From 02beb3190f96dafc7eae635fa0ead338e21cb7db Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Tue, 1 Jun 2021 23:26:48 -0700 Subject: [PATCH 1/2] changed the location of vcxproj and filters out of the src dir --- src/vmprofiler.vcxproj | 184 ---------- vmprofiler.sln | 99 +++--- vmprofiler.vcxproj | 182 ++++++++++ ...proj.filters => vmprofiler.vcxproj.filters | 316 +++++++++--------- 4 files changed, 391 insertions(+), 390 deletions(-) delete mode 100644 src/vmprofiler.vcxproj create mode 100644 vmprofiler.vcxproj rename src/vmprofiler.vcxproj.filters => vmprofiler.vcxproj.filters (50%) diff --git a/src/vmprofiler.vcxproj b/src/vmprofiler.vcxproj deleted file mode 100644 index 29a1f7d..0000000 --- a/src/vmprofiler.vcxproj +++ /dev/null @@ -1,184 +0,0 @@ - - - - - DBG - x64 - - - Release - x64 - - - - 16.0 - Win32Proj - {D0B6092A-9944-4F24-9486-4B7DAE372619} - vmprofiler - 10.0 - vmprofiler - - - - StaticLibrary - false - v142 - true - Unicode - - - StaticLibrary - false - v142 - true - Unicode - - - - - - - - - - - - - - - false - $(ProjectDir);$(ProjectDir)..\dependencies\zydis\msvc;$(ProjectDir)..\dependencies\zydis\dependencies\zycore\include;$(ProjectDir)..\include;$(ProjectDir)..\dependencies\zydis\include;$(IncludePath) - - - false - $(ProjectDir);$(ProjectDir)..\dependencies\zydis\msvc;$(ProjectDir)..\dependencies\zydis\dependencies\zycore\include;$(ProjectDir)..\include;$(ProjectDir)..\dependencies\zydis\include;$(IncludePath) - - - - Level3 - true - true - true - NDEBUG;_CONSOLE;ZYDIS_STATIC_DEFINE;%(PreprocessorDefinitions) - true - stdcpplatest - Disabled - MultiThreadedDLL - - - Console - true - true - true - $(ProjectDir)..\libs\*;%(AdditionalDependencies) - - - true - - - - - Level3 - true - true - true - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - stdcpplatest - Disabled - MultiThreadedDebugDLL - - - Console - true - true - true - $(ProjectDir)..\libs\*;%(AdditionalDependencies) - - - true - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - {88a23124-5640-35a0-b890-311d7a67a7d2} - - - - - - - - - \ No newline at end of file diff --git a/vmprofiler.sln b/vmprofiler.sln index 016b13a..c4b9ee3 100644 --- a/vmprofiler.sln +++ b/vmprofiler.sln @@ -3,12 +3,14 @@ Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio Version 16 VisualStudioVersion = 16.0.30907.101 MinimumVisualStudioVersion = 10.0.40219.1 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vmprofiler", "src\vmprofiler.vcxproj", "{D0B6092A-9944-4F24-9486-4B7DAE372619}" -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Zydis", "dependencies\zydis\msvc\zydis\Zydis.vcxproj", "{88A23124-5640-35A0-B890-311D7A67A7D2}" EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vmprofiler", "vmprofiler.vcxproj", "{D0B6092A-9944-4F24-9486-4B7DAE372619}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution + DBG|x64 = DBG|x64 + DBG|x86 = DBG|x86 Debug Kernel|x64 = Debug Kernel|x64 Debug Kernel|x86 = Debug Kernel|x86 Debug MD DLL|x64 = Debug MD DLL|x64 @@ -33,49 +35,10 @@ Global Release|x86 = Release|x86 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x86.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x86.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x86.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x86.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x86.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x86.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x86.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x86.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x86.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x86.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x86.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x86.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x86.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x86.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x86.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x86.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x86.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x86.