From 4fe8c63f4914012b380882235c974ea28603f284 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Sun, 29 Aug 2021 15:49:55 -0700 Subject: [PATCH] added more lifters... updated vmprofiler dep... --- CMakeLists.txt | 1 + dependencies/vmprofiler | 2 +- include/vm_lifters.hpp | 8 ++++++-- src/lifters/imul.cpp | 22 ++++++++++++++++++++++ src/lifters/jmp.cpp | 18 +++++++++++++++--- src/lifters/mul.cpp | 6 ++++++ src/lifters/read.cpp | 18 ++++++++++++++---- src/lifters/write.cpp | 9 +++++++++ 8 files changed, 74 insertions(+), 10 deletions(-) create mode 100644 src/lifters/imul.cpp diff --git a/CMakeLists.txt b/CMakeLists.txt index ac51295..fd8c7af 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -44,6 +44,7 @@ list(APPEND vmdevirt_SOURCES "src/devirt_utils.cpp" "src/lifters/add.cpp" "src/lifters/div.cpp" + "src/lifters/imul.cpp" "src/lifters/jmp.cpp" "src/lifters/lconst.cpp" "src/lifters/lflags.cpp" diff --git a/dependencies/vmprofiler b/dependencies/vmprofiler index 7b1f815..1b6875d 160000 --- a/dependencies/vmprofiler +++ b/dependencies/vmprofiler @@ -1 +1 @@ -Subproject commit 7b1f815a73096ac33f41133b63d991019622de49 +Subproject commit 1b6875d18825529907289bc87990fed5d99e7f96 diff --git a/include/vm_lifters.hpp b/include/vm_lifters.hpp index cb6dc90..241fb08 100644 --- a/include/vm_lifters.hpp +++ b/include/vm_lifters.hpp @@ -35,10 +35,11 @@ namespace vm static lifter_callback_t sregq, sregdw, sregb; static lifter_callback_t lregq, lregdw; + static lifter_callback_t imulq; static lifter_callback_t pushvsp; static lifter_callback_t popvsp; - static lifter_callback_t writeq; - static lifter_callback_t readq, readdw; + static lifter_callback_t writeq, writedw; + static lifter_callback_t readq, readdw, readb; static lifter_callback_t nandq, nanddw, nandb; static lifter_callback_t shrq; static lifter_callback_t jmp; @@ -57,6 +58,7 @@ namespace vm { vm::handler::ADDDW, &adddw }, { vm::handler::ADDW, &addw }, { vm::handler::SHRQ, &shrq }, + { vm::handler::IMULQ, &imulq }, { vm::handler::PUSHVSP, &pushvsp }, { vm::handler::POPVSP, &popvsp }, { vm::handler::SREGQ, &sregq }, @@ -66,7 +68,9 @@ namespace vm { vm::handler::LREGDW, &lregdw }, { vm::handler::READQ, &readq }, { vm::handler::READDW, &readdw }, + { vm::handler::READB, &readb }, { vm::handler::WRITEQ, &writeq }, + { vm::handler::WRITEDW, &writedw }, { vm::handler::NANDQ, &nandq }, { vm::handler::NANDDW, &nanddw }, { vm::handler::NANDB, &nandb }, diff --git a/src/lifters/imul.cpp b/src/lifters/imul.cpp new file mode 100644 index 0000000..ec13813 --- /dev/null +++ b/src/lifters/imul.cpp @@ -0,0 +1,22 @@ +#include + +// https://lists.llvm.org/pipermail/llvm-dev/2014-July/074685.html +// credit to James Courtier-Dutton for asking this question in 2014... +namespace vm +{ + lifters_t::lifter_callback_t lifters_t::imulq = + [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, const vm::instrs::virt_instr_t &vinstr, + llvm::IRBuilder<> *ir_builder ) { + auto t1 = rtn->pop( 8 ); + auto t2 = rtn->pop( 8 ); + auto t3 = ir_builder->CreateMul( t1, t2 ); + auto t4 = ir_builder->CreateAShr( t3, llvm::APInt( 64, 32 ) ); + auto t5 = ir_builder->CreateAnd( t3, 0xFFFFFFFF00000000 ); + rtn->push( 8, t4 ); + rtn->push( 8, t5 ); + + // TODO: compute flags for IMULQ + auto &vmp_rtn = rtn->vmp_rtns.back(); + rtn->push( 8, rtn->load_value( 8, vmp_rtn->flags ) ); + }; +} \ No newline at end of file diff --git a/src/lifters/jmp.cpp b/src/lifters/jmp.cpp index 43464ad..ba9325e 100644 --- a/src/lifters/jmp.cpp +++ b/src/lifters/jmp.cpp @@ -9,7 +9,9 @@ namespace vm " has_jcc = false... debug time!