end(), result, vm_entry.end());
return true;
}
}
}