added READB vm handler...

merge-requests/15/head
_xeroxz 4 years ago
parent 34806590fa
commit ae49869fe6

@ -13,8 +13,6 @@ namespace vm::handler
{ {
INVALID, INVALID,
LRFLAGS, LRFLAGS,
PUSHVSP,
PUSHVSPDW,
MULQ, MULQ,
DIVQ, DIVQ,
CALL, CALL,
@ -22,6 +20,9 @@ namespace vm::handler
VMEXIT, VMEXIT,
LVSP, LVSP,
PUSHVSP,
PUSHVSPDW,
SREGQ, SREGQ,
SREGDW, SREGDW,
SREGW, SREGW,
@ -42,6 +43,7 @@ namespace vm::handler
READQ, READQ,
READDW, READDW,
READW, READW,
READB,
WRITEQ, WRITEQ,
WRITEDW, WRITEDW,
@ -157,13 +159,17 @@ namespace vm::handler
extern vm::handler::profile_t readq; extern vm::handler::profile_t readq;
extern vm::handler::profile_t readdw; extern vm::handler::profile_t readdw;
extern vm::handler::profile_t readw;
extern vm::handler::profile_t readb;
extern vm::handler::profile_t shrq; extern vm::handler::profile_t shrq;
extern vm::handler::profile_t shrw; extern vm::handler::profile_t shrw;
extern vm::handler::profile_t pushvsp;
extern vm::handler::profile_t pushvspdw;
extern vm::handler::profile_t lrflags; extern vm::handler::profile_t lrflags;
extern vm::handler::profile_t call; extern vm::handler::profile_t call;
extern vm::handler::profile_t pushvsp;
extern vm::handler::profile_t mulq; extern vm::handler::profile_t mulq;
extern vm::handler::profile_t divq; extern vm::handler::profile_t divq;
extern vm::handler::profile_t jmp; extern vm::handler::profile_t jmp;
@ -174,16 +180,16 @@ namespace vm::handler
/// a vector of pointers to all defined vm handler profiles... /// a vector of pointers to all defined vm handler profiles...
/// </summary> /// </summary>
inline std::vector< vm::handler::profile_t * > all = { inline std::vector< vm::handler::profile_t * > all = {
&sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &lconstbzxw,
&lconstbzxw, &lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw, &lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw, &lconstdw, &lconstw,
&lconstdw, &lconstw, &addq, &adddw, &addw, &lvsp, &addq, &adddw, &addw, &lvsp,
&shlq, &shldw, &writeq, &writedw, &writeb, &nandq, &shlq, &shldw, &writeq, &writedw, &writeb, &nandq, &nanddw,
&nanddw, &nandw, &nandb, &nandw, &nandb,
&shlddw, &shlddw,
&shrq, &shrw, &readq, &readdw, &mulq, &pushvsp, &shrq, &shrw, &readq, &readdw, &readw, &readb, &mulq,
&divq, &jmp, &lrflags, &vmexit, &call }; &pushvsp, &pushvspdw, &divq, &jmp, &lrflags, &vmexit, &call };
} // namespace profile } // namespace profile
} // namespace vm::handler } // namespace vm::handler

@ -54,4 +54,75 @@ namespace vm::handler::profile
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER && instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_EAX; instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_EAX;
} } } }; } } } };
vm::handler::profile_t readw = {
// MOV RAX, [RBP]
// ADD RBP, 0x6
// MOV AX, [RAX]
// MOV [RBP], AX
"READW",
READW,
NULL,
{ { // MOV RAX, [RBP]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RAX &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP;
},
// ADD RBP, 0x6
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_ADD &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&
instr.operands[ 1 ].imm.value.u == 0x6;
},
// MOV AX, [RAX]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_AX &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RAX;
},
// MOV [RBP], AX
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_AX;
} } } };
vm::handler::profile_t readb = {
// MOV RDX, [RBP]
// ADD RBP, 0x6
// MOV [RBP], AX
"READB",
READB,
NULL,
{ { // MOV RDX, [RBP]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RDX &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 1 ].mem.base == ZYDIS_REGISTER_RBP;
},
// ADD RBP, 0x6
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_ADD &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&
instr.operands[ 1 ].imm.value.u == 0x6;
},
// MOV [RBP], AX
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_MOV && instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&
instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_AX;
} } } };
} // namespace vm::handler::profile } // namespace vm::handler::profile
Loading…
Cancel
Save