added LRFLAGS virtual instruction

merge-requests/4/head
_xeroxz 4 years ago
parent 1f748ab668
commit c932e71cdd

@ -31,6 +31,7 @@ namespace vm
enum mnemonic_t
{
INVALID,
LRFLAGS,
PUSHVSP,
MULQ,
DIVQ,
@ -166,6 +167,7 @@ namespace vm
extern vm::handler::profile_t shrq;
extern vm::handler::profile_t shrw;
extern vm::handler::profile_t lrflags;
extern vm::handler::profile_t call;
extern vm::handler::profile_t pushvsp;
extern vm::handler::profile_t mulq;
@ -181,7 +183,7 @@ namespace vm
&shlq, &shldw, &writeq, &writedw, &writeb, &nandq, &nanddw, &nandw,
&shrq, &shrw, &readq, &readdw, &mulq, &pushvsp, &divq, &jmp,
&vmexit, &call };
&lrflags, &vmexit, &call };
} // namespace profile
} // namespace handler
} // namespace vm

@ -0,0 +1,34 @@
#include "../../include/vmprofiler.hpp"
namespace vm
{
namespace handler
{
namespace profile
{
vm::handler::profile_t lrflags = {
// PUSH [RBP]
// ADD RBP, 0x8
// POPFQ
"LRFLAGS",
LRFLAGS,
NULL,
{ { // PUSH [RBP]
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_PUSH &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[ 0 ].mem.base == ZYDIS_REGISTER_RBP;
},
// ADD RBP, 0x8
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_ADD &&
instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP;
},
// POPFQ
[]( const zydis_decoded_instr_t &instr ) -> bool {
return instr.mnemonic == ZYDIS_MNEMONIC_POPFQ;
} } } };
}
} // namespace handler
} // namespace vm
Loading…
Cancel
Save