|
|
|
@ -81,35 +81,7 @@ namespace vm::util
|
|
|
|
|
|
|
|
|
|
|
|
bool is_jmp( const zydis_decoded_instr_t &instr )
|
|
|
|
bool is_jmp( const zydis_decoded_instr_t &instr )
|
|
|
|
{
|
|
|
|
{
|
|
|
|
switch ( instr.mnemonic )
|
|
|
|
return instr.mnemonic >= ZYDIS_MNEMONIC_JB && instr.mnemonic <= ZYDIS_MNEMONIC_JZ;
|
|
|
|
{
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JB:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JBE:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JCXZ:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JECXZ:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JKNZD:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JKZD:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JL:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JLE:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JMP:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JNB:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JNBE:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JNL:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JNLE:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JNO:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JNP:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JNS:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JNZ:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JO:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JP:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JRCXZ:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JS:
|
|
|
|
|
|
|
|
case ZYDIS_MNEMONIC_JZ:
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
bool flatten( zydis_routine_t &routine, std::uintptr_t routine_addr, bool keep_jmps )
|
|
|
|
bool flatten( zydis_routine_t &routine, std::uintptr_t routine_addr, bool keep_jmps )
|
|
|
|
@ -213,10 +185,11 @@ namespace vm::util
|
|
|
|
itr->instr.mnemonic == ZYDIS_MNEMONIC_CALL )
|
|
|
|
itr->instr.mnemonic == ZYDIS_MNEMONIC_CALL )
|
|
|
|
continue;
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
|
|
// lol... we are only looking at linear code anyways... :P
|
|
|
|
static const std::vector< ZydisMnemonic > blacklist = { ZYDIS_MNEMONIC_CLC, ZYDIS_MNEMONIC_BT,
|
|
|
|
if ( itr->instr.mnemonic == ZYDIS_MNEMONIC_CLC || itr->instr.mnemonic == ZYDIS_MNEMONIC_BT ||
|
|
|
|
ZYDIS_MNEMONIC_TEST, ZYDIS_MNEMONIC_CMP,
|
|
|
|
itr->instr.mnemonic == ZYDIS_MNEMONIC_TEST || itr->instr.mnemonic == ZYDIS_MNEMONIC_CMP ||
|
|
|
|
ZYDIS_MNEMONIC_CMC, ZYDIS_MNEMONIC_STC };
|
|
|
|
itr->instr.mnemonic == ZYDIS_MNEMONIC_CMC || itr->instr.mnemonic == ZYDIS_MNEMONIC_STC )
|
|
|
|
|
|
|
|
|
|
|
|
if ( std::find( blacklist.begin(), blacklist.end(), itr->instr.mnemonic ) != blacklist.end() )
|
|
|
|
{
|
|
|
|
{
|
|
|
|
routine.erase( itr );
|
|
|
|
routine.erase( itr );
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
|
_xeroxz
3 years ago