added LCONSTBSXQ

4 years ago · 145251c09a
parent ac9a2b445f
commit 145251c09a
2 changed files with 33 additions and 4 deletions
--- a/include/vmprofiler.hpp
+++ b/include/vmprofiler.hpp
@ -47,6 +47,7 @@ namespace vm

            LCONSTQ,
            LCONSTBZXW,
+            LCONSTBSXQ,
            LCONSTBSXDW,
            LCONSTDWSXQ,
            LCONSTWSXQ,
@ -128,6 +129,7 @@ namespace vm
            extern vm::handler::profile_t lconstq;
            extern vm::handler::profile_t lconstbzxw;
            extern vm::handler::profile_t lconstbsxdw;
+            extern vm::handler::profile_t lconstbsxq;
            extern vm::handler::profile_t lconstdwsxq;
            extern vm::handler::profile_t lconstwsxq;
            extern vm::handler::profile_t lconstdw;
@ -156,11 +158,11 @@ namespace vm
            extern vm::handler::profile_t vmexit;

            inline std::vector< vm::handler::profile_t * > all = {
-                &sregq,       &sregdw,     &sregw,    &lregq, &lregdw,  &lconstq, &lconstbzxw, &lconstbsxdw,
-                &lconstdwsxq, &lconstwsxq, &lconstdw, &addq,  &adddw,   &shlq,    &shldw,      &writeq,
-                &writedw,     &nandq,      &nanddw,
+                &sregq,      &sregdw,      &sregw,      &lregq,    &lregdw,  &lconstq, &lconstbzxw, &lconstbsxdw,
+                &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstdw, &addq,    &adddw,   &shlq,       &shldw,
+                &writeq,     &writedw,     &nandq,      &nanddw,

-                &shrq,        &readq,      &readdw,   &mulq,  &pushvsp, &divq,    &jmp,        &vmexit };
+                &shrq,       &readq,       &readdw,     &mulq,     &pushvsp, &divq,    &jmp,        &vmexit };
        } // namespace profile
    }     // namespace handler
 } // namespace vm
--- a/src/vmprofiles/lconst.cpp
+++ b/src/vmprofiles/lconst.cpp
@ -81,6 +81,33 @@ namespace vm
                    } } },
                vm::handler::extention_t::sign_extend };

+            vm::handler::profile_t lconstbsxq = {
+                // CDQE
+                // SUB RBP, 0x8
+                // MOV [RBP], RAX
+                "LCONSTBSXQ",
+                LCONSTBSXQ,
+                8,
+                { { // CDQE
+                    []( const zydis_decoded_instr_t &instr ) -> bool { return instr.mnemonic == ZYDIS_MNEMONIC_CDQE; },
+                    // SUB RBP, 0x8
+                    []( const zydis_decoded_instr_t &instr ) -> bool {
+                        return instr.mnemonic == ZYDIS_MNEMONIC_SUB &&
+                               instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+                               instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&
+                               instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&
+                               instr.operands[ 1 ].imm.value.u == 0x8;
+                    },
+                    // MOV [RBP], RAX
+                    []( const zydis_decoded_instr_t &instr ) -> bool {
+                        return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
+                               instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
+                               instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&
+                               instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+                               instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RAX;
+                    } } },
+                vm::handler::extention_t::sign_extend };
+
            vm::handler::profile_t lconstdwsxq = {
                // CDQE
                // SUB RBP, 8