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x86.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x86.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x64.ActiveCfg = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x64.Build.0 = Release|x64 - {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x86.ActiveCfg = Release|x64 + {88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x64.ActiveCfg = Debug MT|x64 + {88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x64.Build.0 = Debug MT|x64 + {88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x86.ActiveCfg = Debug MT|Win32 + {88A23124-5640-35A0-B890-311D7A67A7D2}.DBG|x86.Build.0 = Debug MT|Win32 {88A23124-5640-35A0-B890-311D7A67A7D2}.Debug Kernel|x64.ActiveCfg = Debug Kernel|x64 {88A23124-5640-35A0-B890-311D7A67A7D2}.Debug Kernel|x64.Build.0 = Debug Kernel|x64 {88A23124-5640-35A0-B890-311D7A67A7D2}.Debug Kernel|x64.Deploy.0 = Debug Kernel|x64 @@ -124,6 +87,52 @@ Global {88A23124-5640-35A0-B890-311D7A67A7D2}.Release|x64.Build.0 = Release MD DLL|x64 {88A23124-5640-35A0-B890-311D7A67A7D2}.Release|x86.ActiveCfg = Release MT DLL|Win32 {88A23124-5640-35A0-B890-311D7A67A7D2}.Release|x86.Build.0 = Release MT DLL|Win32 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.DBG|x64.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.DBG|x64.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.DBG|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x64.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x64.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug Kernel|x86.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x64.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x64.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD DLL|x86.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x64.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x64.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MD|x86.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x64.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x64.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT DLL|x86.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x64.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x64.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Debug MT|x86.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x64.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x64.Build.0 = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release Kernel|x86.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x64.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x64.Build.0 = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD DLL|x86.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x64.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x64.Build.0 = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MD|x86.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x64.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x64.Build.0 = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT DLL|x86.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x64.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x64.Build.0 = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x86.ActiveCfg = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release MT|x86.Build.0 = DBG|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x64.ActiveCfg = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x64.Build.0 = Release|x64 + {D0B6092A-9944-4F24-9486-4B7DAE372619}.Release|x86.ActiveCfg = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/vmprofiler.vcxproj b/vmprofiler.vcxproj new file mode 100644 index 0000000..760225c --- /dev/null +++ b/vmprofiler.vcxproj @@ -0,0 +1,182 @@ + + + + + DBG + x64 + + + Release + x64 + + + + 16.0 + Win32Proj + {D0B6092A-9944-4F24-9486-4B7DAE372619} + vmprofiler + 10.0 + vmprofiler + + + + StaticLibrary + false + v142 + true + Unicode + + + StaticLibrary + false + v142 + true + Unicode + + + + + + + + + + + + + + + false + $(ProjectDir)dependencies\zydis\msvc;$(ProjectDir)dependencies\zydis\dependencies\zycore\include;$(ProjectDir)include;$(ProjectDir)dependencies\zydis\include;$(IncludePath) + + + false + $(ProjectDir)dependencies\zydis\msvc;$(ProjectDir)dependencies\zydis\dependencies\zycore\include;$(ProjectDir)include;$(ProjectDir)dependencies\zydis\include;$(IncludePath) + + + + Level3 + true + true + true + NDEBUG;_CONSOLE;ZYDIS_STATIC_DEFINE;%(PreprocessorDefinitions) + true + stdcpplatest + Disabled + MultiThreadedDLL + + + Console + true + true + true + $(ProjectDir)..