vmp2
/
vmprofiler
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '64a139ffca'
${ noResults }
vmprofiler/doxygen/html/vminstrs_8hpp_source.html

127 lines
16 KiB
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.9.1"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>VMProfiler: D:/vmprofiler-qt/dependencies/vmprofiler/include/vminstrs.hpp Source File</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/searchdata.js"></script>
<script type="text/javascript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td id="projectlogo"><img alt="Logo" src="icon.png"/></td>
<td id="projectalign" style="padding-left: 0.5em;">
<div id="projectname">VMProfiler
&#160;<span id="projectnumber">v1.8</span>
</div>
<div id="projectbrief">vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.9.1 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
var searchBox = new SearchBox("searchBox", "search",false,'Search','.html');
/* @license-end */
</script>
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
$(function() {
initMenu('',true,false,'search.php','Search');
$(document).ready(function() { init_search(); });
});
/* @license-end */</script>
<div id="main-nav"></div>
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
</div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<div id="nav-path" class="navpath">
<ul>
<li class="navelem"><a class="el" href="dir_d44c64559bbebec7f509842c48db8b23.html">include</a></li> </ul>
</div>
</div><!-- top -->
<div class="header">
<div class="headertitle">
<div class="title">vminstrs.hpp</div> </div>
</div><!--header-->
<div class="contents">
<a href="vminstrs_8hpp.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno"> 1</span>&#160;<span class="preprocessor">#pragma once</span></div>
<div class="line"><a name="l00002"></a><span class="lineno"> 2</span>&#160;<span class="preprocessor">#include &lt;<a class="code" href="transform_8hpp.html">transform.hpp</a>&gt;</span></div>
<div class="line"><a name="l00003"></a><span class="lineno"> 3</span>&#160;<span class="preprocessor">#include &lt;<a class="code" href="vmctx_8hpp.html">vmctx.hpp</a>&gt;</span></div>
<div class="line"><a name="l00004"></a><span class="lineno"> 4</span>&#160;<span class="preprocessor">#include &lt;<a class="code" href="vmhandlers_8hpp.html">vmhandlers.hpp</a>&gt;</span></div>
<div class="line"><a name="l00005"></a><span class="lineno"> 5</span>&#160;<span class="preprocessor">#include &lt;<a class="code" href="vmp2_8hpp.html">vmp2.hpp</a>&gt;</span></div>
<div class="line"><a name="l00006"></a><span class="lineno"> 6</span>&#160; </div>
<div class="line"><a name="l00010"></a><span class="lineno"><a class="line" href="namespacevm_1_1instrs.html"> 10</a></span>&#160;<span class="keyword">namespace </span><a class="code" href="namespacevm_1_1instrs.html">vm::instrs</a></div>
<div class="line"><a name="l00011"></a><span class="lineno"> 11</span>&#160;{</div>
<div class="line"><a name="l00019"></a><span class="lineno"> 19</span>&#160; <span class="keywordtype">bool</span> <a class="code" href="namespacevm_1_1instrs.html#abfbe5c819730d2693296df3c71393de3">get_rva_decrypt</a>( <span class="keyword">const</span> <a class="code" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry, std::vector&lt; zydis_decoded_instr_t &gt; &amp;transform_instrs );</div>
<div class="line"><a name="l00020"></a><span class="lineno"> 20</span>&#160; </div>
