updated how vm::instrs::determine works...

main
_xeroxz 3 years ago
parent 322a8bcf97
commit b88c7b9321

@ -2,6 +2,9 @@
#include <unicorn/unicorn.h> #include <unicorn/unicorn.h>
#include <vmutils.hpp> #include <vmutils.hpp>
#define VIRTUAL_REGISTER_COUNT 24
#define VIRTUAL_SEH_REGISTER 24
namespace vm::instrs { namespace vm::instrs {
/// <summary> /// <summary>
/// mnemonic representation of supported virtual instructions... /// mnemonic representation of supported virtual instructions...
@ -135,6 +138,11 @@ struct vblk_t {
/// unicorn-engine stack of the first instruction of the jmp handler... /// unicorn-engine stack of the first instruction of the jmp handler...
/// </summary> /// </summary>
std::uint8_t* stack; std::uint8_t* stack;
struct {
zydis_reg_t vip;
zydis_reg_t vsp;
} m_vm;
} m_jmp; } m_jmp;
/// <summary> /// <summary>
@ -380,7 +388,7 @@ void init();
/// <param name="vsp">vsp native register...</param> /// <param name="vsp">vsp native register...</param>
/// <param name="hndlr"></param> /// <param name="hndlr"></param>
/// <returns>returns vinstr_t structure...</returns> /// <returns>returns vinstr_t structure...</returns>
vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr); vinstr_t determine(hndlr_trace_t& hndlr);
/// <summary> /// <summary>
/// get profile from mnemonic... /// get profile from mnemonic...

@ -127,7 +127,7 @@ void init() {
}); });
} }
vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr) { vinstr_t determine(hndlr_trace_t& hndlr) {
const auto& instrs = hndlr.m_instrs; const auto& instrs = hndlr.m_instrs;
const auto profile = std::find_if( const auto profile = std::find_if(
profiles.begin(), profiles.end(), [&](profiler_t* profile) -> bool { profiles.begin(), profiles.end(), [&](profiler_t* profile) -> bool {
@ -136,7 +136,7 @@ vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr) {
std::find_if(instrs.begin(), instrs.end(), std::find_if(instrs.begin(), instrs.end(),
[&](const emu_instr_t& instr) -> bool { [&](const emu_instr_t& instr) -> bool {
const auto& i = instr.m_instr; const auto& i = instr.m_instr;
return matcher(vip, vsp, i); return matcher(hndlr.m_vip, hndlr.m_vsp, i);
}); });
if (matched == instrs.end()) if (matched == instrs.end())
return false; return false;
@ -147,7 +147,7 @@ vinstr_t determine(zydis_reg_t& vip, zydis_reg_t& vsp, hndlr_trace_t& hndlr) {
if (profile == profiles.end()) if (profile == profiles.end())
return vinstr_t{mnemonic_t::unknown}; return vinstr_t{mnemonic_t::unknown};
auto result = (*profile)->generate(vip, vsp, hndlr); auto result = (*profile)->generate(hndlr.m_vip, hndlr.m_vsp, hndlr);
return result.has_value() ? result.value() : vinstr_t{mnemonic_t::unknown}; return result.has_value() ? result.value() : vinstr_t{mnemonic_t::unknown};
} }

Loading…
Cancel
Save