From 1840945596ed7dbb511863fb7a1a10e04a35ba92 Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Thu, 10 Jun 2021 16:46:26 -0700
Subject: [PATCH] starting to define lifters for vmp2 IL...

---
 include/vmlifters.hpp      | 25 +++++++++++++++++++++++++
 src/vmlifters/add.cpp      | 37 +++++++++++++++++++++++++++++++++++++
 src/vmlifters/lregq.cpp    | 10 ++++++++++
 vmprofiler.vcxproj         |  7 +++++--
 vmprofiler.vcxproj.filters | 12 ++++++++++++
 5 files changed, 89 insertions(+), 2 deletions(-)
 create mode 100644 include/vmlifters.hpp
 create mode 100644 src/vmlifters/add.cpp
 create mode 100644 src/vmlifters/lregq.cpp

diff --git a/include/vmlifters.hpp b/include/vmlifters.hpp
new file mode 100644
index 0000000..0c764a5
--- /dev/null
+++ b/include/vmlifters.hpp
@@ -0,0 +1,25 @@
+#include <vmp2.hpp>
+#include <vmprofiles.hpp>
+#include <vtil/vtil>
+
+namespace vm::lifters
+{
+    using lifter_callback_t = std::function< void( vtil::basic_block *, vm::instrs::virt_instr_t * ) >;
+    using lifter_t = std::pair< vm::handler::mnemonic_t, lifter_callback_t >;
+
+    // taken from
+    // https://github.com/can1357/NoVmp/blob/6c23c9a335f70e8d5ed6299668fd802f2314c896/NoVmp/vmprotect/il2vtil.cpp#L66
+    inline constexpr vtil::register_desc make_virtual_register( uint8_t context_offset, uint8_t size )
+    {
+        fassert( ( ( context_offset & 7 ) + size ) <= 8 && size );
+
+        return { vtil::register_virtual, ( size_t )context_offset / 8, size * 8, ( context_offset % 8 ) * 8 };
+    }
+
+    extern lifter_t lregq;
+    extern lifter_t addq, adddw, addw;
+
+    inline std::map< vm::handler::mnemonic_t, lifter_callback_t > all = { 
+        lregq, addq, adddw, addw
+    };
+} // namespace vm::lifters
\ No newline at end of file
diff --git a/src/vmlifters/add.cpp b/src/vmlifters/add.cpp
new file mode 100644
index 0000000..4afc9d0
--- /dev/null
+++ b/src/vmlifters/add.cpp
@@ -0,0 +1,37 @@
+#include <vmlifters.hpp>
+
+namespace vm::lifters
+{
+    lifter_t addq = {
+        // vsp[0] = vsp[1] + vsp[0];
+        vm::handler::ADDQ, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
+            auto [ t0, t1 ] = blk->tmp( 64, 64 );
+            blk->pop( t0 );
+            blk->pop( t1 );
+            blk->add( t1, t0 );
+            blk->push( t1 );
+            blk->pushf();
+        } };
+
+    lifter_t adddw = {
+        // vsp[0] = vsp[1] + vsp[0];
+        vm::handler::ADDDW, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
+            auto [ t0, t1 ] = blk->tmp( 32, 32 );
+            blk->pop( t0 );
+            blk->pop( t1 );
+            blk->add( t1, t0 );
+            blk->push( t1 );
+            blk->pushf();
+        } };
+
+    lifter_t addw = {
+        // vsp[0] = vsp[1] + vsp[0];
+        vm::handler::ADDW, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
+            auto [ t0, t1 ] = blk->tmp( 16, 16 );
+            blk->pop( t0 );
+            blk->pop( t1 );
+            blk->add( t1, t0 );
+            blk->push( t1 );
+            blk->pushf();
+        } };
+} // namespace vm::lifters
\ No newline at end of file
diff --git a/src/vmlifters/lregq.cpp b/src/vmlifters/lregq.cpp
new file mode 100644
index 0000000..8eecf0a
--- /dev/null
+++ b/src/vmlifters/lregq.cpp
@@ -0,0 +1,10 @@
+#include <vmlifters.hpp>
+
+namespace vm::lifters
+{
+    lifter_t lregq = {
+        // push vregX
+        vm::handler::LREGQ, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
+            blk->push( make_virtual_register( vinstr->operand.imm.u, 8 ) );
+        } };
+}
\ No newline at end of file
diff --git a/vmprofiler.vcxproj b/vmprofiler.vcxproj
index e3f447f..3b08b53 100644
--- a/vmprofiler.vcxproj
+++ b/vmprofiler.vcxproj
@@ -47,11 +47,11 @@
