updated vmprofiler dep. preparing to add virtual branch recovery...

deps/vmprofiler

@@ -1 +1 @@
-Subproject commit 703245ffc98f151e2ee197c509dd12a9ab05b8bd
+Subproject commit 4c4bcf8a1836eaa2b9e295b46caf67857b726f03

include/vmemu_t.hpp

@@ -21,6 +21,8 @@ class emu_t {
   uc_engine* uc;
   const vm::vmctx_t* m_vm;
   zydis_reg_t vip, vsp;
+
+  std::vector<vm::instrs::vinstr_t> vinstrs;
   vm::instrs::hndlr_trace_t cc_trace;
   uc_hook code_exec_hook, invalid_mem_hook, int_hook;
 
@@ -29,12 +31,13 @@ class emu_t {
                                  uint32_t size,
                                  emu_t* obj);
 
-  static void int_callback(uc_engine* uc, std::uint32_t intno, emu_t* obj);
   static void invalid_mem(uc_engine* uc,
                           uc_mem_type type,
                           uint64_t address,
                           int size,
                           int64_t value,
                           emu_t* obj);
+
+  static void int_callback(uc_engine* uc, std::uint32_t intno, emu_t* obj);
 };
 }  // namespace vm

src/main.cpp

@@ -3,11 +3,8 @@
 #include <iostream>
 #include <thread>
 #include <vmlocate.hpp>
-
 #include "vmemu_t.hpp"
 
-#define NUM_THREADS 20
-
 int __cdecl main(int argc, const char* argv[]) {
   argparse::argument_parser_t parser("VMEmu",
                                      "VMProtect 3 VM Handler Emulator");
@@ -116,28 +113,28 @@ int __cdecl main(int argc, const char* argv[]) {
     const auto vm_entries = vm::locate::get_vm_entries(module_base, image_size);
     std::printf("> number of vm entries = %d\n", vm_entries.size());
 
-    // TODO: rewrite this, just testing get_vm_entries...
+    const auto vm_entry_rva =
-    for (const auto& [vm_entry_rva, encrypted_rva] : vm_entries) {
+        std::strtoull(parser.get<std::string>("vmentry").c_str(), nullptr, 16);
-      vm::vmctx_t vmctx(module_base, image_base, image_size, vm_entry_rva);
+
-      if (!vmctx.init()) {
+    vm::vmctx_t vmctx(module_base, image_base, image_size, vm_entry_rva);
-        std::printf(
+    if (!vmctx.init()) {
-            "[!] failed to init vmctx... this can be for many reasons..."
+      std::printf(
-            " try validating your vm entry rva... make sure the binary is "
+          "[!] failed to init vmctx... this can be for many reasons..."
-            "unpacked and is"
+          " try validating your vm entry rva... make sure the binary is "
-            "protected with VMProtect 3...\n");
+          "unpacked and is"
-        return -1;
+          "protected with VMProtect 3...\n");
-      }
+      return -1;
-
-      vm::emu_t emu(&vmctx);
-      if (!emu.init()) {
-        std::printf(
-            "[!] failed to init vm::emu_t... read above in the console for the "
-            "reason...\n");
-        return -1;
-      }
-
-      // TODO: rewrite this... using it to define profiles atm...
-      emu.emulate();
     }
+
+    vm::emu_t emu(&vmctx);
+    if (!emu.init()) {
+      std::printf(
+          "[!] failed to init vm::emu_t... read above in the console for the "
+          "reason...\n");
+      return -1;
+    }
+
+    // TODO: rewrite this... using it to define profiles atm...
+    emu.emulate();
   }
 }

src/vmemu_t.cpp

@@ -192,10 +192,9 @@ bool emu_t::code_exec_callback(uc_engine* uc,
       std::getchar();
     }
 
-    if (vinstr.mnemonic == vm::instrs::mnemonic_t::jmp) {
+    obj->cc_trace.m_vip = obj->vip;
-      obj->cc_trace.m_vip = obj->vip;
+    obj->cc_trace.m_vsp = obj->vsp;
-      obj->cc_trace.m_vsp = obj->vsp;
+    obj->vinstrs.push_back(vinstr);
-    }
 
     // free the trace since we will start a new one...
     std::for_each(obj->cc_trace.m_instrs.begin(), obj->cc_trace.m_instrs.end(),
@@ -204,6 +203,10 @@ bool emu_t::code_exec_callback(uc_engine* uc,
                   });
 
     obj->cc_trace.m_instrs.clear();
+
+    if (vinstr.mnemonic == vm::instrs::mnemonic_t::jmp ||
+        vinstr.mnemonic == vm::instrs::mnemonic_t::vmexit)
+      uc_emu_stop(obj->uc);
   }
   return true;
 }