added nop vm handler

3 years ago · 1b2b79e3e9
parent b88c7b9321
commit 1b2b79e3e9
3 changed files with 40 additions and 2 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -60,6 +60,7 @@ list(APPEND vmprofiler_SOURCES
 	"src/vmprofiles/lreg.cpp"
 	"src/vmprofiles/lvsp.cpp"
 	"src/vmprofiles/nand.cpp"
+	"src/vmprofiles/nop.cpp"
 	"src/vmprofiles/nor.cpp"
 	"src/vmprofiles/read.cpp"
 	"src/vmprofiles/shr.cpp"
--- a/include/vminstrs.hpp
+++ b/include/vminstrs.hpp
@ -20,6 +20,7 @@ enum class mnemonic_t {
  mul,
  imul,
  nand,
+  nop,
  nor,
  read,
  write,
@ -143,6 +144,11 @@ struct vblk_t {
      zydis_reg_t vip;
      zydis_reg_t vsp;
    } m_vm;
+
+    /// <summary>
+    /// first instruction of the virtual jmp handler...
+    /// </summary>
+    std::uintptr_t rip;
  } m_jmp;

  /// <summary>
@ -208,6 +214,11 @@ struct hndlr_trace_t {
  /// </summary>
  std::uint8_t* m_stack;

+  /// <summary>
+  /// rip at the beginning of the trace...
+  /// </summary>
+  std::uintptr_t m_begin;
+
  /// <summary>
  /// native register used for virtual instruction pointer...
  /// </summary>
@ -279,6 +290,7 @@ extern profiler_t add;
 extern profiler_t lvsp;
 extern profiler_t svsp;
 extern profiler_t nand;
+extern profiler_t nop;
 extern profiler_t nor;
 extern profiler_t read;
 extern profiler_t write;
@ -290,8 +302,8 @@ extern profiler_t vmexit;
 /// unsorted vector of profiles... they get sorted once at runtime...
 /// </summary>
 inline std::vector<profiler_t*> profiles = {
-    &vmexit, &shr,  &imul, &nor, &write, &svsp, &read,
-    &nand,   &lvsp, &add,  &jmp, &sreg,  &lreg, &lconst};
+    &vmexit, &shr, &imul, &nor,  &write, &svsp,   &read, &nand,
+    &lvsp,   &add, &jmp,  &sreg, &lreg,  &lconst, &nop};

 /// <summary>
 /// no i did not make this by hand, you cannot clown upon me!
--- a/src/vmprofiles/nop.cpp
+++ b/src/vmprofiles/nop.cpp
@ -0,0 +1,25 @@
+#include <vminstrs.hpp>
+
+namespace vm::instrs {
+profiler_t nop = {
+    "NOP",
+    mnemonic_t::nop,
+    {{// LEA REG, [0x0] ; disp is -7...
+      [&](const zydis_reg_t vip,
+          const zydis_reg_t vsp,
+          const zydis_decoded_instr_t& instr) -> bool {
+        return instr.mnemonic == ZYDIS_MNEMONIC_LEA &&
+               instr.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
+               instr.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY &&
+               instr.operands[1].mem.disp.has_displacement &&
+               instr.operands[1].mem.disp.value == -7;
+      }}},
+    [&](zydis_reg_t& vip,
+        zydis_reg_t& vsp,
+        hndlr_trace_t& hndlr) -> std::optional<vinstr_t> {
+      vinstr_t res;
+      res.mnemonic = mnemonic_t::nop;
+      res.imm.has_imm = false;
+      return res;
+    }};
+}