added my new instructions

pull/1/head
xtremegamer1 2 years ago
parent 512b19292c
commit 25c3008dc2

@ -16,6 +16,7 @@ enum class mnemonic_t : uint8_t {
lreg,
lconst,
add,
_and, //The fucking idiots who wrote the standard thought reserving the word "and" was appropriate
div,
idiv,
mul,
@ -24,7 +25,6 @@ enum class mnemonic_t : uint8_t {
nop,
nor,
read,
readbzxw, //Read byte zero extend to word
write,
shl,
shld,
@ -32,6 +32,7 @@ enum class mnemonic_t : uint8_t {
shrd,
lvsp,
svsp,
lcr0,
writecr3,
readcr3,
writecr8,
@ -288,14 +289,15 @@ extern profiler_t sreg;
extern profiler_t lreg;
extern profiler_t lconst;
extern profiler_t add;
extern profiler_t _and;
extern profiler_t lvsp;
extern profiler_t svsp;
extern profiler_t nand;
extern profiler_t nop;
extern profiler_t nor;
extern profiler_t read;
extern profiler_t readbzxw;
extern profiler_t write;
extern profiler_t lcr0;
extern profiler_t writedr7;
extern profiler_t imul;
extern profiler_t shl;
@ -309,8 +311,8 @@ extern profiler_t vmexit;
/// unsorted vector of profiles... they get sorted once at runtime...
/// </summary>
inline std::vector<profiler_t*> profiles = {
&vmexit, &shl, &shld, &shr, &shrd, &imul, &nor, &write, &svsp, &read, &readbzxw,
&nand, &lvsp, &add, &jmp, &sreg, &lreg, &lconst, &nop, &writedr7};
&vmexit, &shl, &shld, &shr, &shrd, &imul, &nor, &write, &svsp, &read,
&nand, &lvsp, &add, &jmp, &_and, &sreg, &lreg, &lcr0, &lconst, &nop, &writedr7};
/// <summary>
/// no i did not make this by hand, you cannot clown upon me!

@ -1,5 +1,5 @@
#include <vminstrs.hpp>
#include <uc_allocation_tracker.hpp>
namespace vm::instrs {
void deobfuscate(hndlr_trace_t& trace) {
static const auto _uses_reg = [](zydis_decoded_operand_t& op,
@ -64,11 +64,13 @@ void deobfuscate(hndlr_trace_t& trace) {
if (std::find(blacklist.begin(), blacklist.end(),
itr->m_instr.mnemonic) != blacklist.end()) {
uct_context_free(itr->m_cpu);
trace.m_instrs.erase(itr);
break;
}
if (vm::utils::is_jmp(itr->m_instr)) {
uct_context_free(itr->m_cpu);
trace.m_instrs.erase(itr);
break;
}
@ -111,6 +113,7 @@ void deobfuscate(hndlr_trace_t& trace) {
_writes(read_result->m_instr, reg))
continue;
uct_context_free(itr->m_cpu);
trace.m_instrs.erase(itr);
break;
}

Loading…
Cancel
Save