multi thread support

include/vmutils.hpp

@@ -5,7 +5,9 @@
 
 #include <fstream>
 #include <memory>
+#include <mutex>
 #include <optional>
+#include <thread>
 #include <vector>
 
 #ifdef _MSC_VER
@@ -79,8 +81,8 @@ using zydis_routine_t = std::vector<zydis_instr_t>;
 /// </summary>
 namespace vm::util {
 
-inline std::shared_ptr<ZydisDecoder> g_decoder = nullptr;
-inline std::shared_ptr<ZydisFormatter> g_formatter = nullptr;
+inline thread_local std::shared_ptr<ZydisDecoder> g_decoder = nullptr;
+inline thread_local std::shared_ptr<ZydisFormatter> g_formatter = nullptr;
 
 inline void init() {
   if (!vm::util::g_decoder && !vm::util::g_formatter) {

src/vmutils.cpp

@@ -169,21 +169,21 @@ void deobfuscate(zydis_routine_t &routine) {
   };
 
   std::uint32_t last_size = 0u;
+  static const std::vector<ZydisMnemonic> blacklist = {
+      ZYDIS_MNEMONIC_CLC, ZYDIS_MNEMONIC_BT,  ZYDIS_MNEMONIC_TEST,
+      ZYDIS_MNEMONIC_CMP, ZYDIS_MNEMONIC_CMC, ZYDIS_MNEMONIC_STC};
+
+  static const std::vector<ZydisMnemonic> whitelist = {
+      ZYDIS_MNEMONIC_PUSH, ZYDIS_MNEMONIC_POP, ZYDIS_MNEMONIC_CALL,
+      ZYDIS_MNEMONIC_DIV};
 
   do {
     last_size = routine.size();
-
     for (auto itr = routine.begin(); itr != routine.end(); ++itr) {
-      // dont remove these... at all...
-      if (itr->instr.mnemonic == ZYDIS_MNEMONIC_PUSH ||
-          itr->instr.mnemonic == ZYDIS_MNEMONIC_POP ||
-          itr->instr.mnemonic == ZYDIS_MNEMONIC_CALL)
+      if (std::find(whitelist.begin(), whitelist.end(), itr->instr.mnemonic) !=
+          whitelist.end())
         continue;
 
-      static const std::vector<ZydisMnemonic> blacklist = {
-          ZYDIS_MNEMONIC_CLC, ZYDIS_MNEMONIC_BT,  ZYDIS_MNEMONIC_TEST,
-          ZYDIS_MNEMONIC_CMP, ZYDIS_MNEMONIC_CMC, ZYDIS_MNEMONIC_STC};
-
       if (std::find(blacklist.begin(), blacklist.end(), itr->instr.mnemonic) !=
           blacklist.end()) {
         routine.erase(itr);