From 0f6ba9bad30d67f25f01b6c1e872077efdff61d4 Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Mon, 7 Jun 2021 00:19:07 -0700
Subject: [PATCH] i messed with transforms and vminstrs encrypt_operand, check
 to make sure this doesnt destory anything before pushing it to master branch
 lol

---
 include/transform.hpp | 2 +-
 src/vminstrs.cpp      | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/transform.hpp b/include/transform.hpp
index 56c9578..7ce3075 100644
--- a/include/transform.hpp
+++ b/include/transform.hpp
@@ -213,7 +213,7 @@ namespace vm
 
         inline bool has_imm( const zydis_decoded_instr_t *instr )
         {
-            return instr->operand_count > 1 && ( instr->operands[ 1 ].type & ZYDIS_OPERAND_TYPE_IMMEDIATE );
+            return instr->operand_count > 1 && ( instr->operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE );
         }
     } // namespace transform
 } // namespace vm
\ No newline at end of file
diff --git a/src/vminstrs.cpp b/src/vminstrs.cpp
index 58f0b6f..a38a5ae 100644
--- a/src/vminstrs.cpp
+++ b/src/vminstrs.cpp
@@ -68,13 +68,14 @@ namespace vm
         {
             transform::map_t inverse;
             inverse_transforms( transforms, inverse );
+            const auto apply_key = rolling_key;
 
             const auto &generic_decrypt_0 = inverse[ transform::type::generic0 ];
             const auto &key_decrypt = inverse[ transform::type::rolling_key ];
             const auto &generic_decrypt_1 = inverse[ transform::type::generic1 ];
             const auto &generic_decrypt_2 = inverse[ transform::type::generic2 ];
             const auto &generic_decrypt_3 = inverse[ transform::type::generic3 ];
-            const auto &update_key = inverse[ transform::type::update_key ];
+            const auto &update_key = transforms[ transform::type::update_key ];
 
             auto result = transform::apply( update_key.operands[ 0 ].size, update_key.mnemonic, rolling_key, operand );
 
@@ -109,7 +110,7 @@ namespace vm
                     transform::has_imm( &generic_decrypt_1 ) ? generic_decrypt_1.operands[ 1 ].imm.value.u : 0 );
             }
 
-            operand = transform::apply( key_decrypt.operands[ 0 ].size, key_decrypt.mnemonic, operand, rolling_key );
+            operand = transform::apply( key_decrypt.operands[ 0 ].size, key_decrypt.mnemonic, operand, apply_key );
 
             if ( generic_decrypt_0.mnemonic != ZYDIS_MNEMONIC_INVALID )
             {