added more lifters and profiles... updated deps...

merge-requests/11/head
_xeroxz 4 years ago
parent eb13c85f48
commit 28e50e7b0c

2
dependencies/vtil vendored

@ -1 +1 @@
Subproject commit e9dc43bd7da388c5f8304407fd076f802bd97a7f Subproject commit 46220b2d054f7c250d9eef27879a2f05b7c9d9fa

@ -24,34 +24,47 @@ namespace vm::lifters
extern vm::lifters::lifter_t nandq, nanddw, nandw; extern vm::lifters::lifter_t nandq, nanddw, nandw;
extern vm::lifters::lifter_t readq, readdw, readw; extern vm::lifters::lifter_t readq, readdw, readw;
extern vm::lifters::lifter_t shrq, shrw; extern vm::lifters::lifter_t shrq, shrw;
extern vm::lifters::lifter_t jmp;
extern vm::lifters::lifter_t vmexit; extern vm::lifters::lifter_t vmexit;
extern vm::lifters::lifter_t pushvsp; extern vm::lifters::lifter_t pushvsp;
extern vm::lifters::lifter_t lrflags;
extern vm::lifters::lifter_t lvsp;
inline std::map< vm::handler::mnemonic_t, lifter_callback_t > all = { inline std::vector< vm::lifters::lifter_t * > all = {
// lreg lifters... // lreg lifters...
lregq, lregdw, &lregq, &lregdw,
// add lifters... // add lifters...
addq, adddw, addw, &addq, &adddw, &addw,
// sreg lifters... // sreg lifters...
sregq, sregdw, sregw, &sregq, &sregdw, &sregw,
// lconst lifters... // lconst lifters...
lconstq, lconstdw, lconstw, lconstbzxw, lconstbsxdw, lconstbsxq, lconstdwsxq, lconstwsxq, lconstwsxdw, &lconstq, &lconstdw, &lconstw, &lconstbzxw, &lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw,
// nand lifters... // nand lifters...
nandq, nanddw, nandw, &nandq, &nanddw, &nandw,
// read lifters.... // read lifters....
readq, readdw, readw, &readq, &readdw, &readw,
// shr lifters... // shr lifters...
shrq, shrw, &shrq, &shrw,
// pushvsp lifter... // pushvsp lifter...
pushvsp, &pushvsp,
// jmp lifter...
&jmp,
// lflags lifter...
&lrflags,
// lvsp lifter...
&lvsp,
// vmexit lifter... // vmexit lifter...
vmexit }; &vmexit };
} // namespace vm::lifters } // namespace vm::lifters

@ -6,4 +6,5 @@
#include <vminstrs.hpp> #include <vminstrs.hpp>
#include <vmctx.hpp> #include <vmctx.hpp>
#include <vmutils.hpp> #include <vmutils.hpp>
#include <calc_jmp.hpp> #include <calc_jmp.hpp>
#include <vmlifters.hpp>

@ -19,6 +19,7 @@ namespace vm::handler
CALL, CALL,
JMP, JMP,
VMEXIT, VMEXIT,
LVSP,
SREGQ, SREGQ,
SREGDW, SREGDW,
@ -223,6 +224,11 @@ namespace vm::handler
/// add rsi, [rbp] ; add module base address /// add rsi, [rbp] ; add module base address
/// </summary> /// </summary>
extern vm::handler::profile_t jmp; extern vm::handler::profile_t jmp;
/// <summary>
/// mov rbp [rbp+0]
/// </summary>
extern vm::handler::profile_t lvsp;
extern vm::handler::profile_t vmexit; extern vm::handler::profile_t vmexit;
/// <summary> /// <summary>
@ -231,7 +237,7 @@ namespace vm::handler
inline std::vector< vm::handler::profile_t * > all = { inline std::vector< vm::handler::profile_t * > all = {
&sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &lconstbzxw, &lconstbsxdw, &sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &lconstbzxw, &lconstbsxdw,
&lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw, &lconstdw, &lconstw, &addq, &adddw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw, &lconstdw, &lconstw, &addq, &adddw,
&addw, &addw, &lvsp,
&shlq, &shldw, &writeq, &writedw, &writeb, &nandq, &nanddw, &nandw, &shlq, &shldw, &writeq, &writedw, &writeb, &nandq, &nanddw, &nandw,

@ -0,0 +1,10 @@
#include <vmlifters.hpp>
namespace vm::lifters
{
vm::lifters::lifter_t jmp = {
// jmp
vm::handler::JMP, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
blk->jmp( vinstr->trace_data.vsp.qword[ 0 ] );
} };
}

@ -0,0 +1,9 @@
#include <vmlifters.hpp>
namespace vm::lifters
{
vm::lifters::lifter_t lrflags = {
// push flags
vm::handler::LRFLAGS,
[]( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) { blk->push( vtil::REG_FLAGS ); } };
}

@ -0,0 +1,9 @@
#include <vmlifters.hpp>
namespace vm::lifters
{
vm::lifters::lifter_t lvsp = {
// vsp = vsp[0]
vm::handler::LVSP,
[]( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) { blk->pop( vtil::REG_SP ); } };
}

@ -7,10 +7,10 @@ namespace vm::lifters
// ldd vregX, vregX, 0 // ldd vregX, vregX, 0
// push vregX // push vregX
vm::handler::READQ, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) { vm::handler::READQ, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
auto t0 = blk->tmp( 64 ); auto [ t0, t1 ] = blk->tmp( 64, 64 );
blk->pop( t0 ); blk->pop( t0 );
blk->ldd( t0, t0, 0 ); blk->ldd( t1, t0, vtil::make_imm( 0ull ) );
blk->push( t0 ); blk->push( t1 );
} }; } };
vm::lifters::lifter_t readdw = { vm::lifters::lifter_t readdw = {
@ -18,10 +18,10 @@ namespace vm::lifters
// ldd vregX, vregX, 0 // ldd vregX, vregX, 0
// push vregX // push vregX
vm::handler::READDW, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) { vm::handler::READDW, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
auto t0 = blk->tmp( 32 ); auto [ t0, t1 ] = blk->tmp( 64, 32 );
blk->pop( t0 ); blk->pop( t0 );
blk->ldd( t0, t0, 0 ); blk->ldd( t1, t0, vtil::make_imm( 0ull ) );
blk->push( t0 ); blk->push( t1 );
} }; } };
vm::lifters::lifter_t readw = { vm::lifters::lifter_t readw = {
@ -29,9 +29,9 @@ namespace vm::lifters
// ldd vregX, vregX, 0 // ldd vregX, vregX, 0
// push vregX // push vregX
vm::handler::READW, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) { vm::handler::READW, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
auto t0 = blk->tmp( 16 ); auto [ t0, t1 ] = blk->tmp( 64, 16 );
blk->pop( t0 ); blk->pop( t0 );
blk->ldd( t0, t0, 0 ); blk->ldd( t1, t0, vtil::make_imm( 0ull ) );
blk->push( t0 ); blk->push( t1 );
} }; } };
} // namespace vm::lifters } // namespace vm::lifters

@ -4,5 +4,7 @@ namespace vm::lifters
{ {
vm::lifters::lifter_t vmexit = { vm::lifters::lifter_t vmexit = {
// ret // ret
vm::handler::VMEXIT, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) { blk->vexit(); } }; vm::handler::VMEXIT, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
blk->vexit( vinstr->trace_data.vsp.qword[ 12 ] );
} };
} }

@ -0,0 +1,16 @@
#include <vmprofiler.hpp>
namespace vm::handler::profile
{
vm::handler::profile_t lvsp = {
// MOV RBP [RBP]
"LVSP",
LVSP,
NULL,
{ { []( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP;
} } } };
}

@ -168,8 +168,11 @@
<ClCompile Include="src\vmhandler.cpp" /> <ClCompile Include="src\vmhandler.cpp" />
<ClCompile Include="src\vminstrs.cpp" /> <ClCompile Include="src\vminstrs.cpp" />
<ClCompile Include="src\vmlifters\add.cpp" /> <ClCompile Include="src\vmlifters\add.cpp" />
<ClCompile Include="src\vmlifters\jmp.cpp" />
<ClCompile Include="src\vmlifters\lconst.cpp" /> <ClCompile Include="src\vmlifters\lconst.cpp" />
<ClCompile Include="src\vmlifters\lflags.cpp" />
<ClCompile Include="src\vmlifters\lreg.cpp" /> <ClCompile Include="src\vmlifters\lreg.cpp" />
<ClCompile Include="src\vmlifters\lvsp.cpp" />
<ClCompile Include="src\vmlifters\nand.cpp" /> <ClCompile Include="src\vmlifters\nand.cpp" />
<ClCompile Include="src\vmlifters\pushvsp.cpp" /> <ClCompile Include="src\vmlifters\pushvsp.cpp" />
<ClCompile Include="src\vmlifters\read.cpp" /> <ClCompile Include="src\vmlifters\read.cpp" />
@ -183,6 +186,7 @@
<ClCompile Include="src\vmprofiles\lconst.cpp" /> <ClCompile Include="src\vmprofiles\lconst.cpp" />
<ClCompile Include="src\vmprofiles\lflags.cpp" /> <ClCompile Include="src\vmprofiles\lflags.cpp" />
<ClCompile Include="src\vmprofiles\lreg.cpp" /> <ClCompile Include="src\vmprofiles\lreg.cpp" />
<ClCompile Include="src\vmprofiles\lvsp.cpp" />
<ClCompile Include="src\vmprofiles\mul.cpp" /> <ClCompile Include="src\vmprofiles\mul.cpp" />
<ClCompile Include="src\vmprofiles\nand.cpp" /> <ClCompile Include="src\vmprofiles\nand.cpp" />
<ClCompile Include="src\vmprofiles\pushvsp.cpp" /> <ClCompile Include="src\vmprofiles\pushvsp.cpp" />

@ -285,5 +285,17 @@
<ClCompile Include="src\vmlifters\shr.cpp"> <ClCompile Include="src\vmlifters\shr.cpp">
<Filter>Source Files\vmlifters</Filter> <Filter>Source Files\vmlifters</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="src\vmlifters\jmp.cpp">
<Filter>Source Files\vmlifters</Filter>
</ClCompile>
<ClCompile Include="src\vmlifters\lflags.cpp">
<Filter>Source Files\vmlifters</Filter>
</ClCompile>
<ClCompile Include="src\vmlifters\lvsp.cpp">
<Filter>Source Files\vmlifters</Filter>
</ClCompile>
<ClCompile Include="src\vmprofiles\lvsp.cpp">
<Filter>Source Files\vmprofiles</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
</Project> </Project>
Loading…
Cancel
Save