From 0002706d5b9a18a13535b70c78e801b999f0889c Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Tue, 1 Jun 2021 23:05:35 -0700
Subject: [PATCH] fixed vmexit profile

---
 src/vmprofiles/vmexit.cpp | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/vmprofiles/vmexit.cpp b/src/vmprofiles/vmexit.cpp
index 94d7467..1183fc0 100644
--- a/src/vmprofiles/vmexit.cpp
+++ b/src/vmprofiles/vmexit.cpp
@@ -7,22 +7,19 @@ namespace vm
         namespace profile
         {
             vm::handler::profile_t vmexit = {
-                // MOV RAX, RBP
-                // POPFQ
+                // MOV RSP, RBP
                 // RET
                 "VMEXIT",
                 VMEXIT,
                 NULL,
-                { { // MOV RAX, RBP
+                { { // MOV RSP, RBP
                     []( const zydis_decoded_instr_t &instr ) -> bool {
                         return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
                                instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
-                               instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RAX &&
+                               instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RSP &&
                                instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
                                instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RBP;
                     },
-                    // POPFQ
-                    []( const zydis_decoded_instr_t &instr ) -> bool { return instr.mnemonic == ZYDIS_MNEMONIC_POPFQ; },
                     // RET
                     []( const zydis_decoded_instr_t &instr ) -> bool {
                         return instr.mnemonic == ZYDIS_MNEMONIC_RET;