VMProfiler  v1.8
vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu.
vmprofiles.hpp
Go to the documentation of this file.
1 #pragma once
2 #include <transform.hpp>
3 
7 namespace vm::handler
8 {
13  {
20  JMP,
23 
27 
30 
40 
44 
49 
53 
56 
61 
64 
67  NANDW
68  };
69 
73  using zydis_callback_t = std::function< bool( const zydis_decoded_instr_t &instr ) >;
74 
79  {
83  };
84 
88  struct profile_t
89  {
93  const char *name;
94 
99 
104 
108  std::vector< zydis_callback_t > signature;
109 
114  };
115 
119  namespace profile
120  {
124 
127 
131 
138 
142 
145 
147 
152 
156 
159 
162 
171 
175  inline std::vector< vm::handler::profile_t * > all = {
176  &sregq, &sregdw, &sregw, &lregq, &lregdw, &lconstq,
178  &lconstdw, &lconstw, &addq, &adddw, &addw, &lvsp,
179 
180  &shlq, &shldw, &writeq, &writedw, &writeb, &nandq,
181  &nanddw, &nandw, &nandb,
182 
183  &shlddw,
184 
185  &shrq, &shrw, &readq, &readdw, &mulq, &pushvsp,
186  &divq, &jmp, &lrflags, &vmexit, &call };
187  } // namespace profile
188 } // namespace vm::handler
vm::handler::profile_t lconstw
Definition: lconst.cpp:50
vm::handler::profile_t writeb
Definition: write.cpp:125
vm::handler::profile_t lconstwsxq
Definition: lconst.cpp:171
vm::handler::profile_t nandb
Definition: nand.cpp:162
vm::handler::profile_t lvsp
Definition: lvsp.cpp:5
vm::handler::profile_t lconstdw
Definition: lconst.cpp:28
std::vector< vm::handler::profile_t * > all
a vector of pointers to all defined vm handler profiles...
Definition: vmprofiles.hpp:175
vm::handler::profile_t pushvsp
Definition: pushvsp.cpp:5
vm::handler::profile_t lconstbsxq
Definition: lconst.cpp:121
vm::handler::profile_t lregq
Definition: lreg.cpp:5
vm::handler::profile_t nandq
Definition: nand.cpp:5
vm::handler::profile_t sregdw
Definition: sreg.cpp:38
vm::handler::profile_t sregw
Definition: sreg.cpp:72
vm::handler::profile_t shrw
Definition: shr.cpp:64
vm::handler::profile_t lrflags
Definition: lflags.cpp:5
vm::handler::profile_t mulq
Definition: mul.cpp:5
vm::handler::profile_t nanddw
Definition: nand.cpp:68
vm::handler::profile_t adddw
Definition: add.cpp:28
vm::handler::profile_t writeq
Definition: write.cpp:5
vm::handler::profile_t shlddw
Definition: shld.cpp:5
vm::handler::profile_t jmp
Definition: jmp.cpp:5
vm::handler::profile_t readq
Definition: read.cpp:5
vm::handler::profile_t writedw
Definition: write.cpp:45
vm::handler::profile_t vmexit
Definition: vmexit.cpp:5
vm::handler::profile_t sregq
Definition: sreg.cpp:5
vm::handler::profile_t addq
Definition: add.cpp:5
vm::handler::profile_t readdw
Definition: read.cpp:27
vm::handler::profile_t lconstbzxw
Definition: lconst.cpp:72
vm::handler::profile_t shlq
Definition: shl.cpp:5
vm::handler::profile_t call
Definition: call.cpp:5
vm::handler::profile_t shldw
Definition: shl.cpp:64
vm::handler::profile_t lconstbsxdw
Definition: lconst.cpp:95
vm::handler::profile_t lconstq
Definition: lconst.cpp:5
vm::handler::profile_t nandw
Definition: nand.cpp:115
vm::handler::profile_t lregdw
Definition: lreg.cpp:39
vm::handler::profile_t lconstdwsxq
Definition: lconst.cpp:147
vm::handler::profile_t shrq
Definition: shr.cpp:5
vm::handler::profile_t addw
Definition: add.cpp:51
vm::handler::profile_t lconstwsxdw
Definition: lconst.cpp:197
vm::handler::profile_t divq
Definition: div.cpp:5
contains all information pertaining to vm handler identification...
