added vmp2 file format v3

merge-requests/9/head
_xeroxz 4 years ago
parent eb64f5d2c2
commit 0edcb36da9

@ -1,5 +1,6 @@
#pragma once #pragma once
#include <transform.hpp> #include <transform.hpp>
#define VMP_MAGIC '2PMV'
namespace vmp2 namespace vmp2
{ {
@ -13,7 +14,8 @@ namespace vmp2
{ {
invalid, invalid,
v1 = 0x101, v1 = 0x101,
v2 = 0x102 v2 = 0x102,
v3 = 0x103
}; };
namespace v1 namespace v1
@ -136,5 +138,5 @@ namespace vmp2
u8 raw[ 0x100 ]; u8 raw[ 0x100 ];
} vsp; } vsp;
}; };
} // namespace v2
} }
} // namespace vmp2

@ -181,7 +181,10 @@ namespace vm
zydis_routine_t vm_entry, calc_jmp; zydis_routine_t vm_entry, calc_jmp;
std::vector< vm::handler::handler_t > vm_handlers; std::vector< vm::handler::handler_t > vm_handlers;
}; };
} // namespace vm
namespace vm
{
namespace instrs namespace instrs
{ {
struct virt_instr_t struct virt_instr_t
@ -224,10 +227,50 @@ namespace vm
struct code_block_t struct code_block_t
{ {
std::uintptr_t vip_begin; std::uintptr_t vip_begin;
std::vector< virt_instr_t > vinstrs;
jcc_data jcc; jcc_data jcc;
std::vector< virt_instr_t > vinstrs;
}; };
} // namespace instrs
} // namespace vm
namespace vmp2
{
namespace v3
{
struct file_header
{
u32 magic; // VMP2
u64 epoch_time;
version_t version;
u64 module_base;
u64 image_base;
u64 vm_entry_rva;
u32 module_offset;
u32 module_size;
u32 code_block_offset;
u32 code_block_count;
};
struct code_block_t
{
std::uintptr_t vip_begin;
std::uintptr_t next_block_offset;
vm::instrs::jcc_data jcc;
// serialized from std::vector<virt_instr_t>...
std::uint32_t vinstr_count;
vm::instrs::virt_instr_t vinstr[];
};
} // namespace v3
} // namespace vmp2
namespace vm
{
namespace instrs
{
// decrypt transformations for encrypted virtual instruction rva... // decrypt transformations for encrypted virtual instruction rva...
bool get_rva_decrypt( const zydis_routine_t &vm_entry, std::vector< zydis_decoded_instr_t > &transform_instrs ); bool get_rva_decrypt( const zydis_routine_t &vm_entry, std::vector< zydis_decoded_instr_t > &transform_instrs );

Loading…
Cancel
Save