 |
VMProfiler
v1.8
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
|
|
VMProfiler
v1.8
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
|
#include <Zydis/Utils.h>#include <Zydis/Zydis.h>#include <optional>#include <vector>#include <xmmintrin.h>#include <Windows.h>Go to the source code of this file.
Classes | |
| struct | zydis_instr_t |
Namespaces | |
| vm | |
| vm::util | |
| utils used by the other cpp files... misc things that get used a lot... | |
| vm::util::reg | |
| utils pertaining to native registers... | |
Macros | |
| #define | NOMINMAX |
Typedefs | |
| using | u8 = unsigned char |
| using | u16 = unsigned short |
| using | u32 = unsigned int |
| using | u64 = unsigned long long |
| using | u128 = __m128 |
| using | zydis_decoded_instr_t = ZydisDecodedInstruction |
| using | zydis_register_t = ZydisRegister |
| using | zydis_mnemonic_t = ZydisMnemonic |
| using | zydis_routine_t = std::vector< zydis_instr_t > |
Functions | |
| zydis_register_t | vm::util::reg::to64 (zydis_register_t reg) |
| converts say... AL to RAX... More... | |
| bool | vm::util::reg::compare (zydis_register_t a, zydis_register_t b) |
| compares to registers with each other... calls to64 and compares... More... | |
| bool | vm::util::get_fetch_operand (const zydis_routine_t &routine, zydis_instr_t &fetch_instr) |
| get the instruction that fetches an operand out of VIP... More... | |
| std::optional< zydis_routine_t::iterator > | vm::util::get_fetch_operand (zydis_routine_t &routine) |
| gets the instruction that fetches an operand out of VIP and returns an iterator to it... More... | |
| void | vm::util::print (zydis_routine_t &routine) |
| prints a disassembly view of a routine... More... | |
| void | vm::util::print (const zydis_decoded_instr_t &instr) |
| prints a single disassembly view of an instruction... More... | |
| bool | vm::util::is_jmp (const zydis_decoded_instr_t &instr) |
| determines if a given decoded native instruction is a JCC... More... | |
| bool | vm::util::flatten (zydis_routine_t &routine, std::uintptr_t routine_addr, bool keep_jmps=false) |
| flatten native instruction stream, takes every JCC (follows the branch)... More... | |
| void | vm::util::deobfuscate (zydis_routine_t &routine) |
| deadstore deobfuscation of a flattened routine... More... | |
| #define NOMINMAX |
| using u128 = __m128 |
| using u16 = unsigned short |
| using u32 = unsigned int |
| using u64 = unsigned long long |
| using u8 = unsigned char |
| using zydis_decoded_instr_t = ZydisDecodedInstruction |
| using zydis_mnemonic_t = ZydisMnemonic |
| using zydis_register_t = ZydisRegister |
| using zydis_routine_t = std::vector< zydis_instr_t > |
1.9.1