Definition: vmhandlers.hpp:6
std::function< bool(const zydis_decoded_instr_t &instr) > zydis_callback_t
zydis callback lambda used to pattern match native instructions...
Definition: vmprofiles.hpp:73
mnemonic_t
vm handler mnemonic... so you dont need to compare strings!
Definition: vmprofiles.hpp:13
@ LCONSTWSXDW
Definition: vmprofiles.hpp:37
@ ADDQ
Definition: vmprofiles.hpp:50
@ CALL
Definition: vmprofiles.hpp:19
@ READW
Definition: vmprofiles.hpp:43
@ LCONSTDW
Definition: vmprofiles.hpp:38
@ WRITEQ
Definition: vmprofiles.hpp:45
@ NANDQ
Definition: vmprofiles.hpp:65
@ DIVQ
Definition: vmprofiles.hpp:18
@ READDW
Definition: vmprofiles.hpp:42
@ LREGQ
Definition: vmprofiles.hpp:28
@ SREGQ
Definition: vmprofiles.hpp:24
@ MULQ
Definition: vmprofiles.hpp:17
@ ADDW
Definition: vmprofiles.hpp:52
@ LCONSTQ
Definition: vmprofiles.hpp:31
@ SREGW
Definition: vmprofiles.hpp:26
@ SHLDDW
Definition: vmprofiles.hpp:58
@ INVALID
Definition: vmprofiles.hpp:14
@ LVSP
Definition: vmprofiles.hpp:22
@ SHLD_W
Definition: vmprofiles.hpp:59
@ LRFLAGS
Definition: vmprofiles.hpp:15
@ WRITEB
Definition: vmprofiles.hpp:48
@ LCONSTDWSXQ
Definition: vmprofiles.hpp:35
@ LCONSTBZXW
Definition: vmprofiles.hpp:32
@ PUSHVSP
Definition: vmprofiles.hpp:16
@ SHRW
Definition: vmprofiles.hpp:63
@ SHLDW
Definition: vmprofiles.hpp:55
@ ADDDW
Definition: vmprofiles.hpp:51
@ LREGDW
Definition: vmprofiles.hpp:29
@ SHRQ
Definition: vmprofiles.hpp:62
@ SREGDW
Definition: vmprofiles.hpp:25
@ VMEXIT
Definition: vmprofiles.hpp:21
@ LCONSTBSXDW
Definition: vmprofiles.hpp:34
@ LCONSTW
Definition: vmprofiles.hpp:39
@ SHLDQ
Definition: vmprofiles.hpp:57
@ JMP
Definition: vmprofiles.hpp:20
@ LCONSTWSXQ
Definition: vmprofiles.hpp:36
@ WRITEW
Definition: vmprofiles.hpp:47
@ NANDDW
Definition: vmprofiles.hpp:66
@ SHLQ
Definition: vmprofiles.hpp:54
@ NANDW
Definition: vmprofiles.hpp:67
@ LCONSTBSXQ
Definition: vmprofiles.hpp:33
@ READQ
Definition: vmprofiles.hpp:41
@ WRITEDW
Definition: vmprofiles.hpp:46
@ SHLDB
Definition: vmprofiles.hpp:60
extention_t
how sign extention is handled...
Definition: vmprofiles.hpp:79
@ zero_extend
Definition: vmprofiles.hpp:82
@ none
Definition: vmprofiles.hpp:80
@ sign_extend
Definition: vmprofiles.hpp:81
pre defined vm handler profile containing all compiled time known information about a vm handler....
Definition: vmprofiles.hpp:89
u8 imm_size
size, in bits, of the operand (imm)... if there is none then this will be zero...
Definition: vmprofiles.hpp:103
std::vector< zydis_callback_t > signature
a vector of signatures used to compare native instructions against zydis aided signatures....
Definition: vmprofiles.hpp:108
extention_t extention
how sign extention of operands are handled...
Definition: vmprofiles.hpp:113
mnemonic_t mnemonic
the mnemonic of the vm handler... so you dont need to compare strings...
Definition: vmprofiles.hpp:98
const char * name
name of the vm handler, such as JMP or LCONST...
Definition: vmprofiles.hpp:93
ZydisDecodedInstruction zydis_decoded_instr_t
Definition: vmutils.hpp:18
unsigned char u8
Definition: vmutils.hpp:12