\n" ); auto &vmp_rtn = rtn->vmp_rtns.back(); - if ( vm_code_block.jcc.type == vm::instrs::jcc_type::branching ) + switch ( vm_code_block.jcc.type ) + { + case vm::instrs::jcc_type::branching: { auto rva = rtn->pop( 8 ); auto b1 = vm_code_block.jcc.block_addr[ 0 ] & std::numeric_limits< std::uint32_t >::max(); @@ -38,8 +40,9 @@ namespace vm "[!] fatal error... unable to locate basic block for branching...\n" ); ir_builder->CreateCondBr( cmp, bb1->second, bb2->second ); + break; } - else + case vm::instrs::jcc_type::absolute: { auto rva = rtn->pop( 8 ); auto bb_data = @@ -52,6 +55,15 @@ namespace vm "[!] fatal error... unable to locate basic block...\n" ); ir_builder->CreateBr( bb_data->second ); + break; + } + case vm::instrs::jcc_type::switch_case: + { + // TODO: add switch case support here... + break; + } + default: + break; } }; -} \ No newline at end of file +} // namespace vm \ No newline at end of file diff --git a/src/lifters/mul.cpp b/src/lifters/mul.cpp index e69de29..7fa5903 100644 --- a/src/lifters/mul.cpp +++ b/src/lifters/mul.cpp @@ -0,0 +1,6 @@ +#include + +namespace vm +{ + +} \ No newline at end of file diff --git a/src/lifters/read.cpp b/src/lifters/read.cpp index b92f53d..7dbea1e 100644 --- a/src/lifters/read.cpp +++ b/src/lifters/read.cpp @@ -3,8 +3,8 @@ namespace vm { lifters_t::lifter_callback_t lifters_t::readq = - [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, - const vm::instrs::virt_instr_t &vinstr, llvm::IRBuilder<> *ir_builder ) { + [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, const vm::instrs::virt_instr_t &vinstr, + llvm::IRBuilder<> *ir_builder ) { auto t1 = rtn->pop( 8 ); auto t2 = ir_builder->CreateIntToPtr( t1, llvm::PointerType::get( ir_builder->getInt64Ty(), 0ull ) ); auto t3 = ir_builder->CreateLoad( ir_builder->getInt64Ty(), t2 ); @@ -12,11 +12,21 @@ namespace vm }; lifters_t::lifter_callback_t lifters_t::readdw = - [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, - const vm::instrs::virt_instr_t &vinstr, llvm::IRBuilder<> *ir_builder ) { + [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, const vm::instrs::virt_instr_t &vinstr, + llvm::IRBuilder<> *ir_builder ) { auto t1 = rtn->pop( 8 ); auto t2 = ir_builder->CreateIntToPtr( t1, llvm::PointerType::get( ir_builder->getInt32Ty(), 0ull ) ); auto t3 = ir_builder->CreateLoad( ir_builder->getInt32Ty(), t2 ); rtn->push( 4, t3 ); }; + + lifters_t::lifter_callback_t lifters_t::readb = + [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, const vm::instrs::virt_instr_t &vinstr, + llvm::IRBuilder<> *ir_builder ) { + auto t1 = rtn->pop( 8 ); + auto t2 = ir_builder->CreateIntToPtr( t1, llvm::PointerType::get( ir_builder->getInt8Ty(), 0ull ) ); + auto t3 = ir_builder->CreateLoad( ir_builder->getInt8Ty(), t2 ); + auto t4 = ir_builder->CreateIntCast( t3, ir_builder->getInt16Ty(), false ); + rtn->push( 2, t4 ); + }; } // namespace vm \ No newline at end of file diff --git a/src/lifters/write.cpp b/src/lifters/write.cpp index d2e00f7..037b878 100644 --- a/src/lifters/write.cpp +++ b/src/lifters/write.cpp @@ -10,4 +10,13 @@ namespace vm auto t3 = ir_builder->CreateIntToPtr( t1, llvm::PointerType::get( ir_builder->getInt64Ty(), 0ull ) ); ir_builder->CreateStore( t2, t3 ); }; + + lifters_t::lifter_callback_t lifters_t::writedw = + [ & ]( vm::devirt_t *rtn, const vm::instrs::code_block_t &vm_code_block, const vm::instrs::virt_instr_t &vinstr, + llvm::IRBuilder<> *ir_builder ) { + auto t1 = rtn->pop( 8 ); + auto t2 = rtn->pop( 4 ); + auto t3 = ir_builder->CreateIntToPtr( t1, llvm::PointerType::get( ir_builder->getInt32Ty(), 0ull ) ); + ir_builder->CreateStore( t2, t3 ); + }; } // namespace vm \ No newline at end of file