|
bool | vm::handler::has_imm (const zydis_routine_t &vm_handler) |
| given a vm handler returns true if the vm handler decrypts an operand... More...
|
|
std::optional< std::uint8_t > | vm::handler::imm_size (const zydis_routine_t &vm_handler) |
| gets the imm size of a vm handler... More...
|
|
bool | vm::handler::get (zydis_routine_t &vm_entry, zydis_routine_t &vm_handler, std::uintptr_t handler_addr) |
| gets a vm handler, puts all of the native instructions inside of the vm_handler param... More...
|
|
bool | vm::handler::get_all (std::uintptr_t module_base, std::uintptr_t image_base, zydis_routine_t &vm_entry, std::uintptr_t *vm_handler_table, std::vector< handler_t > &vm_handlers) |
| get all 256 vm handlers... More...
|
|
bool | vm::handler::get_operand_transforms (zydis_routine_t &vm_handler, transform::map_t &transforms) |
| get operand decryption instructions given a vm handler... More...
|
|
vm::handler::profile_t * | vm::handler::get_profile (handler_t &vm_handler) |
| get a vm handler profile given a handler_t... More...
|
|
vm::handler::profile_t * | vm::handler::get_profile (vm::handler::mnemonic_t mnemonic) |
| get a vm handler profile given the mnemonic of the vm handler... More...
|
|
std::uintptr_t * | vm::handler::table::get (const zydis_routine_t &vm_entry) |
| get the linear virtual address of the vm handler table give a deobfuscated, flattened, vm entry... More...
|
|
bool | vm::handler::table::get_transform (const zydis_routine_t &vm_entry, zydis_decoded_instr_t *transform_instr) |
| get the single native instruction used to decrypt vm handler entries... More...
|
|
std::uint64_t | vm::handler::table::encrypt (zydis_decoded_instr_t &transform_instr, std::uint64_t val) |
| encrypt a linear virtual address given the transformation that is used to decrypt the vm handler table entry... this function will apply the inverse of the transformation so you dont need to get the inverse yourself... More...
|
|
std::uint64_t | vm::handler::table::decrypt (zydis_decoded_instr_t &transform_instr, std::uint64_t val) |
| decrypts a vm handler table entry... More...
|
|