diff --git a/include/vmemu_t.hpp b/include/vmemu_t.hpp index 205c5d2..b5d4b6b 100644 --- a/include/vmemu_t.hpp +++ b/include/vmemu_t.hpp @@ -22,7 +22,6 @@ namespace reg_names } class emu_t { public: - explicit emu_t(vm::vmctx_t* vm_ctx, bool log); explicit emu_t(vm::vmctx_t* vm_ctx); ~emu_t(); bool init(); @@ -59,11 +58,6 @@ class emu_t { /// uc_hook code_exec_hook, invalid_mem_hook, int_hook, branch_pred_hook; - bool log_bytecode; - - // Logged bytecode for lifting - std::vector il_bytecode; - /// /// code execution callback for executable memory ranges of the vmprotect'ed /// module... essentially used to single step the processor over virtual diff --git a/src/vmemu_t.cpp b/src/vmemu_t.cpp index 7694db4..4588a5b 100644 --- a/src/vmemu_t.cpp +++ b/src/vmemu_t.cpp @@ -1,8 +1,6 @@ #include #include namespace vm { -emu_t::emu_t(vm::vmctx_t* vm_ctx, bool log) : m_vm(vm_ctx), - log_bytecode(log) {} emu_t::emu_t(vm::vmctx_t* vm_ctx) : m_vm(vm_ctx) {}; emu_t::~emu_t() { @@ -405,21 +403,7 @@ bool emu_t::code_exec_callback(uc_engine* uc, uint64_t address, uint32_t size, uc_context_free(backup); } else { const auto vinstr = vm::instrs::determine(obj->cc_trace); - if (vinstr.mnemonic != vm::instrs::mnemonic_t::unknown) { //TODO: Remove and add this after the code block is made - if (obj->log_bytecode) - { - obj->il_bytecode.emplace_back(static_cast(vinstr.mnemonic)); - if (vinstr.imm.has_imm) - { - obj->il_bytecode.emplace_back(vinstr.imm.size); - for(int i = 0; i < (vinstr.imm.size / 8); ++i) - { - obj->il_bytecode.emplace_back(*(reinterpret_cast(&vinstr.imm.val) + i)); - } - } - else - obj->il_bytecode.emplace_back(0); - } + if (vinstr.mnemonic != vm::instrs::mnemonic_t::unknown) { std::printf("%p: ", obj->cc_trace.m_begin + obj->m_vm->m_image_base - obj->m_vm->m_module_base); if (vinstr.imm.has_imm) if (vinstr.mnemonic == instrs::mnemonic_t::lreg || vinstr.mnemonic == instrs::mnemonic_t::sreg) @@ -446,7 +430,8 @@ bool emu_t::code_exec_callback(uc_engine* uc, uint64_t address, uint32_t size, "> err: please define the following vm handler (at = %p):\n", (obj->cc_trace.m_begin - obj->m_vm->m_module_base) + obj->m_vm->m_image_base); - + std::printf("vsp: %s, vip: %s\n", ZydisRegisterGetString(obj->cc_blk->m_vm.vsp), + ZydisRegisterGetString(obj->cc_blk->m_vm.vip)); vm::utils::print(inst_stream); uc_emu_stop(uc); return false; @@ -619,9 +604,4 @@ std::optional> emu_t::could_have_jcc( return {{lconst1->imm.val, lconst2->imm.val}}; } - - std::vector& emu_t::get_il_bytecode() - { - return il_bytecode; - } } // namespace vm \ No newline at end of file