📄 vm.h
字号:
int DoBPL();
int DoBPLCND();
int DoBPRM();
int DoBPWM();
int DoBPMC();
int DoBPHWS();
int DoBPHWC();
void DoEOB();
void DoEOBINT3();
void DoEOBHW();
void DoEOBMEM();
void DoEOE();
void DoCOB();
void DoCOE();
int DoGMI();
int DoSetLbl();
int SetODHideStatus(
/* [in] */ unsigned char ucHide
);
int DoHideOD();
int DoUnHideOD();
int DoFind();
int DoMalloc();
int DoFree();
int DoStrCpy();
int DoStrCat();
int DoStrLen();
int DoLToA();
int DoMemCpy();
int DoPrintBufToDump();
int DoPrintBufToNewDump();
int DoStepIntoS(
/* [out] */ long *lInstLen
);
int DoStepOverS(
/* [out] */ long *lInstLen
);
int DoSearch();
int DoFindProcBegin();
int DoFindProcEnd();
int DoFindPrevProc();
int DoFindNextProc();
int DoFollowCall();
int DoEmbeddedAsm(
/* [in] */ const long eip
);
void DoIsWinNTKernel();
int DoGotoCpuAddr();
int DoGotoDumpAddr();
int DoReverseFind();
int DoReverseSearch();
int DoCopyBytesTo();
int DoReplaceBytesEx();
int DoUpdateDumpBuf();
int DoWriteMemHexes();
int DoReadFileIntoMem();
int DoVirtualAllocEx();
int DoVirtualFreeEx();
public:
CVM();
~CVM();
const char *GetMnemonicName(
/* [in] */ const int i
) const;
int GetMnemonicLen(
/* [in] */ MNEMONICTYPE MneType
) const;
const char *GetRegisterName(
/* [in] */ const int i
) const;
int GetRegisterIndex(
/* [size_is][in] */ const UINT unRegNameSize,
/* [in] */ const char *szRegName,
/* [out] */ int *nRegIndex
);
const unsigned char opcode(
/* [in] */ const MNEMONICTYPE MneType
) const;
int SetCode(
/* [in] */ const long lCodeSize,
/* [in] */ const unsigned char *Code
);
int SetData(
/* [in] */ const long lDataSize,
/* [in] */ const char *Data
);
void JumpToBreakpointLabel();
void JumpToInt3BreakpointLabel();
void JumpToHWBreakpointLabel();
void JumpToMemBreakpointLable();
void JumpToExceptionLabel();
MCSTATUS GetStatus();
void SetStatus(MCSTATUS status);
void Reset();
void Execute();
};
inline CVM::CVM()
{
// init mnemonics
m_Mnemonics[MC_NOP] = "nop";
m_Mnemonics[MC_INCLUDE] = "include";
m_Mnemonics[MC_MOV] = "mov";
m_Mnemonics[MC_ADD] = "add";
m_Mnemonics[MC_SUB] = "sub";
m_Mnemonics[MC_MUL] = "mul";
m_Mnemonics[MC_DIV] = "div";
m_Mnemonics[MC_INC] = "inc";
m_Mnemonics[MC_DEC] = "dec";
m_Mnemonics[MC_XCHG] = "xchg";
