From 0edcb36da928d9b43baeb549c395436782e79802 Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Thu, 3 Jun 2021 15:35:02 -0700
Subject: [PATCH] added vmp2 file format v3

---
 include/vmp2.hpp       |  8 +++++---
 include/vmprofiler.hpp | 45 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/include/vmp2.hpp b/include/vmp2.hpp
index 0960920..82d0496 100644
--- a/include/vmp2.hpp
+++ b/include/vmp2.hpp
@@ -1,5 +1,6 @@
 #pragma once
 #include <transform.hpp>
+#define VMP_MAGIC '2PMV'
 
 namespace vmp2
 {
@@ -13,7 +14,8 @@ namespace vmp2
     {
         invalid,
         v1 = 0x101,
-        v2 = 0x102
+        v2 = 0x102,
+        v3 = 0x103
     };
 
     namespace v1
@@ -136,5 +138,5 @@ namespace vmp2
                 u8 raw[ 0x100 ];
             } vsp;
         };
-    }
-} // namespace vmp2
\ No newline at end of file
+    } // namespace v2
+}
\ No newline at end of file
diff --git a/include/vmprofiler.hpp b/include/vmprofiler.hpp
index 63a2f1c..b1a5d9a 100644
--- a/include/vmprofiler.hpp
+++ b/include/vmprofiler.hpp
@@ -181,7 +181,10 @@ namespace vm
         zydis_routine_t vm_entry, calc_jmp;
         std::vector< vm::handler::handler_t > vm_handlers;
     };
+} // namespace vm
 
+namespace vm
+{
     namespace instrs
     {
         struct virt_instr_t
@@ -224,10 +227,50 @@ namespace vm
         struct code_block_t
         {
             std::uintptr_t vip_begin;
-            std::vector< virt_instr_t > vinstrs;
             jcc_data jcc;
+            std::vector< virt_instr_t > vinstrs;
         };
+    } // namespace instrs
+} // namespace vm
+
+namespace vmp2
+{
+    namespace v3
+    {
+        struct file_header
+        {
+            u32 magic; // VMP2
+            u64 epoch_time;
+            version_t version;
 
+            u64 module_base;
+            u64 image_base;
+            u64 vm_entry_rva;
+
+            u32 module_offset;
+            u32 module_size;
+
+            u32 code_block_offset;
+            u32 code_block_count;
+        };
+
+        struct code_block_t
+        {
+            std::uintptr_t vip_begin;
+            std::uintptr_t next_block_offset;
+            vm::instrs::jcc_data jcc;
+
+            // serialized from std::vector<virt_instr_t>...
+            std::uint32_t vinstr_count;
+            vm::instrs::virt_instr_t vinstr[];
+        };
+    } // namespace v3
+} // namespace vmp2
+
+namespace vm
+{
+    namespace instrs
+    {
         // decrypt transformations for encrypted virtual instruction rva...
         bool get_rva_decrypt( const zydis_routine_t &vm_entry, std::vector< zydis_decoded_instr_t > &transform_instrs );