<div class="line"><a name="l00030"></a><span class="lineno"> 30</span>&#160; std::pair&lt; std::uint64_t, std::uint64_t &gt; <a class="code" href="namespacevm_1_1instrs.html#a995be4b7dd3764aec88207611a2b879d">decrypt_operand</a>( <a class="code" href="namespacevm_1_1transform.html#af3bd71c380a50beece9341287b7cc025">transform::map_t</a> &amp;<a class="code" href="namespacevm_1_1transform.html#ac5fcbe5497bc1e136caf781b61fbd8f1">transforms</a>, std::uint64_t operand,</div>
<div class="line"><a name="l00031"></a><span class="lineno"> 31</span>&#160; std::uint64_t rolling_key );</div>
<div class="line"><a name="l00032"></a><span class="lineno"> 32</span>&#160; </div>
<div class="line"><a name="l00042"></a><span class="lineno"> 42</span>&#160; std::pair&lt; std::uint64_t, std::uint64_t &gt; <a class="code" href="namespacevm_1_1instrs.html#a388b00855c582da503850d72de7e8f57">encrypt_operand</a>( <a class="code" href="namespacevm_1_1transform.html#af3bd71c380a50beece9341287b7cc025">transform::map_t</a> &amp;<a class="code" href="namespacevm_1_1transform.html#ac5fcbe5497bc1e136caf781b61fbd8f1">transforms</a>, std::uint64_t operand,</div>
<div class="line"><a name="l00043"></a><span class="lineno"> 43</span>&#160; std::uint64_t rolling_key );</div>
<div class="line"><a name="l00044"></a><span class="lineno"> 44</span>&#160; </div>
<div class="line"><a name="l00051"></a><span class="lineno"> 51</span>&#160; std::optional&lt; virt_instr_t &gt; <a class="code" href="namespacevm_1_1instrs.html#aa7a629de41909a287c549397a4043c2f">get</a>( <a class="code" href="classvm_1_1ctx__t.html">vm::ctx_t</a> &amp;ctx, <a class="code" href="structvmp2_1_1v2_1_1entry__t.html">vmp2::v2::entry_t</a> &amp;entry );</div>
<div class="line"><a name="l00052"></a><span class="lineno"> 52</span>&#160; </div>
<div class="line"><a name="l00060"></a><span class="lineno"> 60</span>&#160; std::optional&lt; std::uint64_t &gt; <a class="code" href="namespacevm_1_1instrs.html#a432536e816a10200518676e5616335a6">get_imm</a>( <a class="code" href="classvm_1_1ctx__t.html">vm::ctx_t</a> &amp;ctx, std::uint8_t <a class="code" href="namespacevm_1_1handler.html#a073cb14b6691023771ad8eada2452138">imm_size</a>, std::uintptr_t vip );</div>
<div class="line"><a name="l00061"></a><span class="lineno"> 61</span>&#160; </div>
<div class="line"><a name="l00073"></a><span class="lineno"> 73</span>&#160; std::optional&lt; jcc_data &gt; <a class="code" href="namespacevm_1_1instrs.html#a093e8f1c37d98c4454a3d0b58fda6188">get_jcc_data</a>( <a class="code" href="classvm_1_1ctx__t.html">vm::ctx_t</a> &amp;ctx, <a class="code" href="structvm_1_1instrs_1_1code__block__t.html">code_block_t</a> &amp;code_block );</div>
<div class="line"><a name="l00074"></a><span class="lineno"> 74</span>&#160; </div>
<div class="line"><a name="l00084"></a><span class="lineno"> 84</span>&#160; std::uintptr_t <a class="code" href="namespacevm_1_1instrs.html#a5ee4814b206e0a4f8fc27356efc9503a">code_block_addr</a>( <span class="keyword">const</span> <a class="code" href="classvm_1_1ctx__t.html">vm::ctx_t</a> &amp;ctx, <span class="keyword">const</span> <a class="code" href="structvmp2_1_1v2_1_1entry__t.html">vmp2::v2::entry_t</a> &amp;entry );</div>
<div class="line"><a name="l00085"></a><span class="lineno"> 85</span>&#160; </div>
<div class="line"><a name="l00092"></a><span class="lineno"> 92</span>&#160; std::uintptr_t <a class="code" href="namespacevm_1_1instrs.html#a5ee4814b206e0a4f8fc27356efc9503a">code_block_addr</a>( <span class="keyword">const</span> <a class="code" href="classvm_1_1ctx__t.html">vm::ctx_t</a> &amp;ctx, <span class="keyword">const</span> std::uint32_t lower_32bits );</div>
<div class="line"><a name="l00093"></a><span class="lineno"> 93</span>&#160;} <span class="comment">// namespace vm::instrs</span></div>
<div class="ttc" id="aclassvm_1_1ctx__t_html"><div class="ttname"><a href="classvm_1_1ctx__t.html">vm::ctx_t</a></div><div class="ttdoc">vm::ctx_t class is used to auto generate vm_entry, calc_jmp, and other per-vm entry information....</div><div class="ttdef"><b>Definition:</b> vmctx.hpp:13</div></div>
<div class="ttc" id="anamespacevm_1_1handler_html_a073cb14b6691023771ad8eada2452138"><div class="ttname"><a href="namespacevm_1_1handler.html#a073cb14b6691023771ad8eada2452138">vm::handler::imm_size</a></div><div class="ttdeci">std::optional&lt; std::uint8_t &gt; imm_size(const zydis_routine_t &amp;vm_handler)</div><div class="ttdoc">gets the imm size of a vm handler...</div><div class="ttdef"><b>Definition:</b> vmhandler.cpp:108</div></div>
<div class="ttc" id="anamespacevm_1_1instrs_html"><div class="ttname"><a href="namespacevm_1_1instrs.html">vm::instrs</a></div><div class="ttdoc">contains all functions related to virtual instructions...</div><div class="ttdef"><b>Definition:</b> vminstrs.hpp:11</div></div>
<div class="ttc" id="anamespacevm_1_1instrs_html_a093e8f1c37d98c4454a3d0b58fda6188"><div class="ttname"><a href="namespacevm_1_1instrs.html#a093e8f1c37d98c4454a3d0b58fda6188">vm::instrs::get_jcc_data</a></div><div class="ttdeci">std::optional&lt; jcc_data &gt; get_jcc_data(vm::ctx_t &amp;ctx, code_block_t &amp;code_block)</div><div class="ttdoc">get jcc data out of a code block... this function will loop over the code block and look for the last...</div><div class="ttdef"><b>Definition:</b> vminstrs.cpp:200</div></div>
<div class="ttc" id="anamespacevm_1_1instrs_html_a388b00855c582da503850d72de7e8f57"><div class="ttname"><a href="namespacevm_1_1instrs.html#a388b00855c582da503850d72de7e8f57">vm::instrs::encrypt_operand</a></div><div class="ttdeci">std::pair&lt; std::uint64_t, std::uint64_t &gt; encrypt_operand(transform::map_t &amp;transforms, std::uint64_t operand, std::uint64_t rolling_key)</div><div class="ttdoc">encrypt a virtual instructions operand given the transformations to decrypt the operand....</div><div class="ttdef"><b>Definition:</b> vminstrs.cpp:64</div></div>
<div class="ttc" id="anamespacevm_1_1instrs_html_a432536e816a10200518676e5616335a6"><div class="ttname"><a href="namespacevm_1_1instrs.html#a432536e816a10200518676e5616335a6">vm::instrs::get_imm</a></div><div class="ttdeci">std::optional&lt; std::uint64_t &gt; get_imm(vm::ctx_t &amp;ctx, std::uint8_t imm_size, std::uintptr_t vip)</div><div class="ttdoc">gets the encrypted second operand (imm) given vip and vm::ctx_t...</div><div class="ttdef"><b>Definition:</b> vminstrs.cpp:160</div></div>
<div class="ttc" id="anamespacevm_1_1instrs_html_a5ee4814b206e0a4f8fc27356efc9503a"><div class="ttname"><a href="namespacevm_1_1instrs.html#a5ee4814b206e0a4f8fc27356efc9503a">vm::instrs::code_block_addr</a></div><div class="ttdeci">std::uintptr_t code_block_addr(const vm::ctx_t &amp;ctx, const vmp2::v2::entry_t &amp;entry)</div><div class="ttdoc">the top of the stack will contain the lower 32bits of the RVA to the virtual instructions that will b...</div><div class="ttdef"><b>Definition:</b> vminstrs.cpp:263</div></div>
<div class="ttc" id="anamespacevm_1_1instrs_html_a995be4b7dd3764aec88207611a2b879d"><div class="ttname"><a href="namespacevm_1_1instrs.html#a995be4b7dd3764aec88207611a2b879d">vm::instrs::decrypt_operand</a></div><div class="ttdeci">std::pair&lt; std::uint64_t, std::uint64_t &gt; decrypt_operand(transform::map_t &amp;transforms, std::uint64_t operand, std::uint64_t rolling_key)</div><div class="ttdoc">decrypt virtual instruction operand given the decryption transformations... you can read about these ...</div><div class="ttdef"><b>Definition:</b> vminstrs.cpp:5</div></div>
