From 694e5fc386b88a67f3df5167131107380875d077 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Wed, 16 Jun 2021 21:10:58 +0000 Subject: [PATCH] Update ADD_VTIL_LIFTER.md --- manual/ADD_VTIL_LIFTER.md | 67 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/manual/ADD_VTIL_LIFTER.md b/manual/ADD_VTIL_LIFTER.md index e69de29..a12680e 100644 --- a/manual/ADD_VTIL_LIFTER.md +++ b/manual/ADD_VTIL_LIFTER.md @@ -0,0 +1,67 @@ +# Introduction + +This will disclose how to create a VTIL lifter for VMProfiler v1.8. The instructions may change in later versions of VMProfiler. + +# Example - Existing VTIL Lifter For LCONSTQ + +Understand that LCONSTQ loads an eight byte value onto the stack. Thus the usage of `vtil::operand` to create a 64 bit value. + +#### Step 1, Declare Lifter + +``` +vm::lifters::lifter_t lconstq = { + // push imm + vm::handler::LCONSTQ, + []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr, vmp2::v3::code_block_t *code_blk ) { + blk->push( vtil::operand( vinstr->operand.imm.u, 64 ) ); + } }; +``` + +#### Step 2, Declare Extern In `vmlifters.hpp` + +You can see this exact line of code [here](https://githacks.org/vmp2/vmprofiler/-/blob/8baefa1e2148111712d640ee9cb7c0b7ac329521/include/vmlifters.hpp#L22). + +```cpp +extern vm::lifters::lifter_t lconstq; +``` + +#### Step 3, Add Lifter To `vm::lifters::all` + +```cpp +inline std::vector< vm::lifters::lifter_t * > all = { + // lreg lifters... + &lregq, &lregdw, + + // add lifters... + &addq, &adddw, &addw, + + // sreg lifters... + &sregq, &sregdw, &sregw, + + // lconst lifters... + &lconstq, &lconstdw, &lconstw, &lconstbzxw, &lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw, + + // nand lifters... + &nandq, &nanddw, &nandw, + + // read lifters.... + &readq, &readdw, &readw, + + // shr lifters... + &shrq, &shrw, + + // pushvsp lifter... + &pushvsp, + + // jmp lifter... + &jmp, + + // lflags lifter... + &lrflags, + + // lvsp lifter... + &lvsp, + + // vmexit lifter... + &vmexit }; +``` \ No newline at end of file