vmp2
/
vmprofiler
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added vm::calc_jmp::get_advancement

Browse Source
merge-requests/3/head
_xeroxz 4 years ago
parent 11d60b1440
commit c7a5d0b61c
5 changed files with 75 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
include/vmp2.hpp
Unescape View File

@ -1,5 +1,5 @@
#pragma once
#include <vmprofiler.hpp>
#include <transform.hpp>
namespace vmp2
{

4
include/vmprofiler.hpp
Unescape View File

@ -1,11 +1,15 @@
#pragma once
#include <vmp2.hpp>
#include <transform.hpp>
#include <optional>
namespace vm
{
namespace calc_jmp
{
bool get( const zydis_routine_t &vm_entry, zydis_routine_t &calc_jmp );
std::optional< vmp2::exec_type_t > get_advancement( const zydis_routine_t &calc_jmp );
}
namespace instrs

66
src/calc_jmp.cpp
Unescape View File

@ -27,5 +27,71 @@ namespace vm
calc_jmp.insert( calc_jmp.end(), result, vm_entry.end() );
return true;
}
std::optional< vmp2::exec_type_t > get_advancement( const zydis_routine_t &calc_jmp )
{
auto result =
std::find_if( calc_jmp.begin(), calc_jmp.end(), []( const zydis_instr_t &instr_data ) -> bool {
// look for any instruction with RSI being the first operand...
return instr_data.instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr_data.instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RSI;
} );
if ( result == calc_jmp.end() )
return {};
const auto instr = &result->instr;
switch ( instr->mnemonic )
{
case ZYDIS_MNEMONIC_LEA:
{
if ( instr->operands[ 1 ].type == ZYDIS_OPERAND_TYPE_MEMORY )
{
if ( instr->operands[ 1 ].mem.disp.value > 0 )
return vmp2::exec_type_t::forward;
else
return vmp2::exec_type_t::backward;
}
// else we dont know what we are looking at...
return {};
}
case ZYDIS_MNEMONIC_ADD:
{
// ADD RSI, IMM...
if ( instr->operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE )
{
// see if IMM is negitive...
if ( instr->operands[ 1 ].imm.value.s > 0 )
return vmp2::exec_type_t::forward;
else // adding a negitive number is sub...
return vmp2::exec_type_t::backward;
}
// else we dont know what we are looking at...
return {};
}
case ZYDIS_MNEMONIC_SUB:
{
// SUB RSI, IMM...
if ( instr->operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE )
{
// see if IMM is negitive...
if ( instr->operands[ 1 ].imm.value.s > 0 )
return vmp2::exec_type_t::backward;
else // subtracting a negitive number means you are adding...
return vmp2::exec_type_t::forward;
}
// else we dont know what we are looking at...
return {};
}
case ZYDIS_MNEMONIC_INC:
return vmp2::exec_type_t::forward;
case ZYDIS_MNEMONIC_DEC:
return vmp2::exec_type_t::backward;
default:
break;
}
return {};
}
} // namespace calc_jmp
} // namespace vm

1
src/vmprofiler.vcxproj
Unescape View File

@ -164,6 +164,7 @@
<ClInclude Include="..\dependencies\zydis\msvc\ZycoreExportConfig.h" />
<ClInclude Include="..\dependencies\zydis\msvc\ZydisExportConfig.h" />
<ClInclude Include="..\include\transform.hpp" />
<ClInclude Include="..\include\vmp2.hpp" />
<ClInclude Include="..\include\vmprofiler.hpp" />
<ClInclude Include="..\include\vmutils.h" />
</ItemGroup>

3
src/vmprofiler.vcxproj.filters
Unescape View File

@ -226,6 +226,9 @@
<ClInclude Include="..\dependencies\zydis\msvc\ZydisExportConfig.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\vmp2.hpp">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<None Include="..\.clang-format">

Write Preview
Loading…
Cancel
Save