<div class="ttc" id="anamespacevm_1_1instrs_html_aa7a629de41909a287c549397a4043c2f"><div class="ttname"><a href="namespacevm_1_1instrs.html#aa7a629de41909a287c549397a4043c2f">vm::instrs::get</a></div><div class="ttdeci">std::optional&lt; virt_instr_t &gt; get(vm::ctx_t &amp;ctx, vmp2::v2::entry_t &amp;entry)</div><div class="ttdoc">get virt_instr_t filled in with data given a vmp2 trace entry and vm context...</div><div class="ttdef"><b>Definition:</b> vminstrs.cpp:173</div></div>
<div class="ttc" id="anamespacevm_1_1instrs_html_abfbe5c819730d2693296df3c71393de3"><div class="ttname"><a href="namespacevm_1_1instrs.html#abfbe5c819730d2693296df3c71393de3">vm::instrs::get_rva_decrypt</a></div><div class="ttdeci">bool get_rva_decrypt(const zydis_routine_t &amp;vm_entry, std::vector&lt; zydis_decoded_instr_t &gt; &amp;transform_instrs)</div><div class="ttdoc">gets the native instructions that are used to decrypt the relative virtual address to virtual instruc...</div><div class="ttdef"><b>Definition:</b> vminstrs.cpp:126</div></div>
<div class="ttc" id="anamespacevm_1_1transform_html_ac5fcbe5497bc1e136caf781b61fbd8f1"><div class="ttname"><a href="namespacevm_1_1transform.html#ac5fcbe5497bc1e136caf781b61fbd8f1">vm::transform::transforms</a></div><div class="ttdeci">std::map&lt; zydis_mnemonic_t, transform_t&lt; T &gt; &gt; transforms</div><div class="ttdef"><b>Definition:</b> transform.hpp:207</div></div>
<div class="ttc" id="anamespacevm_1_1transform_html_af3bd71c380a50beece9341287b7cc025"><div class="ttname"><a href="namespacevm_1_1transform.html#af3bd71c380a50beece9341287b7cc025">vm::transform::map_t</a></div><div class="ttdeci">std::map&lt; transform::type, zydis_decoded_instr_t &gt; map_t</div><div class="ttdoc">map of transform type to zydis decoded instruction of the transform...</div><div class="ttdef"><b>Definition:</b> transform.hpp:150</div></div>
<div class="ttc" id="astructvm_1_1instrs_1_1code__block__t_html"><div class="ttname"><a href="structvm_1_1instrs_1_1code__block__t.html">vm::instrs::code_block_t</a></div><div class="ttdef"><b>Definition:</b> vmp2.hpp:187</div></div>
<div class="ttc" id="astructvmp2_1_1v2_1_1entry__t_html"><div class="ttname"><a href="structvmp2_1_1v2_1_1entry__t.html">vmp2::v2::entry_t</a></div><div class="ttdef"><b>Definition:</b> vmp2.hpp:101</div></div>
<div class="ttc" id="atransform_8hpp_html"><div class="ttname"><a href="transform_8hpp.html">transform.hpp</a></div></div>
<div class="ttc" id="avmctx_8hpp_html"><div class="ttname"><a href="vmctx_8hpp.html">vmctx.hpp</a></div></div>
<div class="ttc" id="avmhandlers_8hpp_html"><div class="ttname"><a href="vmhandlers_8hpp.html">vmhandlers.hpp</a></div></div>
<div class="ttc" id="avmp2_8hpp_html"><div class="ttname"><a href="vmp2_8hpp.html">vmp2.hpp</a></div></div>
<div class="ttc" id="avmutils_8hpp_html_a5fdde6e9d3e6c6eca28ecadf2e837d3c"><div class="ttname"><a href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a></div><div class="ttdeci">std::vector&lt; zydis_instr_t &gt; zydis_routine_t</div><div class="ttdef"><b>Definition:</b> vmutils.hpp:29</div></div>
</div><!-- fragment --></div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated by&#160;<a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1
</small></address>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink