vmp2
/
vmprofiler
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added more lifters and profiles... updated deps...

Browse Source
merge-requests/11/head
_xeroxz 3 years ago
parent eb13c85f48
commit 28e50e7b0c
12 changed files with 105 additions and 23 deletions
Show Stats Download Patch File Download Diff File

2
dependencies/vtil vendored

@ -1 +1 @@
Subproject commit e9dc43bd7da388c5f8304407fd076f802bd97a7f
Subproject commit 46220b2d054f7c250d9eef27879a2f05b7c9d9fa

33
include/vmlifters.hpp
Unescape View File

@ -24,34 +24,47 @@ namespace vm::lifters
extern vm::lifters::lifter_t nandq, nanddw, nandw;
extern vm::lifters::lifter_t readq, readdw, readw;
extern vm::lifters::lifter_t shrq, shrw;
extern vm::lifters::lifter_t jmp;
extern vm::lifters::lifter_t vmexit;
extern vm::lifters::lifter_t pushvsp;
extern vm::lifters::lifter_t lrflags;
extern vm::lifters::lifter_t lvsp;
inline std::map< vm::handler::mnemonic_t, lifter_callback_t > all = {
inline std::vector< vm::lifters::lifter_t * > all = {
// lreg lifters...
lregq, lregdw,
&lregq, &lregdw,
// add lifters...
addq, adddw, addw,
&addq, &adddw, &addw,
// sreg lifters...
sregq, sregdw, sregw,
&sregq, &sregdw, &sregw,
// lconst lifters...
lconstq, lconstdw, lconstw, lconstbzxw, lconstbsxdw, lconstbsxq, lconstdwsxq, lconstwsxq, lconstwsxdw,
&lconstq, &lconstdw, &lconstw, &lconstbzxw, &lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw,
// nand lifters...
nandq, nanddw, nandw,
&nandq, &nanddw, &nandw,
// read lifters....
readq, readdw, readw,
&readq, &readdw, &readw,
// shr lifters...
shrq, shrw,
&shrq, &shrw,
// pushvsp lifter...
pushvsp,
&pushvsp,
// jmp lifter...
&jmp,
// lflags lifter...
&lrflags,
// lvsp lifter...
&lvsp,
// vmexit lifter...
vmexit };
&vmexit };
} // namespace vm::lifters

1
include/vmprofiler.hpp
Unescape View File

@ -7,3 +7,4 @@
#include <vmctx.hpp>
#include <vmutils.hpp>
#include <calc_jmp.hpp>
#include <vmlifters.hpp>

8
include/vmprofiles.hpp
Unescape View File

@ -19,6 +19,7 @@ namespace vm::handler
CALL,
JMP,
VMEXIT,
LVSP,
SREGQ,
SREGDW,
@ -223,6 +224,11 @@ namespace vm::handler
/// add rsi, [rbp] ; add module base address
/// </summary>
extern vm::handler::profile_t jmp;
/// <summary>
/// mov rbp [rbp+0]
/// </summary>
extern vm::handler::profile_t lvsp;
extern vm::handler::profile_t vmexit;
/// <summary>
@ -231,7 +237,7 @@ namespace vm::handler
inline std::vector< vm::handler::profile_t * > all = {
&sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &lconstbzxw, &lconstbsxdw,
&lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw, &lconstdw, &lconstw, &addq, &adddw,
&addw,
&addw, &lvsp,
&shlq, &shldw, &writeq, &writedw, &writeb, &nandq, &nanddw, &nandw,

10
src/vmlifters/jmp.cpp
Unescape View File

@ -0,0 +1,10 @@
#include <vmlifters.hpp>
namespace vm::lifters
{
vm::lifters::lifter_t jmp = {
// jmp
vm::handler::JMP, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
blk->jmp( vinstr->trace_data.vsp.qword[ 0 ] );
} };
}

9
src/vmlifters/lflags.cpp
Unescape View File

@ -0,0 +1,9 @@
#include <vmlifters.hpp>
namespace vm::lifters
{
vm::lifters::lifter_t lrflags = {
// push flags
vm::handler::LRFLAGS,
[]( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) { blk->push( vtil::REG_FLAGS ); } };
}

9
src/vmlifters/lvsp.cpp
Unescape View File

@ -0,0 +1,9 @@
#include <vmlifters.hpp>
namespace vm::lifters
{
vm::lifters::lifter_t lvsp = {
// vsp = vsp[0]
vm::handler::LVSP,
[]( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) { blk->pop( vtil::REG_SP ); } };
}

