removed xtils, removed a line of code from vmlocate so it works...

master
IDontCode 3 years ago
parent dd7d3777ad
commit 8779ab1160

@ -0,0 +1 @@
Subproject commit fdcafdbbcb3f34c33b9cffb2be569b9aa5f42a57

@ -117,17 +117,6 @@ std::vector<vm_enter_t> get_vm_entries(std::uintptr_t module_base,
*/ */
if (!push_regs(rtn)) continue; if (!push_regs(rtn)) continue;
// check for a mov rax, 0ull
if (!vm::locate::find(rtn, [&](const zydis_instr_t& instr) -> bool {
return instr.instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.instr.operands[0].reg.value == ZYDIS_REGISTER_RAX &&
instr.instr.operands[1].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&
instr.instr.operands[1].size == 64 &&
instr.instr.operands[1].imm.value.u == 0ull;
}))
continue;
// check for a mov r13, rax... // check for a mov r13, rax...
if (!vm::locate::find(rtn, [&](const zydis_instr_t& instr) -> bool { if (!vm::locate::find(rtn, [&](const zydis_instr_t& instr) -> bool {
return instr.instr.mnemonic == ZYDIS_MNEMONIC_MOV && return instr.instr.mnemonic == ZYDIS_MNEMONIC_MOV &&

Loading…
Cancel
Save