📄 vm.h

📁 Ollydbg环境下的一款插件源代码
💻 H
📖 第 1 页 / 共 2 页
字号:
12 下一页
///////////////////////////////////////////////////////////////////////////////
//
//  FileName    :   VM.H
//  Version     :   0.10
//  Author      :   Luo Cong
//  Date        :   2004-10-28 22:29:11
//  Comment     :   first version started on 2004-10-23 16:18:45
//
///////////////////////////////////////////////////////////////////////////////

#ifndef __VM_H__
#define __VM_H__

#ifndef STACK_SIZE
#define STACK_SIZE  512
#endif

#ifndef FREEBUFFER_SIZE
#define FREEBUFFER_SIZE 4096
#endif

#ifndef EMBEDDED_CODE_SIZE
#define EMBEDDED_CODE_SIZE 2046
#endif

#define MNEMONIC_COUNTS 122
typedef enum tagMNEMONICTYPE
{
    MC_NOP = 0,
    MC_INCLUDE,
    MC_MOV,
    MC_ADD,
    MC_SUB,
    MC_MUL,
    MC_DIV,
    MC_INC,
    MC_DEC,
    MC_XCHG,
    MC_AND,
    MC_OR,
    MC_XOR,
    MC_NOT,
    MC_SHL,
    MC_SHR,
    MC_CMP,
    MC_JMP,
    MC_JE,
    MC_JNE,
    MC_JB,
    MC_JNAE,
    MC_JNB,
    MC_JAE,
    MC_JBE,
    MC_JNA,
    MC_JA,
    MC_JNBE,
    MC_PUSH,
    MC_POP,
    MC_HALT,
    MC_LDS,
    MC_INPUTTEXT,
    MC_INPUTHEXLONG,
    MC_PRINTNUM,
    MC_PRINTBUF,
    MC_MSG,
    MC_MSGYN,
    MC_READMEMLONG,
    MC_WRITEMEMLONG,
    MC_FILL,
    MC_FINDOPCODE,
    MC_REPLACEBYTES,
    MC_DUMPMEM,
    MC_DUMPMEMAPPEND,
    MC_DUMPASPE,
    MC_GETPREVOPADDR,
    MC_GETNEXTOPADDR,
    MC_GETPROCADDRESS,
    MC_RUNTORETURN,
    MC_RUNTOUSERCODE,
    MC_RUN,
    MC_ANIMATEINTO,
    MC_ANIMATEOVER,
    MC_STEPINTO,
    MC_STEPOVER,
    MC_ESTI,
    MC_ESTO,
    MC_GO,
    MC_TRACEINTO,
    MC_TRACEOVER,
    MC_TRACEINTOCOND,
    MC_TRACEOVERCOND,
    MC_ASM,
    MC_ANALYSE,
    MC_COMMENT,
    MC_LOGTEXT,
    MC_LOGLONG,
    MC_BP,
    MC_BC,
    MC_BPCND,
    MC_BPL,
    MC_BPLCND,
    MC_BPRM,
    MC_BPWM,
    MC_BPMC,
    MC_BPHWS,
    MC_BPHWC,
    MC_EOB,
    MC_EOE,
    MC_COB,
    MC_COE,
    MC_GMI,
    MC_SETLBL,
    MC_PAUSE,
    MC_INVOKE,
    MC_HIDEOD,
    MC_UNHIDEOD,
    MC_FIND,
    MC_MALLOC,
    MC_FREE,
    MC_STRCPY,
    MC_STRCAT,
    MC_STRLEN,
    MC_LTOA,
    MC_MEMCPY,
    MC_PRINTBUFTODUMP,
    MC_PRINTBUFTONEWDUMP,
    MC_STEPINTOS,
    MC_STEPOVERS,
    MC_SEARCH,
    MC_FINDPROCBEGIN,
    MC_FINDPROCEND,
    MC_FINDPREVPROC,
    MC_FINDNEXTPROC,
    MC_FOLLOWCALL,
    MC_EMBEDDEDASM,
    MC_ISWINNTKERNEL,
    MC_GOTOCPUADDR,
    MC_GOTODUMPADDR,
    MC_REVERSEFIND,
    MC_REVERSESEARCH,
    MC_COPYBYTESTO,
    MC_REPLACEBYTESEX,
    MC_UPDATEDUMPBUF,
    MC_EOBINT3,
    MC_EOBHW,
    MC_EOBMEM,
    MC_WRITEMEMHEXES,
    MC_READFILEINTOMEM,
    MC_VIRTUALALLOCEX,
    MC_VIRTUALFREEEX,
} MNEMONICTYPE;

#define REGISTER_COUNTS 83
typedef enum tagREGISTERTYPE
{
    REG_00 = 0,
    REG_01,
    REG_02,
    REG_03,
    REG_04,
    REG_05,
    REG_06,
    REG_07,
    REG_08,
    REG_09,
    REG_10,
    REG_11,
    REG_12,
    REG_13,
    REG_14,
    REG_15,
    REG_16,
    REG_17,
    REG_18,
    REG_19,
    REG_20,
    REG_21,
    REG_22,
    REG_23,
    REG_24,
    REG_25,
    REG_26,
    REG_27,
    REG_28,
    REG_29,
    REG_30,
    REG_31,
    REG_32,
    REG_33,
    REG_34,
    REG_35,
    REG_36,
    REG_37,
    REG_38,
    REG_39,
    REG_40,
    REG_41,
    REG_42,
    REG_43,
    REG_44,
    REG_45,
    REG_46,
    REG_47,
    REG_48,
    REG_49,
    REG_50,
    REG_51,
    REG_52,
    REG_53,
    REG_54,
    REG_55,
    REG_56,
    REG_57,
    REG_58,
    REG_59,
    REG_60,
    REG_61,
    REG_62,
    REG_63,
    REG_64,
    REG_FREEBUFFERREG,
    REG_FREEBUFFERSIZEREG,
    OD_REG_EAX,
    OD_REG_ECX,
    OD_REG_EDX,
    OD_REG_EBX,
    OD_REG_ESP,
    OD_REG_EBP,
    OD_REG_ESI,
    OD_REG_EDI,
    OD_REG_EIP,
    OD_REG_EFLAGS_CF,
    OD_REG_EFLAGS_PF,
    OD_REG_EFLAGS_AF,
    OD_REG_EFLAGS_ZF,
    OD_REG_EFLAGS_SF,
    OD_REG_EFLAGS_DF,
    OD_REG_EFLAGS_OF,
} REGISTERTYPE;

typedef enum tagMCSTATUS
{
    MCS_BAD = 0,
    MCS_RUNNING,
    MCS_FINISHED,
    MCS_BACKTOOD,
    MCS_PAUSE,
} MCSTATUS;

typedef union tagEFLAGS
{
    struct
    {
        BYTE cf:1;
        BYTE zf:1;
        BYTE bit2:1;
        BYTE bit3:1;
        BYTE bit4:1;
        BYTE bit5:1;
        BYTE bit6:1;
        BYTE bit7:1;
    };
    BYTE value;
} EFLAGS;

typedef enum tagMODRM
{
    MR_MEM = 0,
    MR_REG,
} MODRM;

typedef struct tagCPU
{
    unsigned char modrm;
    unsigned char op;
    long eip;
    long esp;
    EFLAGS eflags;
    long reg[REGISTER_COUNTS];
} CPU;

typedef enum tagVMERR
{
    VM_ERR_DIV_ZERO = 0,
    VM_ERR_OUT_OF_REG_RANGE,
    VM_ERR_EMBEDDED_ASM_CODE_TOO_BIG,
} VMERR;

extern const char *g_szVMErr[];

class CVM
{
protected:
    const char *m_Mnemonics[MNEMONIC_COUNTS];
    int m_nMnemonicLen[MNEMONIC_COUNTS];
    const char *m_Registers[REGISTER_COUNTS];
    unsigned char *m_Code;
    long m_lCodeSize;
    char *m_Data;
    long m_lDataSize;
    char *m_FreeBuffer;

    long m_lBreakpointLabel;
    long m_lInt3BreakpointLabel;
    long m_lHWBreakpointLabel;
    long m_lMemBreakpointLabel;
    long m_lExceptionLabel;
    long m_lOldEip;
    MCSTATUS m_VMStatus;
    CList<long, long> m_listMallocMemAddr;
    CList<long, long> m_listVirtualAllocExAddr;

    long m_Stack[STACK_SIZE];
    long m_lStackPointer;
    CPU m_Cpu;

    unsigned char m_ucOrigCode[EMBEDDED_CODE_SIZE];
    unsigned long m_ulOrigCodeLen;

private:
    void Initialize();

