From bc9f0e944bd75aab7f1adc12d79cac0818797a92 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Tue, 1 Jun 2021 16:00:11 -0700 Subject: [PATCH] added ADDW virtual instruction --- include/vmprofiler.hpp | 13 ++++++++----- src/vmprofiler.vcxproj | 1 + src/vmprofiler.vcxproj.filters | 3 +++ src/vmprofiles/add.cpp | 27 +++++++++++++++++++++++++++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/include/vmprofiler.hpp b/include/vmprofiler.hpp index 45e227c..532d42e 100644 --- a/include/vmprofiler.hpp +++ b/include/vmprofiler.hpp @@ -64,6 +64,7 @@ namespace vm ADDQ, ADDDW, + ADDW, SHLQ, SHLDW, @@ -137,6 +138,7 @@ namespace vm extern vm::handler::profile_t addq; extern vm::handler::profile_t adddw; + extern vm::handler::profile_t addw; extern vm::handler::profile_t shlq; extern vm::handler::profile_t shldw; @@ -160,12 +162,13 @@ namespace vm extern vm::handler::profile_t vmexit; inline std::vector< vm::handler::profile_t * > all = { - &sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &lconstbzxw, - &lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstdw, &addq, &adddw, - &shlq, &shldw, &writeq, &writedw, &nandq, &nanddw, + &sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq, &lconstbzxw, &lconstbsxdw, + &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstdw, &addq, &adddw, &addw, - &shrq, &readq, &readdw, &mulq, &pushvsp, &divq, &jmp, - &vmexit, &call }; + &shlq, &shldw, &writeq, &writedw, &nandq, &nanddw, + + &shrq, &readq, &readdw, &mulq, &pushvsp, &divq, &jmp, &vmexit, + &call }; } // namespace profile } // namespace handler } // namespace vm \ No newline at end of file diff --git a/src/vmprofiler.vcxproj b/src/vmprofiler.vcxproj index 7e0dd2c..b45f86b 100644 --- a/src/vmprofiler.vcxproj +++ b/src/vmprofiler.vcxproj @@ -104,6 +104,7 @@ + diff --git a/src/vmprofiler.vcxproj.filters b/src/vmprofiler.vcxproj.filters index c3db126..ad7842b 100644 --- a/src/vmprofiler.vcxproj.filters +++ b/src/vmprofiler.vcxproj.filters @@ -86,6 +86,9 @@ Source Files + + Source Files\vmprofiles + diff --git a/src/vmprofiles/add.cpp b/src/vmprofiles/add.cpp index 8982d8e..4d92c58 100644 --- a/src/vmprofiles/add.cpp +++ b/src/vmprofiles/add.cpp @@ -59,6 +59,33 @@ namespace vm instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY && instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP; } } } }; + + vm::handler::profile_t addw = { + // ADD [RBP+8], AX + // PUSHFQ + // POP [RBP] + "ADDW", + ADDW, + NULL, + { { // ADD [RBP+8], AX + []( const zydis_decoded_instr_t &instr ) -> bool { + return instr.mnemonic == ZYDIS_MNEMONIC_ADD && + instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY && + instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP && + instr.operands[ 0 ].mem.disp.value == 0x8 && + instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_REGISTER && + instr.operands[ 1 ].reg.value == ZYDIS_REGISTER_AX; + }, + // PUSHFQ + []( const zydis_decoded_instr_t &instr ) -> bool { + return instr.mnemonic == ZYDIS_MNEMONIC_PUSHFQ; + }, + // POP [RBP] + []( const zydis_decoded_instr_t &instr ) -> bool { + return instr.mnemonic == ZYDIS_MNEMONIC_POP && + instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY && + instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP; + } } } }; } // namespace profile } // namespace handler } // namespace vm \ No newline at end of file