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
-    <IncludePath>$(ProjectDir)dependencies\zydis\msvc;$(ProjectDir)dependencies\zydis\dependencies\zycore\include;$(ProjectDir)include;$(ProjectDir)dependencies\zydis\include;$(IncludePath)</IncludePath>
+    <IncludePath>$(ProjectDir)dependencies\zydis\msvc;$(ProjectDir)dependencies\zydis\dependencies\zycore\include;$(ProjectDir)include;$(ProjectDir)dependencies\zydis\include;$(ProjectDir)dependencies\vtil\VTIL\includes\;$(ProjectDir)dependencies\vtil\VTIL-Architecture\includes\;$(ProjectDir)dependencies\vtil\VTIL-Common\includes\;$(ProjectDir)dependencies\vtil\VTIL-Compiler\includes;$(ProjectDir)dependencies\vtil\VTIL-SymEx\includes\;$(ProjectDir)dependencies\vtil\dependencies\keystone\include;$(ProjectDir)dependencies\vtil\dependencies\capstone\include;$(IncludePath)</IncludePath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DBG|x64'">
     <LinkIncremental>false</LinkIncremental>
-    <IncludePath>$(ProjectDir)dependencies\zydis\msvc;$(ProjectDir)dependencies\zydis\dependencies\zycore\include;$(ProjectDir)include;$(ProjectDir)dependencies\zydis\include;$(IncludePath)</IncludePath>
+    <IncludePath>$(ProjectDir)dependencies\zydis\msvc;$(ProjectDir)dependencies\zydis\dependencies\zycore\include;$(ProjectDir)include;$(ProjectDir)dependencies\zydis\include;$(ProjectDir)dependencies\vtil\VTIL\includes\;$(ProjectDir)dependencies\vtil\VTIL-Architecture\includes\;$(ProjectDir)dependencies\vtil\VTIL-Common\includes\;$(ProjectDir)dependencies\vtil\VTIL-Compiler\includes;$(ProjectDir)dependencies\vtil\VTIL-SymEx\includes\;$(ProjectDir)dependencies\vtil\dependencies\keystone\include;$(ProjectDir)dependencies\vtil\dependencies\capstone\include;$(IncludePath)</IncludePath>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
@@ -151,6 +151,7 @@
     <ClInclude Include="include\vmctx.hpp" />
     <ClInclude Include="include\vmhandlers.hpp" />
     <ClInclude Include="include\vminstrs.hpp" />
+    <ClInclude Include="include\vmlifters.hpp" />
     <ClInclude Include="include\vmp2.hpp" />
     <ClInclude Include="include\vmprofiler.hpp" />
     <ClInclude Include="include\vmprofiles.hpp" />
@@ -164,6 +165,8 @@
     <ClCompile Include="src\vmctx.cpp" />
     <ClCompile Include="src\vmhandler.cpp" />
     <ClCompile Include="src\vminstrs.cpp" />
+    <ClCompile Include="src\vmlifters\add.cpp" />
+    <ClCompile Include="src\vmlifters\lregq.cpp" />
     <ClCompile Include="src\vmprofiles\add.cpp" />
     <ClCompile Include="src\vmprofiles\call.cpp" />
     <ClCompile Include="src\vmprofiles\div.cpp" />
diff --git a/vmprofiler.vcxproj.filters b/vmprofiler.vcxproj.filters
index f07da1c..23968ce 100644
--- a/vmprofiler.vcxproj.filters
+++ b/vmprofiler.vcxproj.filters
@@ -30,6 +30,9 @@
     <Filter Include="Header Files\Zycore\API">
       <UniqueIdentifier>{b4d15e7c-77b4-497f-89ea-cb7366955816}</UniqueIdentifier>
     </Filter>
+    <Filter Include="Source Files\vmlifters">
+      <UniqueIdentifier>{2e1e240b-494d-4668-9f6d-2d4405f04a74}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="dependencies\zydis\dependencies\zycore\include\Zycore\Allocator.h">
@@ -182,6 +185,9 @@
     <ClInclude Include="include\calc_jmp.hpp">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="include\vmlifters.hpp">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <None Include=".clang-format">
@@ -252,5 +258,11 @@
     <ClCompile Include="src\vmctx.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="src\vmlifters\add.cpp">
+      <Filter>Source Files\vmlifters</Filter>
+    </ClCompile>
+    <ClCompile Include="src\vmlifters\lregq.cpp">
+      <Filter>Source Files\vmlifters</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>
\ No newline at end of file