    MCSTATUS CheckAddressRange(
        /* [in] */  long eip
    );

    int _DumpAsPE(
        /* [in] */ const unsigned long ImageBase,
        /* [in] */ const unsigned long ImageSize,
        /* [in] */ const HANDLE hProcess,
        /* [in] */ const unsigned long CustomEntryPoint,
        /* [in] */ const char *szOutputPEFileName
    );

    /**
     * @brief
     Return true && BufSizeEnough == true:
            Func sucess, Get PE Head(DOS+NT+SECTION Head) to pPEheadBuffer.
     Return false && BufSizeEnough == false:
            ReCall this Func by larger pBuffer.
     Return false && bBufSizeEnough == true:
            Func false, new buf false/not include PE info.
    **/
    int GetPEHeader(
        /* [in] */ const char *pBuffer,
        /* [in] */ const int nBufferSize,
        /* [out] */ IMAGE_DOS_HEADER *pDosHeader,
        /* [out] */ IMAGE_NT_HEADERS32 *pPeHeader,
        /* [out] */ int *pBufSizeEnough
    );

    int FixPEHeader(
        /* [in] */ char *pMainFileBuffer,
        /* [in] */ const unsigned int uBufferSize,
        /* [in] */ const unsigned long CustomEntryPoint
    );

    int GetOpcodeSize(
        /* [in] */  const long lOpcode
    );

    int GetLongSize(
        /* [in] */  const long lValue
    );

    int SetFreeBuffer(
        /* [len_is][in] */  const long lBufferLen
    );

    int IsODReg(
        /* [in] */  const REGISTERTYPE *rt
    );

    int Push(
        /* [in] */  const long lValue
    );

    int Pop(
        /* [out] */ long *lpValue
    );

    int DoPush(
        /* [in] */  const long eip
    );

    int DoPop(
        /* [in] */  const long eip
    );

    int DoLDS(
        /* [in] */  const long eip
    );

    int DoArithmetic(
        /* [in] */  const long eip,
        /* [in] */  const MNEMONICTYPE MneType
    );

    int SetReg(
        /* [in] */  const REGISTERTYPE *rt_dest,
        /* [in] */  const REGISTERTYPE *rt_src,
        /* [in] */  long  lVal_dest,
        /* [in] */  long  lVal_src,
        /* [in] */  const MNEMONICTYPE MneType
    );

    int SetODReg(
        /* [in] */  const REGISTERTYPE *rt_dest,
        /* [in] */  const long lVal_dest
    );

    int GetODReg();

    int IRR(
        /* [in] */  const long eip,
        /* [in] */  const MNEMONICTYPE MneType
    );

    int IRC(
        /* [in] */  const long eip,
        /* [in] */  const MNEMONICTYPE MneType
    );

    int IR(
        /* [in] */  const long eip,
        /* [in] */  const MNEMONICTYPE MneType
    );

    int CheckDataAddrValid(
        /* [in] */  const long lDataOffset
    );

    int CheckRegIndexValid(
        /* [in] */  const long lRegIndex
    );

    int DoInputText();

    int DoInputHexLong();

    int DoPrintNum();

    int DoPrintBuf();

    int DoMsg();

    int DoMsgYN();

    int DoReadMemLong();

    int DoWriteMemLong();

    int DoFill();

    int DoFindOpcode();

    int DoReplaceBytes();

    int DumpMemWithMode(
        /* [in] */  const char *mode
    );

    int DoDumpMem();

    int DoDumpMemAppend();

    int DoDumpAsPE();

    int DoGetPrevOpAddr();

    int DoGetNextOpAddr();

    int DoGetProcAddress();

    void DoRunToReturn();

    void DoRunToUserCode();

    void DoRun();

    void DoAnimateInto();

    void DoAnimateOver();

    int DoStepInto();

    int DoStepOver();

    void DoESTI();

    void DoESTO();

    int DoGo();

    int Tracing(
        /* [in] */  const long lAddr,
        /* [in] */  char *szCond,
        /* [in] */  const int nMode // 0 == trace_into, other == trace_over
    );

    int DoTraceInto();

    int DoTraceOver();

    int DoTraceIntoCond();

    int DoTraceOverCond();

    int DoAsm();

    int DoAnalyse();

    int DoComment();

    int DoLogText();

    int DoLogLong();

    int DoBP();

    int DoBC();

    int DoBPCND();
12 下一页
💿 文件大小 79 K
👤 上传用户 hh831
📂 所属分类编译器/解释器
🏷️ 相关标签

#Ollydbg #环境 #插件 #源代码
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -