From 8779ab1160b541cc8e0d4862aee66d075bfb2362 Mon Sep 17 00:00:00 2001
From: _xeroxz <_xeroxz@back.engineer>
Date: Thu, 2 Dec 2021 16:07:46 -0800
Subject: [PATCH] removed xtils, removed a line of code from vmlocate so it
 works...

---
 dependencies/xtils |  1 +
 src/vmlocate.cpp   | 11 -----------
 2 files changed, 1 insertion(+), 11 deletions(-)
 create mode 160000 dependencies/xtils

diff --git a/dependencies/xtils b/dependencies/xtils
new file mode 160000
index 0000000..fdcafdb
--- /dev/null
+++ b/dependencies/xtils
@@ -0,0 +1 @@
+Subproject commit fdcafdbbcb3f34c33b9cffb2be569b9aa5f42a57
diff --git a/src/vmlocate.cpp b/src/vmlocate.cpp
index 5ae5fbc..22109ef 100644
--- a/src/vmlocate.cpp
+++ b/src/vmlocate.cpp
@@ -117,17 +117,6 @@ std::vector<vm_enter_t> get_vm_entries(std::uintptr_t module_base,
     */
     if (!push_regs(rtn)) continue;
 
-    // check for a mov rax, 0ull
-    if (!vm::locate::find(rtn, [&](const zydis_instr_t& instr) -> bool {
-          return instr.instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
-                 instr.instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
-                 instr.instr.operands[0].reg.value == ZYDIS_REGISTER_RAX &&
-                 instr.instr.operands[1].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&
-                 instr.instr.operands[1].size == 64 &&
-                 instr.instr.operands[1].imm.value.u == 0ull;
-        }))
-      continue;
-
     // check for a mov r13, rax...
     if (!vm::locate::find(rtn, [&](const zydis_instr_t& instr) -> bool {
           return instr.instr.mnemonic == ZYDIS_MNEMONIC_MOV &&