m_Mnemonics[MC_AND] = "and";
m_Mnemonics[MC_OR] = "or";
m_Mnemonics[MC_XOR] = "xor";
m_Mnemonics[MC_NOT] = "not";
m_Mnemonics[MC_SHL] = "shl";
m_Mnemonics[MC_SHR] = "shr";
m_Mnemonics[MC_CMP] = "cmp";
m_Mnemonics[MC_JMP] = "jmp";
m_Mnemonics[MC_JE] = "je";
m_Mnemonics[MC_JNE] = "jne";
m_Mnemonics[MC_JB] = "jb";
m_Mnemonics[MC_JNAE] = "jnae";
m_Mnemonics[MC_JNB] = "jnb";
m_Mnemonics[MC_JAE] = "jae";
m_Mnemonics[MC_JBE] = "jbe";
m_Mnemonics[MC_JNA] = "jna";
m_Mnemonics[MC_JA] = "ja";
m_Mnemonics[MC_JNBE] = "jnbe";
m_Mnemonics[MC_PUSH] = "push";
m_Mnemonics[MC_POP] = "pop";
m_Mnemonics[MC_HALT] = "halt";
m_Mnemonics[MC_LDS] = "lds";
m_Mnemonics[MC_INPUTTEXT] = "inputtext";
m_Mnemonics[MC_INPUTHEXLONG] = "inputhexlong";
m_Mnemonics[MC_PRINTNUM] = "printnum";
m_Mnemonics[MC_PRINTBUF] = "printbuf";
m_Mnemonics[MC_MSG] = "msg";
m_Mnemonics[MC_MSGYN] = "msgyn";
m_Mnemonics[MC_READMEMLONG] = "readmemlong";
m_Mnemonics[MC_WRITEMEMLONG] = "writememlong";
m_Mnemonics[MC_FILL] = "fill";
m_Mnemonics[MC_FINDOPCODE] = "findopcode";
m_Mnemonics[MC_REPLACEBYTES] = "replacebytes";
m_Mnemonics[MC_DUMPMEM] = "dumpmem";
m_Mnemonics[MC_DUMPMEMAPPEND] = "dumpmemappend";
m_Mnemonics[MC_DUMPASPE] = "dumpaspe";
m_Mnemonics[MC_GETPREVOPADDR] = "getprevopaddr";
m_Mnemonics[MC_GETNEXTOPADDR] = "getnextopaddr";
m_Mnemonics[MC_GETPROCADDRESS] = "getprocaddress";
m_Mnemonics[MC_RUNTORETURN] = "runtoreturn";
m_Mnemonics[MC_RUNTOUSERCODE] = "runtousercode";
m_Mnemonics[MC_RUN] = "run";
m_Mnemonics[MC_ANIMATEINTO] = "animateinto";
m_Mnemonics[MC_ANIMATEOVER] = "animateover";
m_Mnemonics[MC_STEPINTO] = "stepinto";
m_Mnemonics[MC_STEPOVER] = "stepover";
m_Mnemonics[MC_ESTI] = "esti";
m_Mnemonics[MC_ESTO] = "esto";
m_Mnemonics[MC_GO] = "go";
m_Mnemonics[MC_TRACEINTO] = "traceinto";
m_Mnemonics[MC_TRACEOVER] = "traceover";
m_Mnemonics[MC_TRACEINTOCOND] = "traceintocond";
m_Mnemonics[MC_TRACEOVERCOND] = "traceovercond";
m_Mnemonics[MC_ASM] = "asm";
m_Mnemonics[MC_ANALYSE] = "analyse";
m_Mnemonics[MC_COMMENT] = "comment";
m_Mnemonics[MC_LOGTEXT] = "logtext";
m_Mnemonics[MC_LOGLONG] = "loglong";
m_Mnemonics[MC_BP] = "bp";
m_Mnemonics[MC_BC] = "bc";
m_Mnemonics[MC_BPCND] = "bpcnd";
m_Mnemonics[MC_BPL] = "bpl";
m_Mnemonics[MC_BPLCND] = "bplcnd";
