#pragma once #include /// /// contains all information pertaining to vm handler identification... /// namespace vm::handler { /// /// vm handler mnemonic... so you dont need to compare strings! /// enum mnemonic_t { INVALID, LFLAGSQ, RDTSC, MULQ, MULDW, MULW, MULB, IMULQ, IMULDW, IMULW, IMULB, DIVQ, DIVDW, DIVW, DIVB, IDIVQ, IDIVDW, IDIVW, IDIVB, CALL, JMP, VMEXIT, POPVSPQ, POPVSPDW, POPVSPW, POPVSPB, READCR3, WRITECR3, READCR8, WRITECR8, PUSHVSPQ, PUSHVSPDW, PUSHVSPW, PUSHVSPB, SREGQ, SREGDW, SREGW, SREGB, LREGQ, LREGDW, LREGW, LREGB, LCONSTQ, LCONSTBZXW, LCONSTBSXQ, LCONSTBSXDW, LCONSTDWSXQ, LCONSTWSXQ, LCONSTWSXDW, LCONSTDW, LCONSTW, READQ, READGSQ, READDW, READW, READB, WRITEQ, WRITEGSQ, WRITEDW, WRITEW, WRITEB, ADDQ, ADDDW, ADDW, ADDB, SHLQ, SHLDW, SHLW, SHLB, SHLDQ, SHLDDW, SHLD_W, SHLDB, SHRQ, SHRDW, SHRW, SHRB, SHRDQ, SHRDDW, SHRD_W, SHRDB, NANDQ, NANDDW, NANDW, NANDB }; /// /// zydis callback lambda used to pattern match native instructions... /// using zydis_callback_t = std::function< bool( const zydis_decoded_instr_t &instr ) >; /// /// how sign extention is handled... /// enum extention_t { none, sign_extend, zero_extend }; /// /// pre defined vm handler profile containing all compiled time known information about a vm handler... /// struct profile_t { /// /// name of the vm handler, such as JMP or LCONST... /// const char *name; /// /// the mnemonic of the vm handler... so you dont need to compare strings... /// mnemonic_t mnemonic; /// /// size, in bits, of the operand (imm)... if there is none then this will be zero... /// u8 imm_size; /// /// a vector of signatures used to compare native instructions against zydis aided signatures... /// std::vector< zydis_callback_t > signature; /// /// how sign extention of operands are handled... /// extention_t extention; }; /// /// contains all profiles defined, as well as a vector of all of the defined profiles... /// namespace profile { extern vm::handler::profile_t sregq; extern vm::handler::profile_t sregdw; extern vm::handler::profile_t sregw; extern vm::handler::profile_t sregb; extern vm::handler::profile_t lregq; extern vm::handler::profile_t lregdw; extern vm::handler::profile_t lconstq; extern vm::handler::profile_t lconstdw; extern vm::handler::profile_t lconstw; extern vm::handler::profile_t lconstbzxw; extern vm::handler::profile_t lconstbsxdw; extern vm::handler::profile_t lconstbsxq; extern vm::handler::profile_t lconstdwsxq; extern vm::handler::profile_t lconstwsxq; extern vm::handler::profile_t lconstwsxdw; extern vm::handler::profile_t addq; extern vm::handler::profile_t adddw; extern vm::handler::profile_t addw; extern vm::handler::profile_t addb; extern vm::handler::profile_t shlq; extern vm::handler::profile_t shldw; extern vm::handler::profile_t shlw; extern vm::handler::profile_t shlb; extern vm::handler::profile_t shldq; extern vm::handler::profile_t shlddw; extern vm::handler::profile_t nandq; extern vm::handler::profile_t nanddw; extern vm::handler::profile_t nandw; extern vm::handler::profile_t nandb; extern vm::handler::profile_t writeq; extern vm::handler::profile_t writedw; extern vm::handler::profile_t writew; extern vm::handler::profile_t writeb; extern vm::handler::profile_t readq; extern vm::handler::profile_t readgsq; extern vm::handler::profile_t readdw; extern vm::handler::profile_t readw; extern vm::handler::profile_t readb; extern vm::handler::profile_t shrq; extern vm::handler::profile_t shrdw; extern vm::handler::profile_t shrw; extern vm::handler::profile_t shrb; extern vm::handler::profile_t shrdq; extern vm::handler::profile_t shrddw; extern vm::handler::profile_t pushvspq; extern vm::handler::profile_t pushvspdw; extern vm::handler::profile_t pushvspw; extern vm::handler::profile_t lflagsq; extern vm::handler::profile_t call; extern vm::handler::profile_t mulq; extern vm::handler::profile_t muldw; extern vm::handler::profile_t imulq; extern vm::handler::profile_t imuldw; extern vm::handler::profile_t readcr8; extern vm::handler::profile_t readcr3; extern vm::handler::profile_t writecr3; extern vm::handler::profile_t divq; extern vm::handler::profile_t divdw; extern vm::handler::profile_t popvspq; extern vm::handler::profile_t popvspw; extern vm::handler::profile_t idivdw; extern vm::handler::profile_t jmp; extern vm::handler::profile_t rdtsc; extern vm::handler::profile_t vmexit; /// /// a vector of pointers to all defined vm handler profiles... /// inline std::vector< vm::handler::profile_t * > all = { &sregq, &sregdw, &sregw, &sregb, &lregq, &lregdw, &lconstq, &lconstbzxw, &lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw, &lconstdw, &lconstw, &addq, &adddw, &addw, &addb, &popvspq, &popvspw, &shlq, &shldw, &shlw, &shlb, &writeq, &writedw, &writew, &writeb, &nandq, &nanddw, &nandw, &nandb, &shlddw, &shldq, &shrq, &shrdw, &shrw, &shrb, &shrdq, &shrddw, &readgsq, &readq, &readdw, &readw, &readb, &mulq, &muldw, &imulq, &imuldw, &pushvspq, &pushvspdw, &pushvspw, &readcr8, &readcr3, &writecr3, &divq, &divdw, &idivdw, &jmp, &lflagsq, &vmexit, &call, &rdtsc }; } // namespace profile } // namespace vm::handler