added shrq

include/vmprofiler.hpp

@@ -10,6 +10,12 @@ namespace vm
 		enum mnemonic_t
 		{
 			INVALID,
+			PUSHVSP,
+			SHRQ,
+			MULQ,
+			DIVQ,
+			JMP,
+			VMEXIT,
 
 			SREGQ,
 			SREGDW,
@@ -33,24 +39,14 @@ namespace vm
 			WRITEDW,
 			WRITEW,
 
-			PUSHVSP,
-
 			ADDQ,
 			ADDDW,
 
 			SHLQ,
 			SHLDW,
 
-			MULQ,
-
-			DIVQ,
-
 			NANDQ,
-			NANDDW,
+			NANDDW
-
-			JMP,
-
-			VMEXIT
 		};
 
         enum extention_t
@@ -85,8 +81,6 @@ namespace vm
 			extern vm::handler::profile_t lconstwsxq;
 			extern vm::handler::profile_t lconstdw;
 
-			extern vm::handler::profile_t pushvsp;
-
 			extern vm::handler::profile_t addq;
 			extern vm::handler::profile_t adddw;
 
@@ -96,42 +90,33 @@ namespace vm
 			extern vm::handler::profile_t nandq;
 			extern vm::handler::profile_t nanddw;
 
-			extern vm::handler::profile_t mulq;
-			extern vm::handler::profile_t divq;
-			extern vm::handler::profile_t jmp;
-
 			extern vm::handler::profile_t writeq;
 			extern vm::handler::profile_t writedw;
 
+			extern vm::handler::profile_t shrq;
+			extern vm::handler::profile_t pushvsp;
+			extern vm::handler::profile_t mulq;
+			extern vm::handler::profile_t divq;
+			extern vm::handler::profile_t jmp;
 			extern vm::handler::profile_t readq;
 			extern vm::handler::profile_t vmexit;
 
 			inline std::vector<vm::handler::profile_t*> all =
 			{
 				&sregq, &sregdw, &sregw,
-
 				&lregq, &lregdw,
-
 				&lconstq, &lconstbzxw, &lconstbsxdw, &lconstdwsxq, &lconstwsxq, &lconstdw,
-
-				&pushvsp,
-
 				&addq, &adddw,
-
-				&mulq,
-
-				&divq,
-
 				&shlq, &shldw,
-
 				&writeq, &writedw,
-
-				&readq,
-
 				&nandq, &nanddw,
 
+				&shrq,
+				&readq,
+				&mulq,
+				&pushvsp,
+				&divq,
 				&jmp,
-
 				&vmexit
 			};
 		}

src/vmprofiler.vcxproj

@@ -111,6 +111,8 @@
     <ClCompile Include="vmprofiles\nand.cpp" />
     <ClCompile Include="vmprofiles\pushvsp.cpp" />
     <ClCompile Include="vmprofiles\read.cpp" />
+    <ClCompile Include="vmprofiles\shl.cpp" />
+    <ClCompile Include="vmprofiles\shr.cpp" />
     <ClCompile Include="vmprofiles\sreg.cpp" />
     <ClCompile Include="vmprofiles\vmexit.cpp" />
     <ClCompile Include="vmprofiles\write.cpp" />

src/vmprofiler.vcxproj.filters

@@ -74,6 +74,12 @@
     <ClCompile Include="vmprofiles\write.cpp">
       <Filter>Source Files\vmprofiles</Filter>
     </ClCompile>
+    <ClCompile Include="vmprofiles\shl.cpp">
+      <Filter>Source Files\vmprofiles</Filter>
+    </ClCompile>
+    <ClCompile Include="vmprofiles\shr.cpp">
+      <Filter>Source Files\vmprofiles</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\include\transform.hpp">

src/vmprofiles/shr.cpp

@@ -0,0 +1,85 @@
+#include "../../include/vmprofiler.hpp"
+
+namespace vm
+{
+	namespace handler
+	{
+		namespace profile
+		{
+			vm::handler::profile_t shrq =
+			{
+				// MOV RAX, [RBP]
+				// MOV CL, [RBP+0x8]
+				// SUB RBP, 0x6
+				// SHR RAX, CL
+				// MOV [RBP+0x8], RAX
+				// PUSHFQ
+				// POP [RBP]
+				"SHRQ", SHRQ, NULL,
+				{
+					{
+						// MOV RAX, [RBP]
+						[](const zydis_decoded_instr_t& instr) -> bool
+						{
+							return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
+								instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+								instr.operands[0].reg.value == ZYDIS_REGISTER_RAX &&
+								instr.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY &&
+								instr.operands[1].mem.base == ZYDIS_REGISTER_RBP;
+						},
+						// MOV CL, [RBP+0x8]
+						[](const zydis_decoded_instr_t& instr) -> bool
+						{
+							return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
+								instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+								instr.operands[0].reg.value == ZYDIS_REGISTER_CL &&
+								instr.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY &&
+								instr.operands[1].mem.base == ZYDIS_REGISTER_RBP &&
+								instr.operands[1].mem.index == 0x8;
+						},
+						// SUB RBP, 0x6
+						[](const zydis_decoded_instr_t& instr) -> bool
+						{
+							return instr.mnemonic == ZYDIS_MNEMONIC_SUB &&
+								instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+								instr.operands[0].reg.value == ZYDIS_REGISTER_RBP &&
+								instr.operands[1].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&
+								instr.operands[1].imm.value.u == 0x6;
+						},
+						// SHR RAX, CL
+						[](const zydis_decoded_instr_t& instr) -> bool
+						{
+							return instr.mnemonic == ZYDIS_MNEMONIC_SHR &&
+								instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+								instr.operands[0].reg.value == ZYDIS_REGISTER_RAX &&
+								instr.operands[1].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+								instr.operands[1].reg.value == ZYDIS_REGISTER_CL;
+						},
+						// MOV [RBP+0x8], RAX
+						[](const zydis_decoded_instr_t& instr) -> bool
+						{
+							return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
+								instr.operands[0].type == ZYDIS_OPERAND_TYPE_MEMORY &&
+								instr.operands[0].mem.base == ZYDIS_REGISTER_RBP &&
+								instr.operands[0].mem.index == 0x8 &&
+								instr.operands[1].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+								instr.operands[1].reg.value == ZYDIS_REGISTER_RAX;
+						},
+						// PUSHFQ
+						[](const zydis_decoded_instr_t& instr) -> bool
+						{
+							return instr.mnemonic == ZYDIS_MNEMONIC_PUSHFQ;
+						},
+						// POP [RBP]
+						[](const zydis_decoded_instr_t& instr) -> bool
+						{
+							return instr.mnemonic == ZYDIS_MNEMONIC_POP &&
+								instr.operands[0].type == ZYDIS_OPERAND_TYPE_MEMORY &&
+								instr.operands[0].mem.base == ZYDIS_REGISTER_RBP;
+						}
+					}
+				}	
+			};
+		}
+	}
+}