diff --git a/dependencies/vtil b/dependencies/vtil index 04eaba7..e9dc43b 160000 --- a/dependencies/vtil +++ b/dependencies/vtil @@ -1 +1 @@ -Subproject commit 04eaba7cf2b30200ec894bc0b45d28e889ad1c1c +Subproject commit e9dc43bd7da388c5f8304407fd076f802bd97a7f diff --git a/doxygen/html/_r_e_a_d_m_e_8md.html b/doxygen/html/_r_e_a_d_m_e_8md.html deleted file mode 100644 index 64786bc..0000000 --- a/doxygen/html/_r_e_a_d_m_e_8md.html +++ /dev/null @@ -1,77 +0,0 @@ - - -
- - - - -- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
▼Nvm | |
▼Nhandler | contains all information pertaining to vm handler identification.. |
Chandler_t | handler_t contains all the information for a vm handler such as its immidate value size (zero if there is no imm), the transformations applied to the imm to decrypt it (if any), a pointer to the profile (nullptr if there is none), and other meta data.. |
Cprofile_t | pre defined vm handler profile containing all compiled time known information about a vm handler.. |
▼Ninstrs | contains all functions related to virtual instructions.. |
Cvirt_instr_t | |
Cjcc_data | |
Ccode_block_t | |
Cctx_t | vm::ctx_t class is used to auto generate vm_entry, calc_jmp, and other per-vm entry information... creating a vm::ctx_t object can make it easier to pass around information pertaining to a given vm entry.. |
▼Nvmp2 | |
▼Nv1 | |
Cfile_header | |
Centry_t | |
▼Nv2 | |
Cfile_header | |
Centry_t | |
▼Nv3 | |
Cfile_header | |
Ccode_block_t | |
Czydis_instr_t |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
#include <vmprofiler.hpp>
-Namespaces | |
vm | |
vm::calc_jmp | |
-Functions | |
bool | vm::calc_jmp::get (zydis_routine_t &vm_entry, zydis_routine_t &calc_jmp) |
extracts calc_jmp out of vm_entry... you can learn about calc_jmp here. More... | |
std::optional< vmp2::exec_type_t > | vm::calc_jmp::get_advancement (const zydis_routine_t &calc_jmp) |
gets the advancement of the virtual instruction pointer... iterates over calc_jmp for LEA, MOV, INC, DEC, SUB, ADD, ETC instructions and then decides which way VIP advances based upon this information... More... | |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
Go to the source code of this file.
--Namespaces | |
vm | |
vm::calc_jmp | |
-Functions | |
bool | vm::calc_jmp::get (zydis_routine_t &vm_entry, zydis_routine_t &calc_jmp) |
extracts calc_jmp out of vm_entry... you can learn about calc_jmp here. More... | |
std::optional< vmp2::exec_type_t > | vm::calc_jmp::get_advancement (const zydis_routine_t &calc_jmp) |
gets the advancement of the virtual instruction pointer... iterates over calc_jmp for LEA, MOV, INC, DEC, SUB, ADD, ETC instructions and then decides which way VIP advances based upon this information... More... | |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
#include <vmprofiler.hpp>
-Namespaces | |
vm | |
vm::handler | |
contains all information pertaining to vm handler identification... | |
vm::handler::profile | |
contains all profiles defined, as well as a vector of all of the defined profiles... | |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
This is the complete list of members for vm::ctx_t, including all inherited members.
-calc_jmp | vm::ctx_t | |
ctx_t(std::uintptr_t module_base, std::uintptr_t image_base, std::uintptr_t image_size, std::uintptr_t vm_entry_rva) | vm::ctx_t | explicit |
exec_type | vm::ctx_t | |
image_base | vm::ctx_t | |
image_size | vm::ctx_t | |
init() | vm::ctx_t | |
module_base | vm::ctx_t | |
vm_entry | vm::ctx_t | |
vm_entry_rva | vm::ctx_t | |
vm_handlers | vm::ctx_t |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
vm::ctx_t class is used to auto generate vm_entry, calc_jmp, and other per-vm entry information... creating a vm::ctx_t object can make it easier to pass around information pertaining to a given vm entry... - More...
- -#include <vmctx.hpp>
-Public Member Functions | |
ctx_t (std::uintptr_t module_base, std::uintptr_t image_base, std::uintptr_t image_size, std::uintptr_t vm_entry_rva) | |
default constructor for vm::ctx_t... all information for a given vm entry must be provided... More... | |
bool | init () |
init all per-vm entry data such as vm_entry, calc_jmp, and vm handlers... More... | |
-Public Attributes | |
const std::uintptr_t | module_base |
const std::uintptr_t | image_base |
const std::uintptr_t | vm_entry_rva |
const std::uintptr_t | image_size |
vmp2::exec_type_t | exec_type |
the order in which VIP advances... More... | |
zydis_routine_t | vm_entry |
zydis_routine_t | calc_jmp |
std::vector< vm::handler::handler_t > | vm_handlers |
all the vm handlers for the given vm entry... More... | |
vm::ctx_t class is used to auto generate vm_entry, calc_jmp, and other per-vm entry information... creating a vm::ctx_t object can make it easier to pass around information pertaining to a given vm entry...
-
-
|
- -explicit | -
default constructor for vm::ctx_t... all information for a given vm entry must be provided...
-module_base | the linear virtual address of the module base... |
image_base | image base from optional nt header... IMAGE_OPTIONAL_HEADER64... |
image_size | image size from optional nt header... IMAGE_OPTIONAL_HEADER64... |
vm_entry_rva | relative virtual address from the module base address to the first push prior to a vm entry... |
bool vm::ctx_t::init | -( | -) | -- |
init all per-vm entry data such as vm_entry, calc_jmp, and vm handlers...
-zydis_routine_t vm::ctx_t::calc_jmp | -
vmp2::exec_type_t vm::ctx_t::exec_type | -
the order in which VIP advances...
- -const std::uintptr_t vm::ctx_t::image_base | -
const std::uintptr_t vm::ctx_t::image_size | -
const std::uintptr_t vm::ctx_t::module_base | -
zydis_routine_t vm::ctx_t::vm_entry | -
const std::uintptr_t vm::ctx_t::vm_entry_rva | -
std::vector< vm::handler::handler_t > vm::ctx_t::vm_handlers | -
all the vm handlers for the given vm entry...
- -- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
-Files | |
file | add.cpp |
file | jmp.cpp |
file | lconst.cpp |
file | lflags.cpp |
file | lreg.cpp |
file | lvsp.cpp |
file | nand.cpp |
file | pushvsp.cpp |
file | read.cpp |
file | shr.cpp |
file | sreg.cpp |
file | vmexit.cpp |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
-Files | |
file | add.cpp |
file | call.cpp |
file | div.cpp |
file | jmp.cpp |
file | lconst.cpp |
file | lflags.cpp |
file | lreg.cpp |
file | lvsp.cpp |
file | mul.cpp |
file | nand.cpp |
file | pushvsp.cpp |
file | read.cpp |
file | shl.cpp |
file | shr.cpp |
file | sreg.cpp |
file | vmexit.cpp |
file | write.cpp |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
-Directories | |
directory | vmlifters |
directory | vmprofiles |
-Files | |
file | calc_jmp.cpp |
file | vmctx.cpp |
file | vmhandler.cpp |
file | vminstrs.cpp |
file | vmutils.cpp |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
-Files | |
file | calc_jmp.hpp [code] |
file | transform.hpp [code] |
file | vmctx.hpp [code] |
file | vmhandlers.hpp [code] |
file | vminstrs.hpp [code] |
file | vmlifters.hpp [code] |
file | vmp2.hpp [code] |
file | vmprofiler.hpp [code] |
file | vmprofiles.hpp [code] |
file | vmutils.hpp [code] |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
#include <vmprofiler.hpp>
-Namespaces | |
vm | |
vm::handler | |
contains all information pertaining to vm handler identification... | |
vm::handler::profile | |
contains all profiles defined, as well as a vector of all of the defined profiles... | |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
▼ include | |
calc_jmp.hpp | |
transform.hpp | |
vmctx.hpp | |
vmhandlers.hpp | |
vminstrs.hpp | |
vmlifters.hpp | |
vmp2.hpp | |
vmprofiler.hpp | |
vmprofiles.hpp | |
vmutils.hpp | |
▼ src | |
▼ vmlifters | |
add.cpp | |
jmp.cpp | |
lconst.cpp | |
lflags.cpp | |
lreg.cpp | |
lvsp.cpp | |
nand.cpp | |
pushvsp.cpp | |
read.cpp | |
shr.cpp | |
sreg.cpp | |
vmexit.cpp | |
▼ vmprofiles | |
add.cpp | |
call.cpp | |
div.cpp | |
jmp.cpp | |
lconst.cpp | |
lflags.cpp | |
lreg.cpp | |
lvsp.cpp | |
mul.cpp | |
nand.cpp | |
pushvsp.cpp | |
read.cpp | |
shl.cpp | |
shr.cpp | |
sreg.cpp | |
vmexit.cpp | |
write.cpp | |
calc_jmp.cpp | |
vmctx.cpp | |
vmhandler.cpp | |
vminstrs.cpp | |
vmutils.cpp |
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu. This is the base project for all other VMProtect 2 projects inside of this group on githacks.
-The vm::ctx_t
class is a small container-like class which is simply used to contain all information for a given vm entry. This class contains the following useful information:
All of the above information is generated by executing the vm::ctx_t::init
member function. Below is a C++ example of how to create a vm::ctx_t
object.
Once you have instantiated vm::ctx_t
and called vm::ctx_t::init
with success, you now can directly access the data members of vm::ctx_t
. Most importantly, vm::ctx_t::calc_jmp
, vm::ctx_t::vm_entry
, and vm::ctx_t::vm_handlers
. An example usage of this data could be dumping the native x86_64 instructions which make up vm::ctx_t::vm_entry
. Example c++ code for this is displayed below.
Output
-Copyright (c) 2021 _xeroxz, Independent Researcher @back.engineering
-Licensed under the MIT License
-- |
- VMProfiler
- v1.8
-
- vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
- |
-
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu. This is the base project for all other VMProtect 2 projects inside of this group on githacks.
-