m_Mnemonics[MC_BPRM] = "bprm";
m_Mnemonics[MC_BPWM] = "bpwm";
m_Mnemonics[MC_BPMC] = "bpmc";
m_Mnemonics[MC_BPHWS] = "bphws";
m_Mnemonics[MC_BPHWC] = "bphwc";
m_Mnemonics[MC_EOB] = "eob";
m_Mnemonics[MC_EOE] = "eoe";
m_Mnemonics[MC_COB] = "cob";
m_Mnemonics[MC_COE] = "coe";
m_Mnemonics[MC_GMI] = "gmi";
m_Mnemonics[MC_SETLBL] = "setlbl";
m_Mnemonics[MC_PAUSE] = "pause";
m_Mnemonics[MC_INVOKE] = "invoke";
m_Mnemonics[MC_HIDEOD] = "hideod";
m_Mnemonics[MC_UNHIDEOD] = "unhideod";
m_Mnemonics[MC_FIND] = "find";
m_Mnemonics[MC_MALLOC] = "malloc";
m_Mnemonics[MC_FREE] = "free";
m_Mnemonics[MC_STRCPY] = "strcpy";
m_Mnemonics[MC_STRCAT] = "strcat";
m_Mnemonics[MC_STRLEN] = "strlen";
m_Mnemonics[MC_LTOA] = "ltoa";
m_Mnemonics[MC_MEMCPY] = "memcpy";
m_Mnemonics[MC_PRINTBUFTODUMP] = "printbuftodump";
m_Mnemonics[MC_PRINTBUFTONEWDUMP] = "printbuftonewdump";
m_Mnemonics[MC_STEPINTOS] = "stepintos";
m_Mnemonics[MC_STEPOVERS] = "stepovers";
m_Mnemonics[MC_SEARCH] = "search";
m_Mnemonics[MC_FINDPROCBEGIN] = "findprocbegin";
m_Mnemonics[MC_FINDPROCEND] = "findprocend";
m_Mnemonics[MC_FINDPREVPROC] = "findprevproc";
m_Mnemonics[MC_FINDNEXTPROC] = "findnextproc";
m_Mnemonics[MC_FOLLOWCALL] = "followcall";
m_Mnemonics[MC_EMBEDDEDASM] = "__asm";
m_Mnemonics[MC_ISWINNTKERNEL] = "iswinntkernel";
m_Mnemonics[MC_GOTOCPUADDR] = "gotocpuaddr";
m_Mnemonics[MC_GOTODUMPADDR] = "gotodumpaddr";
m_Mnemonics[MC_REVERSEFIND] = "reversefind";
m_Mnemonics[MC_REVERSESEARCH] = "reversesearch";
m_Mnemonics[MC_COPYBYTESTO] = "copybytesto";
m_Mnemonics[MC_REPLACEBYTESEX] = "replacebytesex";
m_Mnemonics[MC_UPDATEDUMPBUF] = "updatedumpbuf";
m_Mnemonics[MC_EOBINT3] = "eobint3";
m_Mnemonics[MC_EOBHW] = "eobhw";
m_Mnemonics[MC_EOBMEM] = "eobmem";
m_Mnemonics[MC_WRITEMEMHEXES] = "writememhexes";
m_Mnemonics[MC_READFILEINTOMEM] = "readfileintomem";
m_Mnemonics[MC_VIRTUALALLOCEX] = "virtualallocex";
m_Mnemonics[MC_VIRTUALFREEEX] = "virtualfreeex";
// init mnemonic length
m_nMnemonicLen[MC_NOP] = 1;
m_nMnemonicLen[MC_INCLUDE] = 0;
m_nMnemonicLen[MC_MOV] = 10;
m_nMnemonicLen[MC_ADD] = 10;
m_nMnemonicLen[MC_SUB] = 10;
m_nMnemonicLen[MC_MUL] = 10;
m_nMnemonicLen[MC_DIV] = 10;
m_nMnemonicLen[MC_INC] = 5;
m_nMnemonicLen[MC_DEC] = 5;