\libs\*;%(AdditionalDependencies) + + + true + + + + + Level3 + true + true + true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpplatest + Disabled + MultiThreadedDebugDLL + + + Console + true + true + true + $(ProjectDir)..\libs\*;%(AdditionalDependencies) + + + true + + + + + {88a23124-5640-35a0-b890-311d7a67a7d2} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/vmprofiler.vcxproj.filters b/vmprofiler.vcxproj.filters similarity index 50% rename from src/vmprofiler.vcxproj.filters rename to vmprofiler.vcxproj.filters index 8d3fb39..99d0148 100644 --- a/src/vmprofiler.vcxproj.filters +++ b/vmprofiler.vcxproj.filters @@ -9,236 +9,230 @@ {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd - - {b85373f1-1f33-4b4f-aadd-04432b6d62f0} + + {388154c1-cb08-493f-88fb-7e16cfffa010} - - {f57dabfd-2fe1-46a9-96d5-990cd620eda3} + + {5bb0ecc9-da37-4a13-8958-3c8eef2ceab5} - - {40b5c3d5-2a68-4f45-b655-b621ef669204} + + {89c9e25e-6ed2-4fe5-a340-d1069097b7cf} - {4dc3025a-a1f4-460d-b992-1ed53e44f2c0} + {a2348d30-59b2-4f94-b3fd-56a5ba9fdf82} - - {a4d9e340-8f8c-4606-bce8-58b86119c829} + + {ea095705-fd73-4d97-af37-9960074282fb} - - {388154c1-cb08-493f-88fb-7e16cfffa010} + + {e64d3416-311e-4d5d-8855-266011fdbcec} - - {5bb0ecc9-da37-4a13-8958-3c8eef2ceab5} + + {b4d15e7c-77b4-497f-89ea-cb7366955816} - - Source Files - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - Source Files - - - Source Files - - - Source Files - - - Source Files\vmprofiles - - - Source Files\vmprofiles - - - - - Header Files + + Header Files\Zycore - - Header Files + + Header Files\Zycore - - Header Files + + Header Files\Zycore - - Header Files\Zydis\Generated + + Header Files\Zycore - - Header Files\Zydis\Generated + + Header Files\Zycore - - Header Files\Zydis\Generated + + Header Files\Zycore - - Header Files\Zydis\Generated + + Header Files\Zycore - - Header Files\Zydis\Generated + + Header Files\Zycore - - Header Files\Zydis\Internal + + Header Files\Zycore - - Header Files\Zydis\Internal + + Header Files\Zycore - - Header Files\Zydis\Internal + + Header Files\Zycore - - Header Files\Zydis\Internal + + Header Files\Zycore - - Header Files\Zydis\Internal + + Header Files\Zycore - - Header Files\Zydis\Internal + + Header Files\Zycore - - Header Files\Zydis + + Header Files\Zycore\API - - Header Files\Zydis + + Header Files\Zycore\API - - Header Files\Zydis + + Header Files\Zycore\API - - Header Files\Zydis + + Header Files\Zycore\API - + Header Files\Zydis - + Header Files\Zydis - + Header Files\Zydis - + Header Files\Zydis - + Header Files\Zydis - + Header Files\Zydis - + Header Files\Zydis - + Header Files\Zydis - - Header Files\Zycore\API - - - Header Files\Zycore\API - - - Header Files\Zycore\API + + Header Files\Zydis - - Header Files\Zycore\API + + Header Files\Zydis - - Header Files\Zycore + + Header Files\Zydis - - Header Files\Zycore + + Header Files\Zydis - - Header Files\Zycore + + Header Files\Zydis\Internal - - Header Files\Zycore + + Header Files\Zydis\Internal - - Header Files\Zycore + + Header Files\Zydis\Internal - - Header Files\Zycore + + Header Files\Zydis\Internal - - Header Files\Zycore + + Header Files\Zydis\Internal - - Header Files\Zycore + + Header Files\Zydis\Internal - - Header Files\Zycore + + Header Files\Zydis\Generated - - Header Files\Zycore + + Header Files\Zydis\Generated - - Header Files\Zycore + + Header Files\Zydis\Generated - - Header Files\Zycore + + Header Files\Zydis\Generated - - Header Files\Zycore + + Header Files\Zydis\Generated - - Header Files\Zycore + + Header Files - + Header Files - + Header Files - + Header Files - + Resources + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files\vmprofiles + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + \ No newline at end of file From ecd7f5abc1f97a2743334e942e50f66c55cf039f Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Tue, 1 Jun 2021 23:44:31 -0700 Subject: [PATCH 2/2] fixed operand decryption transform map ref's --- include/transform.hpp | 2 +- src/vminstrs.cpp | 74 +++++++++++++++++++++---------------------- 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/include/transform.hpp b/include/transform.hpp index bc2ef88..f0a4624 100644 --- a/include/transform.hpp +++ b/include/transform.hpp @@ -211,7 +211,7 @@ namespace vm } } - inline bool has_imm( zydis_decoded_instr_t *instr ) + inline bool has_imm( const zydis_decoded_instr_t *instr ) { return instr->operand_count > 1 && ( instr->operands[ 1 ].type & ZYDIS_OPERAND_TYPE_IMMEDIATE ); } diff --git a/src/vminstrs.cpp b/src/vminstrs.cpp index 99ebf3f..9d92817 100644 --- a/src/vminstrs.cpp +++ b/src/vminstrs.cpp @@ -7,48 +7,48 @@ namespace vm std::pair< std::uint64_t, std::uint64_t > decrypt_operand( transform::map_t &transforms, std::uint64_t operand, std::uint64_t rolling_key ) { - const auto generic_decrypt_0 = &transforms[ transform::type::generic0 ]; - const auto key_decrypt = &transforms[ transform::type::rolling_key ]; - const auto generic_decrypt_1 = &transforms[ transform::type::generic1 ]; - const auto generic_decrypt_2 = &transforms[ transform::type::generic2 ]; - const auto generic_decrypt_3 = &transforms[ transform::type::generic3 ]; - const auto update_key = &transforms[ transform::type::update_key ]; - - if ( generic_decrypt_0->mnemonic != ZYDIS_MNEMONIC_INVALID ) + const auto& generic_decrypt_0 = transforms[ transform::type::generic0 ]; + const auto& key_decrypt = transforms[ transform::type::rolling_key ]; + const auto& generic_decrypt_1 = transforms[ transform::type::generic1 ]; + const auto& generic_decrypt_2 = transforms[ transform::type::generic2 ]; + const auto& generic_decrypt_3 = transforms[ transform::type::generic3 ]; + const auto& update_key = transforms[ transform::type::update_key ]; + + if ( generic_decrypt_0.mnemonic != ZYDIS_MNEMONIC_INVALID ) { operand = transform::apply( - generic_decrypt_0->operands[ 0 ].size, generic_decrypt_0->mnemonic, operand, + generic_decrypt_0.operands[ 0 ].size, generic_decrypt_0.mnemonic, operand, // check to see if this instruction has an IMM... - transform::has_imm( generic_decrypt_0 ) ? generic_decrypt_0->operands[ 1 ].imm.value.u : 0 ); + transform::has_imm( &generic_decrypt_0 ) ? generic_decrypt_0.operands[ 1 ].imm.value.u : 0 ); } // apply transformation with rolling decrypt key... - operand = transform::apply( key_decrypt->operands[ 0 ].size, key_decrypt->mnemonic, operand, rolling_key ); + operand = transform::apply( key_decrypt.operands[ 0 ].size, key_decrypt.mnemonic, operand, rolling_key ); // apply three generic transformations... { operand = transform::apply( - generic_decrypt_1->operands[ 0 ].size, generic_decrypt_1->mnemonic, operand, + generic_decrypt_1.operands[ 0 ].size, generic_decrypt_1.mnemonic, operand, // check to see if this instruction has an IMM... - transform::has_imm( generic_decrypt_1 ) ? generic_decrypt_1->operands[ 1 ].imm.value.u : 0 ); + transform::has_imm( &generic_decrypt_1 ) ? generic_decrypt_1.operands[ 1 ].imm.value.u : 0 ); operand = transform::apply( - generic_decrypt_2->operands[ 0 ].size, generic_decrypt_2->mnemonic, operand, + generic_decrypt_2.operands[ 0 ].size, generic_decrypt_2.mnemonic, operand, // check to see if this instruction has an IMM... - transform::has_imm( generic_decrypt_2 ) ? generic_decrypt_2->operands[ 1 ].imm.value.u : 0 ); + transform::has_imm( &generic_decrypt_2 ) ? generic_decrypt_2.operands[ 1 ].imm.value.u : 0 ); operand = transform::apply( - generic_decrypt_3->operands[ 0 ].size, generic_decrypt_3->mnemonic, operand, + generic_decrypt_3.operands[ 0 ].size, generic_decrypt_3.mnemonic, operand, // check to see if this instruction has an IMM... - transform::has_imm( generic_decrypt_3 ) ? generic_decrypt_3->operands[ 1 ].imm.value.u : 0 ); + transform::has_imm( &generic_decrypt_3 ) ? generic_decrypt_3.operands[ 1 ].imm.value.u : 0 ); } // update rolling key... auto result = - transform::apply( update_key->operands[ 0 ].size, update_key->mnemonic, rolling_key, operand ); + transform::apply( update_key.operands[ 0 ].size, update_key.mnemonic, rolling_key, operand ); // update decryption key correctly... - switch ( update_key->operands[ 0 ].size ) + switch ( update_key.operands[ 0 ].size ) { case 8: rolling_key = ( rolling_key & ~0xFFull ) + result; @@ -70,18 +70,18 @@ namespace vm transform::map_t inverse; inverse_transforms( transforms, inverse ); - const auto generic_decrypt_0 = &inverse[ transform::type::generic0 ]; - const auto key_decrypt = &inverse[ transform::type::rolling_key ]; - const auto generic_decrypt_1 = &inverse[ transform::type::generic1 ]; - const auto generic_decrypt_2 = &inverse[ transform::type::generic2 ]; - const auto generic_decrypt_3 = &inverse[ transform::type::generic3 ]; - const auto update_key = &inverse[ transform::type::update_key ]; + const auto& generic_decrypt_0 = inverse[ transform::type::generic0 ]; + const auto& key_decrypt = inverse[ transform::type::rolling_key ]; + const auto& generic_decrypt_1 = inverse[ transform::type::generic1 ]; + const auto& generic_decrypt_2 = inverse[ transform::type::generic2 ]; + const auto& generic_decrypt_3 = inverse[ transform::type::generic3 ]; + const auto& update_key = inverse[ transform::type::update_key ]; auto result = - transform::apply( update_key->operands[ 0 ].size, update_key->mnemonic, rolling_key, operand ); + transform::apply( update_key.operands[ 0 ].size, update_key.mnemonic, rolling_key, operand ); // make sure we update the rolling decryption key correctly... - switch ( update_key->operands[ 0 ].size ) + switch ( update_key.operands[ 0 ].size ) { case 8: rolling_key = ( rolling_key & ~0xFFull ) + result; @@ -96,29 +96,29 @@ namespace vm { operand = transform::apply( - generic_decrypt_3->operands[ 0 ].size, generic_decrypt_3->mnemonic, operand, + generic_decrypt_3.operands[ 0 ].size, generic_decrypt_3.mnemonic, operand, // check to see if this instruction has an IMM... - transform::has_imm( generic_decrypt_3 ) ? generic_decrypt_3->operands[ 1 ].imm.value.u : 0 ); + transform::has_imm( &generic_decrypt_3 ) ? generic_decrypt_3.operands[ 1 ].imm.value.u : 0 ); operand = transform::apply( - generic_decrypt_2->operands[ 0 ].size, generic_decrypt_2->mnemonic, operand, + generic_decrypt_2.operands[ 0 ].size, generic_decrypt_2.mnemonic, operand, // check to see if this instruction has an IMM... - transform::has_imm( generic_decrypt_2 ) ? generic_decrypt_2->operands[ 1 ].imm.value.u : 0 ); + transform::has_imm( &generic_decrypt_2 ) ? generic_decrypt_2.operands[ 1 ].imm.value.u : 0 ); operand = transform::apply( - generic_decrypt_1->operands[ 0 ].size, generic_decrypt_1->mnemonic, operand, + generic_decrypt_1.operands[ 0 ].size, generic_decrypt_1.mnemonic, operand, // check to see if this instruction has an IMM... - transform::has_imm( generic_decrypt_1 ) ? generic_decrypt_1->operands[ 1 ].imm.value.u : 0 ); + transform::has_imm( &generic_decrypt_1 ) ? generic_decrypt_1.operands[ 1 ].imm.value.u : 0 ); } - operand = transform::apply( key_decrypt->operands[ 0 ].size, key_decrypt->mnemonic, operand, rolling_key ); + operand = transform::apply( key_decrypt.operands[ 0 ].size, key_decrypt.mnemonic, operand, rolling_key ); - if ( generic_decrypt_0->mnemonic != ZYDIS_MNEMONIC_INVALID ) + if ( generic_decrypt_0.mnemonic != ZYDIS_MNEMONIC_INVALID ) { operand = transform::apply( - generic_decrypt_0->operands[ 0 ].size, generic_decrypt_0->mnemonic, operand, + generic_decrypt_0.operands[ 0 ].size, generic_decrypt_0.mnemonic, operand, // check to see if this instruction has an IMM... - transform::has_imm( generic_decrypt_0 ) ? generic_decrypt_0->operands[ 1 ].imm.value.u : 0 ); + transform::has_imm( &generic_decrypt_0 ) ? generic_decrypt_0.operands[ 1 ].imm.value.u : 0 ); } return { operand, rolling_key };