vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
1 #pragma once
2 #include <transform.hpp>
3 #include <vmctx.hpp>
4 #include <vmhandlers.hpp>
5 #include <vmp2.hpp>
10 namespace vm::instrs
11 {
19  bool get_rva_decrypt( const zydis_routine_t &vm_entry, std::vector< zydis_decoded_instr_t > &transform_instrs );
30  std::pair< std::uint64_t, std::uint64_t > decrypt_operand( transform::map_t &transforms, std::uint64_t operand,
31  std::uint64_t rolling_key );
42  std::pair< std::uint64_t, std::uint64_t > encrypt_operand( transform::map_t &transforms, std::uint64_t operand,
43  std::uint64_t rolling_key );
51  std::optional< virt_instr_t > get( vm::ctx_t &ctx, vmp2::v2::entry_t &entry );
60  std::optional< std::uint64_t > get_imm( vm::ctx_t &ctx, std::uint8_t imm_size, std::uintptr_t vip );
73  std::optional< jcc_data > get_jcc_data( vm::ctx_t &ctx, code_block_t &code_block );
84  std::uintptr_t code_block_addr( const vm::ctx_t &ctx, const vmp2::v2::entry_t &entry );
92  std::uintptr_t code_block_addr( const vm::ctx_t &ctx, const std::uint32_t lower_32bits );
93 } // namespace vm::instrs