m_nMnemonicLen[MC_XCHG] = 10;
m_nMnemonicLen[MC_AND] = 10;
m_nMnemonicLen[MC_OR] = 10;
m_nMnemonicLen[MC_XOR] = 10;
m_nMnemonicLen[MC_NOT] = 5;
m_nMnemonicLen[MC_SHL] = 10;
m_nMnemonicLen[MC_SHR] = 10;
m_nMnemonicLen[MC_CMP] = 10;
m_nMnemonicLen[MC_JMP] = 5;
m_nMnemonicLen[MC_JE] = 5;
m_nMnemonicLen[MC_JNE] = 5;
m_nMnemonicLen[MC_JB] = 5;
m_nMnemonicLen[MC_JNAE] = 5;
m_nMnemonicLen[MC_JNB] = 5;
m_nMnemonicLen[MC_JAE] = 5;
m_nMnemonicLen[MC_JBE] = 5;
m_nMnemonicLen[MC_JNA] = 5;
m_nMnemonicLen[MC_JA] = 5;
m_nMnemonicLen[MC_JNBE] = 5;
m_nMnemonicLen[MC_PUSH] = 6;
m_nMnemonicLen[MC_POP] = 5;
m_nMnemonicLen[MC_HALT] = 1;
m_nMnemonicLen[MC_LDS] = 9;
m_nMnemonicLen[MC_INPUTTEXT] = 1;
m_nMnemonicLen[MC_INPUTHEXLONG] = 1;
m_nMnemonicLen[MC_PRINTNUM] = 1;
m_nMnemonicLen[MC_PRINTBUF] = 1;
m_nMnemonicLen[MC_MSG] = 1;
m_nMnemonicLen[MC_MSGYN] = 1;
m_nMnemonicLen[MC_READMEMLONG] = 1;
m_nMnemonicLen[MC_WRITEMEMLONG] = 1;
m_nMnemonicLen[MC_FILL] = 1;
m_nMnemonicLen[MC_FINDOPCODE] = 1;
m_nMnemonicLen[MC_REPLACEBYTES] = 1;
m_nMnemonicLen[MC_DUMPMEM] = 1;
m_nMnemonicLen[MC_DUMPMEMAPPEND] = 1;
m_nMnemonicLen[MC_DUMPASPE] = 1;
m_nMnemonicLen[MC_GETPREVOPADDR] = 1;
m_nMnemonicLen[MC_GETNEXTOPADDR] = 1;
m_nMnemonicLen[MC_GETPROCADDRESS] = 1;
m_nMnemonicLen[MC_RUNTORETURN] = 1;
m_nMnemonicLen[MC_RUNTOUSERCODE] = 1;
m_nMnemonicLen[MC_RUN] = 1;
m_nMnemonicLen[MC_ANIMATEINTO] = 1;
m_nMnemonicLen[MC_ANIMATEOVER] = 1;
m_nMnemonicLen[MC_STEPINTO] = 1;
m_nMnemonicLen[MC_STEPOVER] = 1;
m_nMnemonicLen[MC_ESTI] = 1;
m_nMnemonicLen[MC_ESTO] = 1;
m_nMnemonicLen[MC_GO] = 1;
m_nMnemonicLen[MC_TRACEINTO] = 1;
m_nMnemonicLen[MC_TRACEOVER] = 1;
m_nMnemonicLen[MC_TRACEINTOCOND] = 1;
m_nMnemonicLen[MC_TRACEOVERCOND] = 1;
m_nMnemonicLen[MC_ASM] = 1;
m_nMnemonicLen[MC_ANALYSE] = 1;
m_nMnemonicLen[MC_COMMENT] = 1;
m_nMnemonicLen[MC_LOGTEXT] = 1;
m_nMnemonicLen[MC_LOGLONG] = 1;
m_nMnemonicLen[MC_BP] = 1;
m_nMnemonicLen[MC_BC] = 1;
m_nMnemonicLen[MC_BPCND] = 1;
m_nMnemonicLen[MC_BPL] = 1;
m_nMnemonicLen[MC_BPLCND] = 1;
m_nMnemonicLen[MC_BPRM] = 1;
m_nMnemonicLen[MC_BPWM] = 1;
m_nMnemonicLen[MC_BPMC] = 1;
m_nMnemonicLen[MC_BPHWS] = 1;
m_nMnemonicLen[MC_BPHWC] = 1;
m_nMnemonicLen[MC_EOB] = 5;
m_nMnemonicLen[MC_EOE] = 5;
m_nMnemonicLen[MC_COB] = 1;
m_nMnemonicLen[MC_COE] = 1;
m_nMnemonicLen[MC_GMI] = 1;
m_nMnemonicLen[MC_SETLBL] = 1;
m_nMnemonicLen[MC_PAUSE] = 1;
m_nMnemonicLen[MC_INVOKE] = 0;
m_nMnemonicLen[MC_HIDEOD] = 1;
m_nMnemonicLen[MC_UNHIDEOD] = 1;
m_nMnemonicLen[MC_FIND] = 1;
m_nMnemonicLen[MC_MALLOC] = 1;
m_nMnemonicLen[MC_FREE] = 1;
m_nMnemonicLen[MC_STRCPY] = 1;
m_nMnemonicLen[MC_STRCAT] = 1;
m_nMnemonicLen[MC_STRLEN] = 1;
m_nMnemonicLen[MC_LTOA] = 1;
m_nMnemonicLen[MC_MEMCPY] = 1;
m_nMnemonicLen[MC_PRINTBUFTODUMP] = 1;
m_nMnemonicLen[MC_PRINTBUFTONEWDUMP] = 1;
m_nMnemonicLen[MC_STEPINTOS] = 1;
m_nMnemonicLen[MC_STEPOVERS] = 1;
m_nMnemonicLen[MC_SEARCH] = 1;
m_nMnemonicLen[MC_FINDPROCBEGIN] = 1;
m_nMnemonicLen[MC_FINDPROCEND] = 1;
m_nMnemonicLen[MC_FINDPREVPROC] = 1;
m_nMnemonicLen[MC_FINDNEXTPROC] = 1;
m_nMnemonicLen[MC_FOLLOWCALL] = 1;
m_nMnemonicLen[MC_EMBEDDEDASM] = 0;
m_nMnemonicLen[MC_ISWINNTKERNEL] = 1;
m_nMnemonicLen[MC_GOTOCPUADDR] = 1;
m_nMnemonicLen[MC_GOTODUMPADDR] = 1;
m_nMnemonicLen[MC_REVERSEFIND] = 1;
m_nMnemonicLen[MC_REVERSESEARCH] = 1;
m_nMnemonicLen[MC_COPYBYTESTO] = 1;
m_nMnemonicLen[MC_REPLACEBYTESEX] = 1;
m_nMnemonicLen[MC_UPDATEDUMPBUF] = 1;
m_nMnemonicLen[MC_EOBINT3] = 5;
m_nMnemonicLen[MC_EOBHW] = 5;
m_nMnemonicLen[MC_EOBMEM] = 5;
m_nMnemonicLen[MC_WRITEMEMHEXES] = 1;
m_nMnemonicLen[MC_READFILEINTOMEM] = 1;
m_nMnemonicLen[MC_VIRTUALALLOCEX] = 1;
m_nMnemonicLen[MC_VIRTUALFREEEX] = 1;
// init registers
m_Registers[REG_00] = "reg00";
m_Registers[REG_01] = "reg01";
m_Registers[REG_02] = "reg02";
m_Registers[REG_03] = "reg03";
m_Registers[REG_04] = "reg04";
m_Registers[REG_05] = "reg05";
m_Registers[REG_06] = "reg06";
m_Registers[REG_07] = "reg07";
m_Registers[REG_08] = "reg08";
m_Registers[REG_09] = "reg09";
m_Registers[REG_10] = "reg10";
m_Registers[REG_11] = "reg11";
m_Registers[REG_12] = "reg12";
m_Registers[REG_13] = "reg13";
m_Registers[REG_14] = "reg14";
m_Registers[REG_15] = "reg15";
m_Registers[REG_16] = "reg16";
m_Registers[REG_17] = "reg17";
m_Registers[REG_18] = "reg18";
m_Registers[REG_19] = "reg19";
m_Registers[REG_20] = "reg20";
m_Registers[REG_21] = "reg21";
m_Registers[REG_22] = "reg22";
m_Registers[REG_23] = "reg23";
m_Registers[REG_24] = "reg24";
m_Registers[REG_25] = "reg25";
m_Registers[REG_26] = "reg26";
m_Registers[REG_27] = "reg27";
m_Registers[REG_28] = "reg28";
m_Registers[REG_29] = "reg29";
m_Registers[REG_30] = "reg30";
m_Registers[REG_31] = "reg31";
m_Registers[REG_32] = "reg32";
m_Registers[REG_33] = "reg33";
m_Registers[REG_34] = "reg34";
m_Registers[REG_35] = "reg35";
m_Registers[REG_36] = "reg36";
m_Registers[REG_37] = "reg37";
m_Registers[REG_38] = "reg38";
m_Registers[REG_39] = "reg39";
m_Registers[REG_40] = "reg40";
m_Registers[REG_41] = "reg41";
m_Registers[REG_42] = "reg42";
m_Registers[REG_43] = "reg43";
m_Registers[REG_44] = "reg44";
m_Registers[REG_45] = "reg45";
m_Registers[REG_46] = "reg46";
m_Registers[REG_47] = "reg47";
m_Registers[REG_48] = "reg48";
m_Registers[REG_49] = "reg49";
m_Registers[REG_50] = "reg50";
m_Registers[REG_51] = "reg51";
m_Registers[REG_52] = "reg52";
m_Registers[REG_53] = "reg53";
m_Registers[REG_54] = "reg54";
m_Registers[REG_55] = "reg55";
m_Registers[REG_56] = "reg56";
m_Registers[REG_57] = "reg57";
m_Registers[REG_58] = "reg58";
m_Registers[REG_59] = "reg59";
m_Registers[REG_60] = "reg60";
m_Registers[REG_61] = "reg61";
m_Registers[REG_62] = "reg62";
m_Registers[REG_63] = "reg63";
m_Registers[REG_64] = "reg64";
m_Registers[REG_FREEBUFFERREG] = "freebufferreg";
m_Registers[REG_FREEBUFFERSIZEREG] = "freebuffersizereg";
// init OD registers
m_Registers[OD_REG_EAX] = "eax";
m_Registers[OD_REG_ECX] = "ecx";
m_Registers[OD_REG_EDX] = "edx";
m_Registers[OD_REG_EBX] = "ebx";
m_Registers[OD_REG_ESP] = "esp";
m_Registers[OD_REG_EBP] = "ebp";
m_Registers[OD_REG_ESI] = "esi";
m_Registers[OD_REG_EDI] = "edi";
m_Registers[OD_REG_EIP] = "eip";
m_Registers[OD_REG_EFLAGS_CF] = "cf";
m_Registers[OD_REG_EFLAGS_PF] = "pf";
m_Registers[OD_REG_EFLAGS_AF] = "af";
m_Registers[OD_REG_EFLAGS_ZF] = "zf";
m_Registers[OD_REG_EFLAGS_SF] = "sf";
m_Registers[OD_REG_EFLAGS_DF] = "df";
m_Registers[OD_REG_EFLAGS_OF] = "of";
// do all other initialize here:
Initialize();
}
inline CVM::~CVM()
{
if (m_FreeBuffer)
{
free(m_FreeBuffer);
m_FreeBuffer = NULL;
}
if (m_Data)
{
free(m_Data);
m_Data = NULL;
}
if (m_Code)
{
free(m_Code);
m_Code = NULL;
}
}
#endif // __VM_H__⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -