diff --git a/include/vmprofiler.hpp b/include/vmprofiler.hpp
index 45e227c..532d42e 100644
--- a/include/vmprofiler.hpp
+++ b/include/vmprofiler.hpp
@@ -64,6 +64,7 @@ namespace vm
ADDQ,
ADDDW,
+ ADDW,
SHLQ,
SHLDW,
@@ -137,6 +138,7 @@ namespace vm
extern vm::handler::profile_t addq;
extern vm::handler::profile_t adddw;
+ extern vm::handler::profile_t addw;
extern vm::handler::profile_t shlq;
extern vm::handler::profile_t shldw;
@@ -160,12 +162,13 @@ namespace vm
extern vm::handler::profile_t vmexit;
inline std::vector< vm::handler::profile_t * > all = {
- &sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &lconstbzxw,
- &lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstdw, &addq, &adddw,
- &shlq, &shldw, &writeq, &writedw, &nandq, &nanddw,
+ &sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &lconstbzxw, &lconstbsxdw,
+ &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstdw, &addq, &adddw, &addw,
- &shrq, &readq, &readdw, &mulq, &pushvsp, &divq, &jmp,
- &vmexit, &call };
+ &shlq, &shldw, &writeq, &writedw, &nandq, &nanddw,
+
+ &shrq, &readq, &readdw, &mulq, &pushvsp, &divq, &jmp, &vmexit,
+ &call };
} // namespace profile
} // namespace handler
} // namespace vm
\ No newline at end of file
diff --git a/src/vmprofiler.vcxproj b/src/vmprofiler.vcxproj
index 7e0dd2c..b45f86b 100644
--- a/src/vmprofiler.vcxproj
+++ b/src/vmprofiler.vcxproj
@@ -104,6 +104,7 @@
+
diff --git a/src/vmprofiler.vcxproj.filters b/src/vmprofiler.vcxproj.filters
index c3db126..ad7842b 100644
--- a/src/vmprofiler.vcxproj.filters
+++ b/src/vmprofiler.vcxproj.filters
@@ -86,6 +86,9 @@
Source Files
+
+ Source Files\vmprofiles
+
diff --git a/src/vmprofiles/add.cpp b/src/vmprofiles/add.cpp
index 8982d8e..4d92c58 100644
--- a/src/vmprofiles/add.cpp
+++ b/src/vmprofiles/add.cpp
@@ -59,6 +59,33 @@ namespace vm
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP;
} } } };
+
+ vm::handler::profile_t addw = {
+ // ADD [RBP+8], AX
+ // PUSHFQ
+ // POP [RBP]
+ "ADDW",
+ ADDW,
+ NULL,
+ { { // ADD [RBP+8], AX
+ []( const zydis_decoded_instr_t &instr ) -> bool {
+ return instr.mnemonic == ZYDIS_MNEMONIC_ADD &&
+ instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
+ instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP &&
+ instr.operands[ 0 ].mem.disp.value == 0x8 &&
+ instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+ instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_AX;
+ },
+ // PUSHFQ
+ []( const zydis_decoded_instr_t &instr ) -> bool {
+ return instr.mnemonic == ZYDIS_MNEMONIC_PUSHFQ;
+ },
+ // POP [RBP]
+ []( const zydis_decoded_instr_t &instr ) -> bool {
+ return instr.mnemonic == ZYDIS_MNEMONIC_POP &&
+ instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
+ instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP;
+ } } } };
} // namespace profile
} // namespace handler
} // namespace vm
\ No newline at end of file