VMProfiler  v1.8
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
Classes | Namespaces | Functions
vmhandlers.hpp File Reference
#include <transform.hpp>
#include <vmprofiles.hpp>

Go to the source code of this file.

Classes

struct  vm::handler::handler_t
 handler_t contains all the information for a vm handler such as its immidate value size (zero if there is no imm), the transformations applied to the imm to decrypt it (if any), a pointer to the profile (nullptr if there is none), and other meta data... More...
 

Namespaces

 vm
 
 vm::handler
 contains all information pertaining to vm handler identification...
 
 vm::handler::table
 

Functions

bool vm::handler::has_imm (const zydis_routine_t &vm_handler)
 given a vm handler returns true if the vm handler decrypts an operand... More...
 
std::optional< std::uint8_t > vm::handler::imm_size (const zydis_routine_t &vm_handler)
 gets the imm size of a vm handler... More...
 
bool vm::handler::get (zydis_routine_t &vm_entry, zydis_routine_t &vm_handler, std::uintptr_t handler_addr)
 gets a vm handler, puts all of the native instructions inside of the vm_handler param... More...
 
bool vm::handler::get_all (std::uintptr_t module_base, std::uintptr_t image_base, zydis_routine_t &vm_entry, std::uintptr_t *vm_handler_table, std::vector< handler_t > &vm_handlers)
 get all 256 vm handlers... More...
 
bool vm::handler::get_operand_transforms (zydis_routine_t &vm_handler, transform::map_t &transforms)
 get operand decryption instructions given a vm handler... More...
 
vm::handler::profile_tvm::handler::get_profile (handler_t &vm_handler)
 get a vm handler profile given a handler_t... More...
 
vm::handler::profile_tvm::handler::get_profile (vm::handler::mnemonic_t mnemonic)
 get a vm handler profile given the mnemonic of the vm handler... More...
 
std::uintptr_t * vm::handler::table::get (const zydis_routine_t &vm_entry)
 get the linear virtual address of the vm handler table give a deobfuscated, flattened, vm entry... More...
 
bool vm::handler::table::get_transform (const zydis_routine_t &vm_entry, zydis_decoded_instr_t *transform_instr)
 get the single native instruction used to decrypt vm handler entries... More...
 
std::uint64_t vm::handler::table::encrypt (zydis_decoded_instr_t &transform_instr, std::uint64_t val)
 encrypt a linear virtual address given the transformation that is used to decrypt the vm handler table entry... this function will apply the inverse of the transformation so you dont need to get the inverse yourself... More...
 
std::uint64_t vm::handler::table::decrypt (zydis_decoded_instr_t &transform_instr, std::uint64_t val)
 decrypts a vm handler table entry... More...