added readdw virtual instruction profile

merge-requests/3/head
_xeroxz 4 years ago
parent 9b255f1412
commit ac9a2b445f

@ -1,7 +1,7 @@
#pragma once #pragma once
#include <vmp2.hpp>
#include <transform.hpp>
#include <optional> #include <optional>
#include <transform.hpp>
#include <vmp2.hpp>
namespace vm namespace vm
{ {
@ -10,7 +10,7 @@ namespace vm
bool get( const zydis_routine_t &vm_entry, zydis_routine_t &calc_jmp ); bool get( const zydis_routine_t &vm_entry, zydis_routine_t &calc_jmp );
std::optional< vmp2::exec_type_t > get_advancement( const zydis_routine_t &calc_jmp ); std::optional< vmp2::exec_type_t > get_advancement( const zydis_routine_t &calc_jmp );
} } // namespace calc_jmp
namespace instrs namespace instrs
{ {
@ -144,20 +144,23 @@ namespace vm
extern vm::handler::profile_t writeq; extern vm::handler::profile_t writeq;
extern vm::handler::profile_t writedw; extern vm::handler::profile_t writedw;
extern vm::handler::profile_t readq;
extern vm::handler::profile_t readdw;
extern vm::handler::profile_t shrq; extern vm::handler::profile_t shrq;
extern vm::handler::profile_t pushvsp; extern vm::handler::profile_t pushvsp;
extern vm::handler::profile_t mulq; extern vm::handler::profile_t mulq;
extern vm::handler::profile_t divq; extern vm::handler::profile_t divq;
extern vm::handler::profile_t jmp; extern vm::handler::profile_t jmp;
extern vm::handler::profile_t readq;
extern vm::handler::profile_t vmexit; extern vm::handler::profile_t vmexit;
inline std::vector< vm::handler::profile_t * > all = { inline std::vector< vm::handler::profile_t * > all = {
&sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &lconstbzxw, &sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &lconstbzxw, &lconstbsxdw,
&lconstbsxdw, &lconstdwsxq, &lconstwsxq, &lconstdw, &addq, &adddw, &shlq, &lconstdwsxq, &lconstwsxq, &lconstdw, &addq, &adddw, &shlq, &shldw, &writeq,
&shldw, &writeq, &writedw, &nandq, &nanddw, &writedw, &nandq, &nanddw,
&shrq, &readq, &mulq, &pushvsp, &divq, &jmp, &vmexit }; &shrq, &readq, &readdw, &mulq, &pushvsp, &divq, &jmp, &vmexit };
} // namespace profile } // namespace profile
} // namespace handler } // namespace handler
} // namespace vm } // namespace vm

@ -29,6 +29,38 @@ namespace vm
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER && instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RAX; instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_RAX;
} } } }; } } } };
vm::handler::profile_t readdw = {
// ADD RBP, 0x4
// MOV EAX, [RAX]
// MOV [RBP], EAX
"READDW",
READDW,
NULL,
{ { // ADD RBP, 0x4
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_ADD &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&
instr.operands[ 1 ].imm.value.u == 0x4;
},
// MOV EAX, [RAX]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_EAX &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RAX;
},
// MOV [RBP], EAX
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_EAX;
} } } };
} }
} // namespace handler } // namespace handler
} // namespace vm } // namespace vm
Loading…
Cancel
Save