vmp2
/
vmprofiler
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '64a139ffca'
${ noResults }
vmprofiler/doxygen/html/vmhandler_8cpp.html

132 lines
14 KiB
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.9.1"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>VMProfiler: D:/vmprofiler-qt/dependencies/vmprofiler/src/vmhandler.cpp File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/searchdata.js"></script>
<script type="text/javascript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td id="projectlogo"><img alt="Logo" src="icon.png"/></td>
<td id="projectalign" style="padding-left: 0.5em;">
<div id="projectname">VMProfiler
&#160;<span id="projectnumber">v1.8</span>
</div>
<div id="projectbrief">vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.9.1 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
var searchBox = new SearchBox("searchBox", "search",false,'Search','.html');
/* @license-end */
</script>
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
$(function() {
initMenu('',true,false,'search.php','Search');
$(document).ready(function() { init_search(); });
});
/* @license-end */</script>
<div id="main-nav"></div>
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
</div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<div id="nav-path" class="navpath">
<ul>
<li class="navelem"><a class="el" href="dir_68267d1309a1af8e8297ef4c3efbcdba.html">src</a></li> </ul>
</div>
</div><!-- top -->
<div class="header">
<div class="summary">
<a href="#namespaces">Namespaces</a> &#124;
<a href="#func-members">Functions</a> </div>
<div class="headertitle">
<div class="title">vmhandler.cpp File Reference</div> </div>
</div><!--header-->
<div class="contents">
<div class="textblock"><code>#include &lt;<a class="el" href="vmprofiler_8hpp_source.html">vmprofiler.hpp</a>&gt;</code><br />
</div><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="namespaces"></a>
Namespaces</h2></td></tr>
<tr class="memitem:namespacevm"><td class="memItemLeft" align="right" valign="top"> &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm.html">vm</a></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:namespacevm_1_1handler"><td class="memItemLeft" align="right" valign="top"> &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html">vm::handler</a></td></tr>
<tr class="memdesc:namespacevm_1_1handler"><td class="mdescLeft">&#160;</td><td class="mdescRight">contains all information pertaining to vm handler identification... <br /></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:namespacevm_1_1handler_1_1table"><td class="memItemLeft" align="right" valign="top"> &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html">vm::handler::table</a></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
</table><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
Functions</h2></td></tr>
<tr class="memitem:aa04be3f452edc65f17c38ef91fbed341"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#aa04be3f452edc65f17c38ef91fbed341">vm::handler::get</a> (<a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry, <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_handler, std::uintptr_t handler_addr)</td></tr>
<tr class="memdesc:aa04be3f452edc65f17c38ef91fbed341"><td class="mdescLeft">&#160;</td><td class="mdescRight">gets a vm handler, puts all of the native instructions inside of the vm_handler param... <a href="namespacevm_1_1handler.html#aa04be3f452edc65f17c38ef91fbed341">More...</a><br /></td></tr>
<tr class="separator:aa04be3f452edc65f17c38ef91fbed341"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:ae5e88e98b57b69a61e344e17386a06c3"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ae5e88e98b57b69a61e344e17386a06c3">vm::handler::get_all</a> (std::uintptr_t module_base, std::uintptr_t image_base, <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry, std::uintptr_t *vm_handler_table, std::vector&lt; <a class="el" href="structvm_1_1handler_1_1handler__t.html">vm::handler::handler_t</a> &gt; &amp;vm_handlers)</td></tr>
<tr class="separator:ae5e88e98b57b69a61e344e17386a06c3"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:ab830e56e2b4ee32851937ae0fe1a4918"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ab830e56e2b4ee32851937ae0fe1a4918">vm::handler::has_imm</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_handler)</td></tr>
<tr class="memdesc:ab830e56e2b4ee32851937ae0fe1a4918"><td class="mdescLeft">&#160;</td><td class="mdescRight">given a vm handler returns true if the vm handler decrypts an operand... <a href="namespacevm_1_1handler.html#ab830e56e2b4ee32851937ae0fe1a4918">More...</a><br /></td></tr>
<tr class="separator:ab830e56e2b4ee32851937ae0fe1a4918"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a073cb14b6691023771ad8eada2452138"><td class="memItemLeft" align="right" valign="top">std::optional&lt; std::uint8_t &gt;&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#a073cb14b6691023771ad8eada2452138">vm::handler::imm_size</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_handler)</td></tr>
<tr class="memdesc:a073cb14b6691023771ad8eada2452138"><td class="mdescLeft">&#160;</td><td class="mdescRight">gets the imm size of a vm handler... <a href="namespacevm_1_1handler.html#a073cb14b6691023771ad8eada2452138">More...</a><br /></td></tr>
<tr class="separator:a073cb14b6691023771ad8eada2452138"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:ad63629408ca7f8b34169a38399ffcf02"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ad63629408ca7f8b34169a38399ffcf02">vm::handler::get_operand_transforms</a> (<a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_handler, transform::map_t &amp;transforms)</td></tr>
<tr class="memdesc:ad63629408ca7f8b34169a38399ffcf02"><td class="mdescLeft">&#160;</td><td class="mdescRight">get operand decryption instructions given a vm handler... <a href="namespacevm_1_1handler.html#ad63629408ca7f8b34169a38399ffcf02">More...</a><br /></td></tr>
<tr class="separator:ad63629408ca7f8b34169a38399ffcf02"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:ad410231628efa1c4ee7fe9a8c4c7db90"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> *&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ad410231628efa1c4ee7fe9a8c4c7db90">vm::handler::get_profile</a> (handler_t &amp;vm_handler)</td></tr>
<tr class="memdesc:ad410231628efa1c4ee7fe9a8c4c7db90"><td class="mdescLeft">&#160;</td><td class="mdescRight">get a vm handler profile given a <a class="el" href="structvm_1_1handler_1_1handler__t.html" title="handler_t contains all the information for a vm handler such as its immidate value size (zero if ther...">handler_t</a>... <a href="namespacevm_1_1handler.html#ad410231628efa1c4ee7fe9a8c4c7db90">More...</a><br /></td></tr>
<tr class="separator:ad410231628efa1c4ee7fe9a8c4c7db90"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a0ba01b3a015d7f25b83261e9183a2e40"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> *&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#a0ba01b3a015d7f25b83261e9183a2e40">vm::handler::get_profile</a> (<a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1">vm::handler::mnemonic_t</a> mnemonic)</td></tr>
<tr class="memdesc:a0ba01b3a015d7f25b83261e9183a2e40"><td class="mdescLeft">&#160;</td><td class="mdescRight">get a vm handler profile given the mnemonic of the vm handler... <a href="namespacevm_1_1handler.html#a0ba01b3a015d7f25b83261e9183a2e40">More...</a><br /></td></tr>
<tr class="separator:a0ba01b3a015d7f25b83261e9183a2e40"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a664a7f96f12e1305466df77d761d43fc"><td class="memItemLeft" align="right" valign="top">std::uintptr_t *&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#a664a7f96f12e1305466df77d761d43fc">vm::handler::table::get</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry)</td></tr>
<tr class="memdesc:a664a7f96f12e1305466df77d761d43fc"><td class="mdescLeft">&#160;</td><td class="mdescRight">get the linear virtual address of the vm handler table give a deobfuscated, flattened, vm entry... <a href="namespacevm_1_1handler_1_1table.html#a664a7f96f12e1305466df77d761d43fc">More...</a><br /></td></tr>
<tr class="separator:a664a7f96f12e1305466df77d761d43fc"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a5e8586b80ccde98882291ded921749ff"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#a5e8586b80ccde98882291ded921749ff">vm::handler::table::get_transform</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry, <a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> *transform_instr)</td></tr>
<tr class="memdesc:a5e8586b80ccde98882291ded921749ff"><td class="mdescLeft">&#160;</td><td class="mdescRight">get the single native instruction used to decrypt vm handler entries... <a href="namespacevm_1_1handler_1_1table.html#a5e8586b80ccde98882291ded921749ff">More...</a><br /></td></tr>
<tr class="separator:a5e8586b80ccde98882291ded921749ff"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a69494eb8dca48abd03ff543c8adbf186"><td class="memItemLeft" align="right" valign="top">std::uint64_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#a69494eb8dca48abd03ff543c8adbf186">vm::handler::table::encrypt</a> (<a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &amp;transform_instr, std::uint64_t val)</td></tr>
<tr class="memdesc:a69494eb8dca48abd03ff543c8adbf186"><td class="mdescLeft">&#160;</td><td class="mdescRight">encrypt a linear virtual address given the transformation that is used to decrypt the vm handler table entry... this function will apply the inverse of the transformation so you dont need to get the inverse yourself... <a href="namespacevm_1_1handler_1_1table.html#a69494eb8dca48abd03ff543c8adbf186">More...</a><br /></td></tr>
<tr class="separator:a69494eb8dca48abd03ff543c8adbf186"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:aa8ffcb4e9e445f940723179cf9c87818"><td class="memItemLeft" align="right" valign="top">std::uint64_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#aa8ffcb4e9e445f940723179cf9c87818">vm::handler::table::decrypt</a> (<a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &amp;transform_instr, std::uint64_t val)</td></tr>
<tr class="memdesc:aa8ffcb4e9e445f940723179cf9c87818"><td class="mdescLeft">&#160;</td><td class="mdescRight">decrypts a vm handler table entry... <a href="namespacevm_1_1handler_1_1table.html#aa8ffcb4e9e445f940723179cf9c87818">More...</a><br /></td></tr>
<tr class="separator:aa8ffcb4e9e445f940723179cf9c87818"><td class="memSeparator" colspan="2">&#160;</td></tr>
</table>
</div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated by&#160;<a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1
</small></address>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink