237 inline std::vector< vm::handler::profile_t * >
all = {
vm::handler::profile_t lconstw
Definition: lconst.cpp:50
vm::handler::profile_t writeb
Definition: write.cpp:85
vm::handler::profile_t lconstwsxq
Definition: lconst.cpp:171
vm::handler::profile_t lvsp
mov rbp [rbp+0]
Definition: lvsp.cpp:5
vm::handler::profile_t lconstdw
mov eax, [rsi-0x04] bswap eax add eax, ebx dec eax neg eax xor eax, 0x2FFD187C push rbx add [rsp],...
Definition: lconst.cpp:28
std::vector< vm::handler::profile_t * > all
a vector of pointers to all defined vm handler profiles...
Definition: vmprofiles.hpp:237
vm::handler::profile_t pushvsp
Definition: pushvsp.cpp:5
vm::handler::profile_t lconstbsxq
Definition: lconst.cpp:121
vm::handler::profile_t lregq
Definition: lreg.cpp:5
vm::handler::profile_t nandq
Definition: nand.cpp:5
vm::handler::profile_t sregdw
Definition: sreg.cpp:38
vm::handler::profile_t sregw
Definition: sreg.cpp:72
vm::handler::profile_t shrw
Definition: shr.cpp:64
vm::handler::profile_t lrflags
Definition: lflags.cpp:5
vm::handler::profile_t mulq
Definition: mul.cpp:5
vm::handler::profile_t nanddw
Definition: nand.cpp:68
vm::handler::profile_t adddw
mov ax, [rbp] sub rbp, 0x06 add [rbp+0x08], ax pushfq pop [rbp]
Definition: add.cpp:28
vm::handler::profile_t writeq
Definition: write.cpp:5
vm::handler::profile_t jmp
mov esi, [rbp] add rbp, 0x08 lea r12, [0x0000000000048F29] mov rax, 0x00 ; image base bytes above 32b...
Definition: jmp.cpp:5
vm::handler::profile_t readq
Definition: read.cpp:5
vm::handler::profile_t writedw
Definition: write.cpp:45
vm::handler::profile_t vmexit
Definition: vmexit.cpp:5
vm::handler::profile_t sregq
Definition: sreg.cpp:5
vm::handler::profile_t addq
mov rax, [rbp+0] add [rbp+8], rax pushfq pop qword ptr [rbp+0]
Definition: add.cpp:5
vm::handler::profile_t readdw
Definition: read.cpp:27
vm::handler::profile_t lconstbzxw
Definition: lconst.cpp:72
vm::handler::profile_t shlq
Definition: shl.cpp:5
vm::handler::profile_t call
mov rdx, [rbp] add rbp, 0x08 call rdx
Definition: call.cpp:5
vm::handler::profile_t shldw
Definition: shl.cpp:64
vm::handler::profile_t lconstbsxdw
Definition: lconst.cpp:95
vm::handler::profile_t lconstq
mov rax, [rsi] xor rax, rbx ; transformation bswap rax ; transformation lea rsi, [rsi+8] ; advance VI...
Definition: lconst.cpp:5
vm::handler::profile_t nandw
Definition: nand.cpp:115
vm::handler::profile_t lregdw
Definition: lreg.cpp:39
vm::handler::profile_t lconstdwsxq
Definition: lconst.cpp:147
vm::handler::profile_t shrq
Definition: shr.cpp:5
vm::handler::profile_t addw
Definition: add.cpp:51
vm::handler::profile_t lconstwsxdw
Definition: lconst.cpp:197
vm::handler::profile_t divq
mov rdx, [rbp] mov rax, [rbp+0x08] div [rbp+0x10] mov [rbp+0x08], rdx mov [rbp+0x10],...
Definition: div.cpp:5
contains all information pertaining to vm handler identification...
Definition: vmhandlers.hpp:6
std::function< bool(const zydis_decoded_instr_t &instr) > zydis_callback_t
zydis callback lambda used to pattern match native instructions...
Definition: vmprofiles.hpp:68
mnemonic_t
vm handler mnemonic... so you dont need to compare strings!
Definition: vmprofiles.hpp:13
@ LCONSTWSXDW
Definition: vmprofiles.hpp:37
@ ADDQ
Definition: vmprofiles.hpp:50
@ CALL
Definition: vmprofiles.hpp:19
@ READW
Definition: vmprofiles.hpp:43
@ LCONSTDW
Definition: vmprofiles.hpp:38
@ WRITEQ
Definition: vmprofiles.hpp:45
@ NANDQ
Definition: vmprofiles.hpp:60
@ DIVQ
Definition: vmprofiles.hpp:18
@ READDW
Definition: vmprofiles.hpp:42
@ LREGQ
Definition: vmprofiles.hpp:28
@ SREGQ
Definition: vmprofiles.hpp:24
@ MULQ
Definition: vmprofiles.hpp:17
@ ADDW
Definition: vmprofiles.hpp:52
@ LCONSTQ
Definition: vmprofiles.hpp:31
@ SREGW
Definition: vmprofiles.hpp:26
@ INVALID
Definition: vmprofiles.hpp:14
@ LVSP
Definition: vmprofiles.hpp:22
@ LRFLAGS
Definition: vmprofiles.hpp:15
@ WRITEB
Definition: vmprofiles.hpp:48
@ LCONSTDWSXQ
Definition: vmprofiles.hpp:35
@ LCONSTBZXW
Definition: vmprofiles.hpp:32
@ PUSHVSP
Definition: vmprofiles.hpp:16
@ SHRW
Definition: vmprofiles.hpp:58
@ SHLDW
Definition: vmprofiles.hpp:55
@ ADDDW
Definition: vmprofiles.hpp:51
@ LREGDW
Definition: vmprofiles.hpp:29
@ SHRQ
Definition: vmprofiles.hpp:57
@ SREGDW
Definition: vmprofiles.hpp:25
@ VMEXIT
Definition: vmprofiles.hpp:21
@ LCONSTBSXDW
Definition: vmprofiles.hpp:34
@ LCONSTW
Definition: vmprofiles.hpp:39
@ JMP
Definition: vmprofiles.hpp:20
@ LCONSTWSXQ
Definition: vmprofiles.hpp:36
@ WRITEW
Definition: vmprofiles.hpp:47
@ NANDDW
Definition: vmprofiles.hpp:61
@ SHLQ
Definition: vmprofiles.hpp:54
@ NANDW
Definition: vmprofiles.hpp:62
@ LCONSTBSXQ
Definition: vmprofiles.hpp:33
@ READQ
Definition: vmprofiles.hpp:41
@ WRITEDW
Definition: vmprofiles.hpp:46
extention_t
how sign extention is handled...
Definition: vmprofiles.hpp:74
@ zero_extend
Definition: vmprofiles.hpp:77
@ none
Definition: vmprofiles.hpp:75
@ sign_extend
Definition: vmprofiles.hpp:76
pre defined vm handler profile containing all compiled time known information about a vm handler....
Definition: vmprofiles.hpp:84
u8 imm_size
size, in bits, of the operand (imm)... if there is none then this will be zero...
Definition: vmprofiles.hpp:98
std::vector< zydis_callback_t > signature
a vector of signatures used to compare native instructions against zydis aided signatures....
Definition: vmprofiles.hpp:103
extention_t extention
how sign extention of operands are handled...
Definition: vmprofiles.hpp:108
mnemonic_t mnemonic
the mnemonic of the vm handler... so you dont need to compare strings...
Definition: vmprofiles.hpp:93
const char * name
name of the vm handler, such as JMP or LCONST...
Definition: vmprofiles.hpp:88
ZydisDecodedInstruction zydis_decoded_instr_t
Definition: vmutils.hpp:18
unsigned char u8
Definition: vmutils.hpp:12
1.9.1