You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
vmprofiler/include/vmprofiles.hpp

265 lines
6.9 KiB

#pragma once
#include <transform.hpp>
/// <summary>
/// contains all information pertaining to vm handler identification...
/// </summary>
namespace vm::handler
{
/// <summary>
/// vm handler mnemonic... so you dont need to compare strings!
/// </summary>
enum mnemonic_t
{
INVALID,
LFLAGSQ,
RDTSC,
MULQ,
MULDW,
MULW,
MULB,
IMULQ,
IMULDW,
IMULW,
IMULB,
DIVQ,
DIVDW,
DIVW,
DIVB,
IDIVQ,
IDIVDW,
IDIVW,
IDIVB,
CALL,
JMP,
VMEXIT,
POPVSP,
READCR3,
WRITECR3,
READCR8,
WRITECR8,
PUSHVSP,
PUSHVSPDW,
SREGQ,
SREGDW,
SREGW,
SREGB,
LREGQ,
LREGDW,
LREGW,
LREGB,
LCONSTQ,
LCONSTBZXW,
LCONSTBSXQ,
LCONSTBSXDW,
LCONSTDWSXQ,
LCONSTWSXQ,
LCONSTWSXDW,
LCONSTDW,
LCONSTW,
READQ,
READGSQ,
READDW,
READW,
READB,
WRITEQ,
WRITEGSQ,
WRITEDW,
WRITEW,
WRITEB,
ADDQ,
ADDDW,
ADDW,
ADDB,
SHLQ,
SHLDW,
SHLW,
SHLB,
SHLDQ,
SHLDDW,
SHLD_W,
SHLDB,
SHRQ,
SHRDW,
SHRW,
SHRB,
SHRDQ,
SHRDDW,
SHRD_W,
SHRDB,
NANDQ,
NANDDW,
NANDW,
NANDB
};
/// <summary>
/// zydis callback lambda used to pattern match native instructions...
/// </summary>
using zydis_callback_t = std::function< bool( const zydis_decoded_instr_t &instr ) >;
/// <summary>
/// how sign extention is handled...
/// </summary>
enum extention_t
{
none,
sign_extend,
zero_extend
};
/// <summary>
/// pre defined vm handler profile containing all compiled time known information about a vm handler...
/// </summary>
struct profile_t
{
/// <summary>
/// name of the vm handler, such as JMP or LCONST...
/// </summary>
const char *name;
/// <summary>
/// the mnemonic of the vm handler... so you dont need to compare strings...
/// </summary>
mnemonic_t mnemonic;
/// <summary>
/// size, in bits, of the operand (imm)... if there is none then this will be zero...
/// </summary>
u8 imm_size;
/// <summary>
/// a vector of signatures used to compare native instructions against zydis aided signatures...
/// </summary>
std::vector< zydis_callback_t > signature;
/// <summary>
/// how sign extention of operands are handled...
/// </summary>
extention_t extention;
};
/// <summary>
/// contains all profiles defined, as well as a vector of all of the defined profiles...
/// </summary>
namespace profile
{
extern vm::handler::profile_t sregq;
extern vm::handler::profile_t sregdw;
extern vm::handler::profile_t sregw;
extern vm::handler::profile_t sregb;
extern vm::handler::profile_t lregq;
extern vm::handler::profile_t lregdw;
extern vm::handler::profile_t lconstq;
extern vm::handler::profile_t lconstdw;
extern vm::handler::profile_t lconstw;
extern vm::handler::profile_t lconstbzxw;
extern vm::handler::profile_t lconstbsxdw;
extern vm::handler::profile_t lconstbsxq;
extern vm::handler::profile_t lconstdwsxq;
extern vm::handler::profile_t lconstwsxq;
extern vm::handler::profile_t lconstwsxdw;
extern vm::handler::profile_t addq;
extern vm::handler::profile_t adddw;
extern vm::handler::profile_t addw;
extern vm::handler::profile_t addb;
extern vm::handler::profile_t shlq;
extern vm::handler::profile_t shldw;
extern vm::handler::profile_t shlw;
extern vm::handler::profile_t shlb;
extern vm::handler::profile_t shldq;
extern vm::handler::profile_t shlddw;
extern vm::handler::profile_t nandq;
extern vm::handler::profile_t nanddw;
extern vm::handler::profile_t nandw;
extern vm::handler::profile_t nandb;
extern vm::handler::profile_t writeq;
extern vm::handler::profile_t writedw;
extern vm::handler::profile_t writew;
extern vm::handler::profile_t writeb;
extern vm::handler::profile_t readq;
extern vm::handler::profile_t readgsq;
extern vm::handler::profile_t readdw;
extern vm::handler::profile_t readw;
extern vm::handler::profile_t readb;
extern vm::handler::profile_t shrq;
extern vm::handler::profile_t shrdw;
extern vm::handler::profile_t shrw;
extern vm::handler::profile_t shrb;
extern vm::handler::profile_t shrdq;
extern vm::handler::profile_t shrddw;
extern vm::handler::profile_t pushvsp;
extern vm::handler::profile_t pushvspdw;
extern vm::handler::profile_t lflagsq;
extern vm::handler::profile_t call;
extern vm::handler::profile_t mulq;
extern vm::handler::profile_t muldw;
extern vm::handler::profile_t imulq;
extern vm::handler::profile_t imuldw;
extern vm::handler::profile_t readcr8;
extern vm::handler::profile_t readcr3;
extern vm::handler::profile_t writecr3;
extern vm::handler::profile_t divq;
extern vm::handler::profile_t divdw;
extern vm::handler::profile_t idivdw;
extern vm::handler::profile_t jmp;
extern vm::handler::profile_t popvsp;
extern vm::handler::profile_t rdtsc;
extern vm::handler::profile_t vmexit;
/// <summary>
/// a vector of pointers to all defined vm handler profiles...
/// </summary>
inline std::vector< vm::handler::profile_t * > all = {
&sregq, &sregdw, &sregw, &sregb, &lregq, &lregdw, &lconstq,
&lconstbzxw, &lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw, &lconstdw,
&lconstw, &addq, &adddw, &addw, &addb, &popvsp,
&shlq, &shldw, &shlw, &shlb, &writeq, &writedw, &writew,
&writeb, &nandq, &nanddw, &nandw, &nandb,
&shlddw, &shldq,
&shrq, &shrdw, &shrw, &shrb, &shrdq, &shrddw, &readgsq,
&readq, &readdw, &readw, &readb, &mulq, &muldw, &imulq,
&imuldw, &pushvsp, &pushvspdw, &readcr8, &readcr3, &writecr3, &divq,
&divdw, &idivdw, &jmp, &lflagsq, &vmexit, &call, &rdtsc };
} // namespace profile
} // namespace vm::handler