You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
53 lines
2.2 KiB
53 lines
2.2 KiB
<div align="center">
|
|
<div>
|
|
<img src="https://githacks.org/uploads/-/system/project/avatar/374/icon-5.png"/>
|
|
</div>
|
|
</div>
|
|
|
|
### VMProfiler - Library To Profile VMProtect 2 Virtual Machines
|
|
|
|
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu. This is the base project for all other VMProtect 2 projects inside of this group on githacks.
|
|
|
|
### Credit & Contributors
|
|
|
|
* [VTIL](https://github.com/vtil-project/VTIL-Core) - Virtual-machine Translation Intermediate Language
|
|
* [Zydis](https://github.com/zyantific/zydis) - Fast and lightweight x86/x86-64 disassembler library
|
|
* [irql0](https://github.com/irql0) - helped with the first version of vm handler pattern matching
|
|
|
|
### Basic Usage - Creating a vm::ctx_t Object
|
|
|
|
The `vm::ctx_t` class is a small container-like class which is simply used to contain all information for a given vm entry. This class contains the following useful information:
|
|
|
|
* all vm handlers for a given vm entry
|
|
* the linear virtual address of the module base in memory
|
|
* the image base address
|
|
* the image size in virtual memory
|
|
* which way VIP advances (exec_type)
|
|
* vm entry relative virtual address
|
|
* vm entry deobfuscated and flattened
|
|
* calc jmp deobfuscated and flattened
|
|
|
|
All of the above information is generated by executing the `vm::ctx_t::init` member function. Below is a C++ example of how to create a `vm::ctx_t` object.
|
|
|
|
```cpp
|
|
const auto module_base = reinterpret_cast< std::uintptr_t >(
|
|
LoadLibraryExA( parser.get< std::string >( "bin" ).c_str(),
|
|
NULL, DONT_RESOLVE_DLL_REFERENCES ) );
|
|
|
|
const auto vm_entry_rva = std::strtoull( parser.get< std::string >( "vmentry" ).c_str(), nullptr, 16 );
|
|
const auto image_base = umtils->image_base( parser.get< std::string >( "bin" ).c_str() );
|
|
const auto image_size = NT_HEADER( module_base )->OptionalHeader.SizeOfImage;
|
|
vm::ctx_t vmctx( module_base, image_base, image_size, vm_entry_rva );
|
|
|
|
if ( !vmctx.init() )
|
|
{
|
|
std::printf( "[!] failed to init vm::ctx_t... make sure all cli arguments are correct!\n" );
|
|
return -1;
|
|
}
|
|
```
|
|
|
|
### License & Copyright
|
|
|
|
Copyright (c) 2021 _xeroxz, Independent Researcher @back.engineering
|
|
|
|
Licensed under the MIT License |