18
src/vmlifters/read.cpp
Unescape View File

@ -7,10 +7,10 @@ namespace vm::lifters
// ldd vregX, vregX, 0
// push vregX
vm::handler::READQ, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
auto t0 = blk->tmp( 64 );
auto [ t0, t1 ] = blk->tmp( 64, 64 );
blk->pop( t0 );
blk->ldd( t0, t0, 0 );
blk->push( t0 );
blk->ldd( t1, t0, vtil::make_imm( 0ull ) );
blk->push( t1 );
} };
vm::lifters::lifter_t readdw = {
@ -18,10 +18,10 @@ namespace vm::lifters
// ldd vregX, vregX, 0
// push vregX
vm::handler::READDW, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
auto t0 = blk->tmp( 32 );
auto [ t0, t1 ] = blk->tmp( 64, 32 );
blk->pop( t0 );
blk->ldd( t0, t0, 0 );
blk->push( t0 );
blk->ldd( t1, t0, vtil::make_imm( 0ull ) );
blk->push( t1 );
} };
vm::lifters::lifter_t readw = {
@ -29,9 +29,9 @@ namespace vm::lifters
// ldd vregX, vregX, 0
// push vregX
vm::handler::READW, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
auto t0 = blk->tmp( 16 );
auto [ t0, t1 ] = blk->tmp( 64, 16 );
blk->pop( t0 );
blk->ldd( t0, t0, 0 );
blk->push( t0 );
blk->ldd( t1, t0, vtil::make_imm( 0ull ) );
blk->push( t1 );
} };
} // namespace vm::lifters

4
src/vmlifters/vmexit.cpp
Unescape View File

@ -4,5 +4,7 @@ namespace vm::lifters
{
vm::lifters::lifter_t vmexit = {
// ret
vm::handler::VMEXIT, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) { blk->vexit(); } };
vm::handler::VMEXIT, []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr ) {
blk->vexit( vinstr->trace_data.vsp.qword[ 12 ] );
} };
}

16
src/vmprofiles/lvsp.cpp
Unescape View File

@ -0,0 +1,16 @@
#include <vmprofiler.hpp>
namespace vm::handler::profile
{
vm::handler::profile_t lvsp = {
// MOV RBP [RBP]
"LVSP",
LVSP,
NULL,
{ { []( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP;
} } } };
}

4
vmprofiler.vcxproj
Unescape View File

@ -168,8 +168,11 @@
<ClCompile Include="src\vmhandler.cpp" />
<ClCompile Include="src\vminstrs.cpp" />
<ClCompile Include="src\vmlifters\add.cpp" />
<ClCompile Include="src\vmlifters\jmp.cpp" />
<ClCompile Include="src\vmlifters\lconst.cpp" />
<ClCompile Include="src\vmlifters\lflags.cpp" />
<ClCompile Include="src\vmlifters\lreg.cpp" />
<ClCompile Include="src\vmlifters\lvsp.cpp" />
<ClCompile Include="src\vmlifters\nand.cpp" />
<ClCompile Include="src\vmlifters\pushvsp.cpp" />
<ClCompile Include="src\vmlifters\read.cpp" />
@ -183,6 +186,7 @@
<ClCompile Include="src\vmprofiles\lconst.cpp" />
<ClCompile Include="src\vmprofiles\lflags.cpp" />
<ClCompile Include="src\vmprofiles\lreg.cpp" />
<ClCompile Include="src\vmprofiles\lvsp.cpp" />
<ClCompile Include="src\vmprofiles\mul.cpp" />
<ClCompile Include="src\vmprofiles\nand.cpp" />
<ClCompile Include="src\vmprofiles\pushvsp.cpp" />

12
vmprofiler.vcxproj.filters
Unescape View File

@ -285,5 +285,17 @@
<ClCompile Include="src\vmlifters\shr.cpp">
<Filter>Source Files\vmlifters</Filter>
</ClCompile>
<ClCompile Include="src\vmlifters\jmp.cpp">
<Filter>Source Files\vmlifters</Filter>
</ClCompile>
<ClCompile Include="src\vmlifters\lflags.cpp">
<Filter>Source Files\vmlifters</Filter>
</ClCompile>
<ClCompile Include="src\vmlifters\lvsp.cpp">
<Filter>Source Files\vmlifters</Filter>
</ClCompile>
<ClCompile Include="src\vmprofiles\lvsp.cpp">
<Filter>Source Files\vmprofiles</Filter>
</ClCompile>
</ItemGroup>
</Project>
Write Preview
Loading…
Cancel
Save