You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
vmprofiler/manual/ADD_VTIL_LIFTER.md

1.6 KiB

Introduction

This will disclose how to create a VTIL lifter for VMProfiler v1.8. The instructions may change in later versions of VMProfiler.

Example - Existing VTIL Lifter For LCONSTQ

Understand that LCONSTQ loads an eight byte value onto the stack. Thus the usage of vtil::operand to create a 64 bit value.

Step 1, Declare Lifter

vm::lifters::lifter_t lconstq = {
    // push imm<N>
    vm::handler::LCONSTQ,
    []( vtil::basic_block *blk, vm::instrs::virt_instr_t *vinstr, vmp2::v3::code_block_t *code_blk ) {
        blk->push( vtil::operand( vinstr->operand.imm.u, 64 ) );
    } };

Step 2, Declare Extern In vmlifters.hpp

You can see this exact line of code here.

extern vm::lifters::lifter_t lconstq;

Step 3, Add Lifter To vm::lifters::all

inline std::vector< vm::lifters::lifter_t * > all = {
    // lreg lifters...
    &lregq, &lregdw,

    // add lifters...
    &addq, &adddw, &addw,

    // sreg lifters...
    &sregq, &sregdw, &sregw,

    // lconst lifters...
    &lconstq, &lconstdw, &lconstw, &lconstbzxw, &lconstbsxdw, &lconstbsxq, &lconstdwsxq, &lconstwsxq, &lconstwsxdw,

    // nand lifters...
    &nandq, &nanddw, &nandw,

    // read lifters....
    &readq, &readdw, &readw,

    // shr lifters...
    &shrq, &shrw,

    // pushvsp lifter...
    &pushvsp,

    // jmp lifter...
    &jmp,

    // lflags lifter...
    &lrflags,

    // lvsp lifter...
    &lvsp,

    // vmexit lifter...
    &vmexit };