vmp2
/
vmprofiler
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'beab4d261e'
${ noResults }
vmprofiler/doxygen/html/namespacevm_1_1handler_1_1t...

242 lines
12 KiB
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.9.1"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>VMProfiler: vm::handler::table Namespace Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/searchdata.js"></script>
<script type="text/javascript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td id="projectlogo"><img alt="Logo" src="icon.png"/></td>
<td id="projectalign" style="padding-left: 0.5em;">
<div id="projectname">VMProfiler
&#160;<span id="projectnumber">v1.8</span>
</div>
<div id="projectbrief">vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.9.1 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
var searchBox = new SearchBox("searchBox", "search",false,'Search','.html');
/* @license-end */
</script>
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
$(function() {
initMenu('',true,false,'search.php','Search');
$(document).ready(function() { init_search(); });
});
/* @license-end */</script>
<div id="main-nav"></div>
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
</div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<div id="nav-path" class="navpath">
<ul>
<li class="navelem"><a class="el" href="namespacevm.html">vm</a></li><li class="navelem"><a class="el" href="namespacevm_1_1handler.html">handler</a></li><li class="navelem"><a class="el" href="namespacevm_1_1handler_1_1table.html">table</a></li> </ul>
</div>
</div><!-- top -->
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> </div>
<div class="headertitle">
<div class="title">vm::handler::table Namespace Reference</div> </div>
</div><!--header-->
<div class="contents">
<table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
Functions</h2></td></tr>
<tr class="memitem:a664a7f96f12e1305466df77d761d43fc"><td class="memItemLeft" align="right" valign="top">std::uintptr_t *&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#a664a7f96f12e1305466df77d761d43fc">get</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry)</td></tr>
<tr class="memdesc:a664a7f96f12e1305466df77d761d43fc"><td class="mdescLeft">&#160;</td><td class="mdescRight">get the linear virtual address of the vm handler table give a deobfuscated, flattened, vm entry... <a href="namespacevm_1_1handler_1_1table.html#a664a7f96f12e1305466df77d761d43fc">More...</a><br /></td></tr>
<tr class="separator:a664a7f96f12e1305466df77d761d43fc"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a5e8586b80ccde98882291ded921749ff"><td class="memItemLeft" align="right" valign="top">bool&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#a5e8586b80ccde98882291ded921749ff">get_transform</a> (const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;vm_entry, <a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> *transform_instr)</td></tr>
<tr class="memdesc:a5e8586b80ccde98882291ded921749ff"><td class="mdescLeft">&#160;</td><td class="mdescRight">get the single native instruction used to decrypt vm handler entries... <a href="namespacevm_1_1handler_1_1table.html#a5e8586b80ccde98882291ded921749ff">More...</a><br /></td></tr>
<tr class="separator:a5e8586b80ccde98882291ded921749ff"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a69494eb8dca48abd03ff543c8adbf186"><td class="memItemLeft" align="right" valign="top">std::uint64_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#a69494eb8dca48abd03ff543c8adbf186">encrypt</a> (<a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &amp;transform_instr, std::uint64_t val)</td></tr>
<tr class="memdesc:a69494eb8dca48abd03ff543c8adbf186"><td class="mdescLeft">&#160;</td><td class="mdescRight">encrypt a linear virtual address given the transformation that is used to decrypt the vm handler table entry... this function will apply the inverse of the transformation so you dont need to get the inverse yourself... <a href="namespacevm_1_1handler_1_1table.html#a69494eb8dca48abd03ff543c8adbf186">More...</a><br /></td></tr>
<tr class="separator:a69494eb8dca48abd03ff543c8adbf186"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:aa8ffcb4e9e445f940723179cf9c87818"><td class="memItemLeft" align="right" valign="top">std::uint64_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="namespacevm_1_1handler_1_1table.html#aa8ffcb4e9e445f940723179cf9c87818">decrypt</a> (<a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &amp;transform_instr, std::uint64_t val)</td></tr>
<tr class="memdesc:aa8ffcb4e9e445f940723179cf9c87818"><td class="mdescLeft">&#160;</td><td class="mdescRight">decrypts a vm handler table entry... <a href="namespacevm_1_1handler_1_1table.html#aa8ffcb4e9e445f940723179cf9c87818">More...</a><br /></td></tr>
