-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathchangedmemory.h
More file actions
42 lines (37 loc) · 1.13 KB
/
changedmemory.h
File metadata and controls
42 lines (37 loc) · 1.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#include <vector>
#include <finddecryptor/reader.h>
#include <finddecryptor/emulator.h>
#include <finddecryptor/emulator_libemu.h>
//#include <finddecryptor/emulator_qemu.h>
#include <finddecryptor/data.h>
namespace detect_similar
{
using namespace std;
using namespace find_decryptor;
typedef pair <unsigned int,unsigned int> IntPair;
class ChangedMemory
{
public:
ChangedMemory(char* filename, int emulator_type);
ChangedMemory(unsigned char* data, int datasize, int emulator_type);
~ChangedMemory();
int compute(int entry_point);
void getsizes(int* shellcode_size);
void getmem(unsigned char** shellcode);
private:
void clear();
bool contains(IntPair new_p, IntPair cur_p);
bool intersect_left(IntPair new_p, IntPair cur_p);
bool intersect_right(IntPair new_p, IntPair cur_p);
bool is_contained_by(IntPair new_p, IntPair cur_p);
Data::Register convertRegister(int beareg);
Data::Register convertSegmentRegister(int beareg);
//bool is_ok(vector<IntPair> intervals);
//Emulator_LibEmu* emulator;
Emulator* emulator;
Reader *reader;
unsigned char** shellcode;
int* shellcode_size;
int amount_shellcodes;
};
} //namespace detect_similar