VMProfiler  v1.8
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
Functions
vm::handler::table Namespace Reference

Functions

std::uintptr_t * get (const zydis_routine_t &vm_entry)
 get the linear virtual address of the vm handler table give a deobfuscated, flattened, vm entry... More...
 
bool get_transform (const zydis_routine_t &vm_entry, zydis_decoded_instr_t *transform_instr)
 get the single native instruction used to decrypt vm handler entries... More...
 
std::uint64_t encrypt (zydis_decoded_instr_t &transform_instr, std::uint64_t val)
 encrypt a linear virtual address given the transformation that is used to decrypt the vm handler table entry... this function will apply the inverse of the transformation so you dont need to get the inverse yourself... More...
 
std::uint64_t decrypt (zydis_decoded_instr_t &transform_instr, std::uint64_t val)
 decrypts a vm handler table entry... More...
 

Function Documentation

◆ decrypt()

std::uint64_t vm::handler::table::decrypt ( zydis_decoded_instr_t transform_instr,
std::uint64_t  val 
)

decrypts a vm handler table entry...

Parameters
transform_instrtransformation extracted from vm_entry that decrypts vm handler table entries...
valencrypted value to be decrypted...
Returns
returns the decrypted value...

◆ encrypt()

std::uint64_t vm::handler::table::encrypt ( zydis_decoded_instr_t transform_instr,
std::uint64_t  val 
)

encrypt a linear virtual address given the transformation that is used to decrypt the vm handler table entry... this function will apply the inverse of the transformation so you dont need to get the inverse yourself...

Parameters
transform_instrreference to the transformation native instruction...
valvalue to be encrypted (linear virtual address)
Returns
returns the encrypted value...

◆ get()

std::uintptr_t * vm::handler::table::get ( const zydis_routine_t vm_entry)

get the linear virtual address of the vm handler table give a deobfuscated, flattened, vm entry...

Parameters
vm_entrydeobfuscated, flattened, vm entry...
Returns
returns the linear virtual address of the vm handler table...

◆ get_transform()

bool vm::handler::table::get_transform ( const zydis_routine_t vm_entry,
zydis_decoded_instr_t transform_instr 
)

get the single native instruction used to decrypt vm handler entries...

Parameters
vm_entryreference to the deobfuscated, flattened, vm entry...
transform_instr
Returns
Generated by doxygen 1.9.1