vmp2
/
vmprofiler
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '05c8f779d0'
${ noResults }
vmprofiler/include/vmprofiler.hpp

75 lines
2.0 KiB
Raw Blame History

#pragma once
#include <transform.hpp>
namespace vm
{
namespace handler
{
using instr_callback_t = bool(*)(const zydis_decoded_instr_t& instr);
enum extention_t
{
none,
sign_extend,
zero_extend
};
struct profile_t
{
const char* name;
u8 imm_size;
std::vector<instr_callback_t> signature;
extention_t extention;
};
namespace profile
{
// MOV RDX, [RBP]
// ADD RBP, 8
// MOV [RAX+RDI], RDX
inline vm::handler::profile_t sregq =
{
"SREGQ", 8,
{
{
// MOV RDX, [RBP]
[](const zydis_decoded_instr_t& instr) -> bool
{
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[0].reg.value == ZYDIS_REGISTER_RDX &&
instr.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY &&
instr.operands[1].mem.base == ZYDIS_REGISTER_RBP;
},
// ADD RBP, 8
[](const zydis_decoded_instr_t& instr) -> bool
{
return instr.mnemonic == ZYDIS_MNEMONIC_ADD &&
instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[0].reg.value == ZYDIS_REGISTER_RBP &&
instr.operands[1].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&
instr.operands[1].imm.value.u == 8;
},
// MOV [RAX+RDI], RDX
[](const zydis_decoded_instr_t& instr) -> bool
{
return instr.mnemonic == ZYDIS_MNEMONIC_MOV &&
instr.operands[0].type == ZYDIS_OPERAND_TYPE_MEMORY &&
(instr.operands[0].mem.base == ZYDIS_REGISTER_RAX ||
instr.operands[0].mem.base == ZYDIS_REGISTER_RDI) &&
(instr.operands[0].mem.index == ZYDIS_REGISTER_RDI ||
instr.operands[0].mem.index == ZYDIS_REGISTER_RAX) &&
instr.operands[1].type == ZYDIS_OPERAND_TYPE_REGISTER &&
instr.operands[1].reg.value == ZYDIS_REGISTER_RDX;
}
}
}
};
inline std::vector<vm::handler::profile_t*> all =
{
&sregq
};
}
}
}
Reference in new issue View Git Blame Copy Permalink