You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
vmprofiler/doxygen/html/vmhandlers_8hpp.html

143 lines
16 KiB

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.9.1"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>VMProfiler: D:/vmprofiler-qt/dependencies/vmprofiler/include/vmhandlers.hpp File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/searchdata.js"></script>
<script type="text/javascript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td id="projectlogo"><img alt="Logo" src="icon.png"/></td>
<td id="projectalign" style="padding-left: 0.5em;">
<div id="projectname">VMProfiler
&#160;<span id="projectnumber">v1.8</span>
</div>
<div id="projectbrief">vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.9.1 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
var searchBox = new SearchBox("searchBox", "search",false,'Search','.html');
/* @license-end */
</script>
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
$(function() {
initMenu('',true,false,'search.php','Search');
$(document).ready(function() { init_search(); });
});
/* @license-end */</script>
<div id="main-nav"></div>
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
</div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<div id="nav-path" class="navpath">
<ul>
<li class="navelem"><a class="el" href="dir_d44c64559bbebec7f509842c48db8b23.html">include</a></li> </ul>
</div>
</div><!-- top -->
<div class="header">
<div class="summary">
<a href="#nested-classes">Classes</a> &#124;
<a href="#namespaces">Namespaces</a> &#124;
<a href="#func-members">Functions</a> </div>
<div class="headertitle">
<div class="title">vmhandlers.hpp File Reference</div> </div>
</div><!--header-->
<div class="contents">
<div class="textblock"><code>#include &lt;<a class="el" href="transform_8hpp_source.html">transform.hpp</a>&gt;</code><br />
<code>#include &lt;<a class="el" href="vmprofiles_8hpp_source.html">vmprofiles.hpp</a>&gt;</code><br />
</div>
<p><a href="vmhandlers_8hpp_source.html">Go to the source code of this file.</a></p>
<table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="nested-classes"></a>
Classes</h2></td></tr>
<tr class="memitem:"><td class="memItemLeft" align="right" valign="top">struct &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="structvm_1_1handler_1_1handler__t.html">vm::handler::handler_t</a></td></tr>
<tr class="memdesc:"><td class="mdescLeft">&#160;</td><td class="mdescRight"><a class="el" href="structvm_1_1handler_1_1handler__t.html" title="handler_t contains all the information for a vm handler such as its immidate value size (zero if ther...">handler_t</a> contains all the information for a vm handler such as its immidate value size (zero if there is no imm), the transformations applied to the imm to decrypt it (if any), a pointer to the profile (nullptr if there is none), and other meta data... <a href="structvm_1_1handler_1_1handler__t.html#details">More...</a><br /></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
</table><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="namespaces"></a>
Namespaces</h2></td></tr>
<tr class="memitem:namespacevm"><td class="memItemLeft" align="right" valign="top"> &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm.html">vm</a></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:namespacevm_1_1handler"><td class="memItemLeft" align="right" valign="top"> &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html">vm::handler</a></td></tr>
<tr class="memdesc:namespacevm_1_1handler"><td class="mdescLeft">&#160;</td><td class="mdescRight">contains all information pertaining to vm handler identification... <br /></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:namespacevm_1_1handler_1_1table"><td class="memItemLeft" align="right" valign="top"> &#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html">vm::handler::table</a></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2">&#160;</td></tr>
</table><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
Functions</h2></td></tr>
<tr class="memitem:ab830e56e2b4ee32851937ae0fe1a4918"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ab830e56e2b4ee32851937ae0fe1a4918">vm::handler::has_imm</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_handler)</td></tr>
<tr class="memdesc:ab830e56e2b4ee32851937ae0fe1a4918"><td class="mdescLeft">&#160;</td><td class="mdescRight">given a vm handler returns true if the vm handler decrypts an operand... <a href="namespacevm_1_1handler.html#ab830e56e2b4ee32851937ae0fe1a4918">More...</a><br /></td></tr>
<tr class="separator:ab830e56e2b4ee32851937ae0fe1a4918"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a073cb14b6691023771ad8eada2452138"><td class="memItemLeft" align="right" valign="top">std::optional&lt; std::uint8_t &gt;&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#a073cb14b6691023771ad8eada2452138">vm::handler::imm_size</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_handler)</td></tr>
<tr class="memdesc:a073cb14b6691023771ad8eada2452138"><td class="mdescLeft">&#160;</td><td class="mdescRight">gets the imm size of a vm handler... <a href="namespacevm_1_1handler.html#a073cb14b6691023771ad8eada2452138">More...</a><br /></td></tr>
<tr class="separator:a073cb14b6691023771ad8eada2452138"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:aa04be3f452edc65f17c38ef91fbed341"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#aa04be3f452edc65f17c38ef91fbed341">vm::handler::get</a> (<a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry, <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_handler, std::uintptr_t handler_addr)</td></tr>
<tr class="memdesc:aa04be3f452edc65f17c38ef91fbed341"><td class="mdescLeft">&#160;</td><td class="mdescRight">gets a vm handler, puts all of the native instructions inside of the vm_handler param... <a href="namespacevm_1_1handler.html#aa04be3f452edc65f17c38ef91fbed341">More...</a><br /></td></tr>
<tr class="separator:aa04be3f452edc65f17c38ef91fbed341"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:ae40eade4312e1383ae334ad2e0adacbf"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ae40eade4312e1383ae334ad2e0adacbf">vm::handler::get_all</a> (std::uintptr_t module_base, std::uintptr_t image_base, <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry, std::uintptr_t *vm_handler_table, std::vector&lt; handler_t &gt; &amp;vm_handlers)</td></tr>
<tr class="memdesc:ae40eade4312e1383ae334ad2e0adacbf"><td class="mdescLeft">&#160;</td><td class="mdescRight">get all 256 vm handlers... <a href="namespacevm_1_1handler.html#ae40eade4312e1383ae334ad2e0adacbf">More...</a><br /></td></tr>
<tr class="separator:ae40eade4312e1383ae334ad2e0adacbf"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:ad63629408ca7f8b34169a38399ffcf02"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ad63629408ca7f8b34169a38399ffcf02">vm::handler::get_operand_transforms</a> (<a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_handler, transform::map_t &amp;transforms)</td></tr>
<tr class="memdesc:ad63629408ca7f8b34169a38399ffcf02"><td class="mdescLeft">&#160;</td><td class="mdescRight">get operand decryption instructions given a vm handler... <a href="namespacevm_1_1handler.html#ad63629408ca7f8b34169a38399ffcf02">More...</a><br /></td></tr>
<tr class="separator:ad63629408ca7f8b34169a38399ffcf02"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:ad410231628efa1c4ee7fe9a8c4c7db90"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> *&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#ad410231628efa1c4ee7fe9a8c4c7db90">vm::handler::get_profile</a> (handler_t &amp;vm_handler)</td></tr>
<tr class="memdesc:ad410231628efa1c4ee7fe9a8c4c7db90"><td class="mdescLeft">&#160;</td><td class="mdescRight">get a vm handler profile given a <a class="el" href="structvm_1_1handler_1_1handler__t.html" title="handler_t contains all the information for a vm handler such as its immidate value size (zero if ther...">handler_t</a>... <a href="namespacevm_1_1handler.html#ad410231628efa1c4ee7fe9a8c4c7db90">More...</a><br /></td></tr>
<tr class="separator:ad410231628efa1c4ee7fe9a8c4c7db90"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a0ba01b3a015d7f25b83261e9183a2e40"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structvm_1_1handler_1_1profile__t.html">vm::handler::profile_t</a> *&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler.html#a0ba01b3a015d7f25b83261e9183a2e40">vm::handler::get_profile</a> (<a class="el" href="namespacevm_1_1handler.html#a83cdfb05acdea9268310c37165bd13c1">vm::handler::mnemonic_t</a> mnemonic)</td></tr>
<tr class="memdesc:a0ba01b3a015d7f25b83261e9183a2e40"><td class="mdescLeft">&#160;</td><td class="mdescRight">get a vm handler profile given the mnemonic of the vm handler... <a href="namespacevm_1_1handler.html#a0ba01b3a015d7f25b83261e9183a2e40">More...</a><br /></td></tr>
<tr class="separator:a0ba01b3a015d7f25b83261e9183a2e40"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a664a7f96f12e1305466df77d761d43fc"><td class="memItemLeft" align="right" valign="top">std::uintptr_t *&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#a664a7f96f12e1305466df77d761d43fc">vm::handler::table::get</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry)</td></tr>
<tr class="memdesc:a664a7f96f12e1305466df77d761d43fc"><td class="mdescLeft">&#160;</td><td class="mdescRight">get the linear virtual address of the vm handler table give a deobfuscated, flattened, vm entry... <a href="namespacevm_1_1handler_1_1table.html#a664a7f96f12e1305466df77d761d43fc">More...</a><br /></td></tr>
<tr class="separator:a664a7f96f12e1305466df77d761d43fc"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a5e8586b80ccde98882291ded921749ff"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#a5e8586b80ccde98882291ded921749ff">vm::handler::table::get_transform</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry, <a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> *transform_instr)</td></tr>
<tr class="memdesc:a5e8586b80ccde98882291ded921749ff"><td class="mdescLeft">&#160;</td><td class="mdescRight">get the single native instruction used to decrypt vm handler entries... <a href="namespacevm_1_1handler_1_1table.html#a5e8586b80ccde98882291ded921749ff">More...</a><br /></td></tr>
<tr class="separator:a5e8586b80ccde98882291ded921749ff"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a69494eb8dca48abd03ff543c8adbf186"><td class="memItemLeft" align="right" valign="top">std::uint64_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#a69494eb8dca48abd03ff543c8adbf186">vm::handler::table::encrypt</a> (<a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &amp;transform_instr, std::uint64_t val)</td></tr>
<tr class="memdesc:a69494eb8dca48abd03ff543c8adbf186"><td class="mdescLeft">&#160;</td><td class="mdescRight">encrypt a linear virtual address given the transformation that is used to decrypt the vm handler table entry... this function will apply the inverse of the transformation so you dont need to get the inverse yourself... <a href="namespacevm_1_1handler_1_1table.html#a69494eb8dca48abd03ff543c8adbf186">More...</a><br /></td></tr>
<tr class="separator:a69494eb8dca48abd03ff543c8adbf186"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:aa8ffcb4e9e445f940723179cf9c87818"><td class="memItemLeft" align="right" valign="top">std::uint64_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#aa8ffcb4e9e445f940723179cf9c87818">vm::handler::table::decrypt</a> (<a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &amp;transform_instr, std::uint64_t val)</td></tr>
<tr class="memdesc:aa8ffcb4e9e445f940723179cf9c87818"><td class="mdescLeft">&#160;</td><td class="mdescRight">decrypts a vm handler table entry... <a href="namespacevm_1_1handler_1_1table.html#aa8ffcb4e9e445f940723179cf9c87818">More...</a><br /></td></tr>
<tr class="separator:aa8ffcb4e9e445f940723179cf9c87818"><td class="memSeparator" colspan="2">&#160;</td></tr>
</table>
</div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated by&#160;<a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1
</small></address>
</body>
</html>