|
|
@ -29,4 +29,32 @@ vm::handler::profile_t addq = {
|
|
|
|
return instr.mnemonic == ZYDIS_MNEMONIC_POP && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
|
|
|
|
return instr.mnemonic == ZYDIS_MNEMONIC_POP && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
|
|
|
|
instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP;
|
|
|
|
instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP;
|
|
|
|
} } } };
|
|
|
|
} } } };
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Inside of `vmprofiles.hpp` you can see a list of these profiles marked as `extern`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```cpp
|
|
|
|
|
|
|
|
namespace profile
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
extern vm::handler::profile_t sregq;
|
|
|
|
|
|
|
|
extern vm::handler::profile_t sregdw;
|
|
|
|
|
|
|
|
extern vm::handler::profile_t sregw;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lregq;
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lregdw;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lconstq;
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lconstdw;
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lconstw;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lconstbzxw;
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lconstbsxdw;
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lconstbsxq;
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lconstdwsxq;
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lconstwsxq;
|
|
|
|
|
|
|
|
extern vm::handler::profile_t lconstwsxdw;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
extern vm::handler::profile_t addq; // as you can see a reference to addq is declared here...
|
|
|
|
|
|
|
|
...
|
|
|
|
|
|
|
|
}
|
|
|
|
```
|
|
|
|
```
|