VMProfiler  v1.8
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
vmutils.hpp
Go to the documentation of this file.
1 #pragma once
2 #include <Zydis/Utils.h>
3 #include <Zydis/Zydis.h>
4 
5 #include <optional>
6 #include <vector>
7 #include <xmmintrin.h>
8 
9 #define NOMINMAX
10 #include <Windows.h>
11 
12 using u8 = unsigned char;
13 using u16 = unsigned short;
14 using u32 = unsigned int;
15 using u64 = unsigned long long;
16 using u128 = __m128;
17 
18 using zydis_decoded_instr_t = ZydisDecodedInstruction;
19 using zydis_register_t = ZydisRegister;
20 using zydis_mnemonic_t = ZydisMnemonic;
21 
22 struct zydis_instr_t
23 {
24  zydis_decoded_instr_t instr;
25  std::vector< u8 > raw;
26  std::uintptr_t addr;
27 };
28 
29 using zydis_routine_t = std::vector< zydis_instr_t >;
30 
34 namespace vm::util
35 {
39  namespace reg
40  {
46  zydis_register_t to64( zydis_register_t reg );
47 
54  bool compare( zydis_register_t a, zydis_register_t b );
55  } // namespace reg
56 
63  bool get_fetch_operand( const zydis_routine_t &routine, zydis_instr_t &fetch_instr );
64 
70  std::optional< zydis_routine_t::iterator > get_fetch_operand( zydis_routine_t &routine );
71 
76  void print( zydis_routine_t &routine );
77 
82  void print( const zydis_decoded_instr_t &instr );
83 
89  bool is_jmp( const zydis_decoded_instr_t &instr );
90 
98  bool flatten( zydis_routine_t &routine, std::uintptr_t routine_addr, bool keep_jmps = false );
99 
104  void deobfuscate( zydis_routine_t &routine );
105 } // namespace vm::util
vm::util::reg::to64
zydis_register_t to64(zydis_register_t reg)
converts say... AL to RAX...
Definition: vmutils.cpp:7
vm::util::reg::compare
bool compare(zydis_register_t a, zydis_register_t b)
compares to registers with each other... calls to64 and compares...
Definition: vmutils.cpp:12
vm::util
utils used by the other cpp files... misc things that get used a lot...
Definition: vmutils.hpp:35
vm::util::is_jmp
bool is_jmp(const zydis_decoded_instr_t &instr)
determines if a given decoded native instruction is a JCC...
Definition: vmutils.cpp:82
vm::util::get_fetch_operand
bool get_fetch_operand(const zydis_routine_t &routine, zydis_instr_t &fetch_instr)
get the instruction that fetches an operand out of VIP...
Definition: vmutils.cpp:18
vm::util::flatten
bool flatten(zydis_routine_t &routine, std::uintptr_t routine_addr, bool keep_jmps=false)
flatten native instruction stream, takes every JCC (follows the branch)...
Definition: vmutils.cpp:115
vm::util::print
void print(zydis_routine_t &routine)
prints a disassembly view of a routine...
Definition: vmutils.cpp:69
vm::util::deobfuscate
void deobfuscate(zydis_routine_t &routine)
deadstore deobfuscation of a flattened routine...
Definition: vmutils.cpp:161
zydis_instr_t
Definition: vmutils.hpp:23
zydis_instr_t::raw
std::vector< u8 > raw
Definition: vmutils.hpp:25
zydis_instr_t::instr
zydis_decoded_instr_t instr
Definition: vmutils.hpp:24
zydis_instr_t::addr
std::uintptr_t addr
Definition: vmutils.hpp:26
u64
unsigned long long u64
Definition: vmutils.hpp:15
u32
unsigned int u32
Definition: vmutils.hpp:14
zydis_routine_t
std::vector< zydis_instr_t > zydis_routine_t
Definition: vmutils.hpp:29
u16
unsigned short u16
Definition: vmutils.hpp:13
u128
__m128 u128
Definition: vmutils.hpp:16
zydis_mnemonic_t
ZydisMnemonic zydis_mnemonic_t
Definition: vmutils.hpp:20
zydis_register_t
ZydisRegister zydis_register_t
Definition: vmutils.hpp:19
zydis_decoded_instr_t
ZydisDecodedInstruction zydis_decoded_instr_t
Definition: vmutils.hpp:18
u8
unsigned char u8
Definition: vmutils.hpp:12
Generated by doxygen 1.9.1