<tr class="separator:aa8ffcb4e9e445f940723179cf9c87818"><td class="memSeparator" colspan="2">&#160;</td></tr>
</table>
<h2 class="groupheader">Function Documentation</h2>
<a id="aa8ffcb4e9e445f940723179cf9c87818"></a>
<h2 class="memtitle"><span class="permalink"><a href="#aa8ffcb4e9e445f940723179cf9c87818">&#9670;&nbsp;</a></span>decrypt()</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">std::uint64_t vm::handler::table::decrypt </td>
<td>(</td>
<td class="paramtype"><a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &amp;&#160;</td>
<td class="paramname"><em>transform_instr</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">std::uint64_t&#160;</td>
<td class="paramname"><em>val</em>&#160;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td>
</tr>
</table>
</div><div class="memdoc">
<p>decrypts a vm handler table entry... </p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">transform_instr</td><td>transformation extracted from vm_entry that decrypts vm handler table entries...</td></tr>
<tr><td class="paramname">val</td><td>encrypted value to be decrypted...</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd>returns the decrypted value...</dd></dl>
</div>
</div>
<a id="a69494eb8dca48abd03ff543c8adbf186"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a69494eb8dca48abd03ff543c8adbf186">&#9670;&nbsp;</a></span>encrypt()</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">std::uint64_t vm::handler::table::encrypt </td>
<td>(</td>
<td class="paramtype"><a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> &amp;&#160;</td>
<td class="paramname"><em>transform_instr</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">std::uint64_t&#160;</td>
<td class="paramname"><em>val</em>&#160;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td>
</tr>
</table>
</div><div class="memdoc">
<p>encrypt a linear virtual address given the transformation that is used to decrypt the vm handler table entry... this function will apply the inverse of the transformation so you dont need to get the inverse yourself... </p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">transform_instr</td><td>reference to the transformation native instruction...</td></tr>
<tr><td class="paramname">val</td><td>value to be encrypted (linear virtual address)</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd>returns the encrypted value...</dd></dl>
</div>
</div>
<a id="a664a7f96f12e1305466df77d761d43fc"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a664a7f96f12e1305466df77d761d43fc">&#9670;&nbsp;</a></span>get()</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">std::uintptr_t * vm::handler::table::get </td>
<td>(</td>
<td class="paramtype">const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;&#160;</td>
<td class="paramname"><em>vm_entry</em></td><td>)</td>
<td></td>
</tr>
</table>
</div><div class="memdoc">
<p>get the linear virtual address of the vm handler table give a deobfuscated, flattened, vm entry... </p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">vm_entry</td><td>deobfuscated, flattened, vm entry...</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd>returns the linear virtual address of the vm handler table...</dd></dl>
</div>
</div>
<a id="a5e8586b80ccde98882291ded921749ff"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a5e8586b80ccde98882291ded921749ff">&#9670;&nbsp;</a></span>get_transform()</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">bool vm::handler::table::get_transform </td>
<td>(</td>
<td class="paramtype">const <a class="el" href="vmutils_8hpp.html#a5fdde6e9d3e6c6eca28ecadf2e837d3c">zydis_routine_t</a> &amp;&#160;</td>
<td class="paramname"><em>vm_entry</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="vmutils_8hpp.html#ad180fbf8cef52662febedec0f54b6188">zydis_decoded_instr_t</a> *&#160;</td>
<td class="paramname"><em>transform_instr</em>&#160;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td>
</tr>
</table>
</div><div class="memdoc">
<p>get the single native instruction used to decrypt vm handler entries... </p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">vm_entry</td><td>reference to the deobfuscated, flattened, vm entry...</td></tr>
<tr><td class="paramname">transform_instr</td><td></td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd></dd></dl>
</div>
</div>
</div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated by&#160;<a href="https://www.doxygen.org/index.html"><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1
</small></address>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink