 |
VMProfiler
v1.8
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
|
|
VMProfiler
v1.8
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
|
#include <vmprofiler.hpp>Namespaces | |
| vm | |
| vm::handler | |
| contains all information pertaining to vm handler identification... | |
| vm::handler::table | |
Functions | |
| bool | vm::handler::get (zydis_routine_t &vm_entry, zydis_routine_t &vm_handler, std::uintptr_t handler_addr) |
| gets a vm handler, puts all of the native instructions inside of the vm_handler param... More... | |
| bool | vm::handler::get_all (std::uintptr_t module_base, std::uintptr_t image_base, zydis_routine_t &vm_entry, std::uintptr_t *vm_handler_table, std::vector< vm::handler::handler_t > &vm_handlers) |
| bool | vm::handler::has_imm (const zydis_routine_t &vm_handler) |
| given a vm handler returns true if the vm handler decrypts an operand... More... | |
| std::optional< std::uint8_t > | vm::handler::imm_size (const zydis_routine_t &vm_handler) |
| gets the imm size of a vm handler... More... | |
| bool | vm::handler::get_operand_transforms (zydis_routine_t &vm_handler, transform::map_t &transforms) |
| get operand decryption instructions given a vm handler... More... | |
| vm::handler::profile_t * | vm::handler::get_profile (handler_t &vm_handler) |
| get a vm handler profile given a handler_t... More... | |
| vm::handler::profile_t * | vm::handler::get_profile (vm::handler::mnemonic_t mnemonic) |
| get a vm handler profile given the mnemonic of the vm handler... More... | |
| std::uintptr_t * | vm::handler::table::get (const zydis_routine_t &vm_entry) |
| get the linear virtual address of the vm handler table give a deobfuscated, flattened, vm entry... More... | |
| bool | vm::handler::table::get_transform (const zydis_routine_t &vm_entry, zydis_decoded_instr_t *transform_instr) |
| get the single native instruction used to decrypt vm handler entries... More... | |
| std::uint64_t | vm::handler::table::encrypt (zydis_decoded_instr_t &transform_instr, std::uint64_t val) |
| encrypt a linear virtual address given the transformation that is used to decrypt the vm handler table entry... this function will apply the inverse of the transformation so you dont need to get the inverse yourself... More... | |
| std::uint64_t | vm::handler::table::decrypt (zydis_decoded_instr_t &transform_instr, std::uint64_t val) |
| decrypts a vm handler table entry... More... | |
1.9.1