Andrei Vlad LUTAS
c8735b437a
Fixed NEG emulation - make sure flags are set.
2021-08-10 14:46:39 +03:00
Andrei Vlad LUTAS
f6050661d5
Multiple improvements in bdshemu
...
Fixed an emulation bug for MOVZX and MOVSX instructions (https://github.com/bitdefender/bddisasm/issues/48 )
New shellcode flag - call tot Wow32 reserved.
New shellcode flag - heaven's gate.
New shellcode flag - stack-pivot.
Moved bdshemu tests in a password protected zip file, so it doesn't trigger AV detections.
2021-08-10 11:43:51 +03:00
Andrei Vlad LUTAS
072f6e059b
Build improvements
...
Exclude string constants from build if BDDISASM_NO_FORMAT is defined.
Use extern "C" when declaring the public bddisasm/bdshemu functions.
Include wmmintrin.h for AES intrinisics when building using LLVM/clang.
2021-05-17 09:52:04 +03:00
Andrei Vlad LUTAS
f7bf814bbc
Flag the rIP operand of conditional branches as being conditionally read/write instead of plain read/write.
...
Bypass self-writes option in bdshemu - if set, bdshemu will not proceed to commit modifications made by the shellcode to itself.
2021-05-17 09:04:34 +03:00
Andrei Vlad LUTAS
15e5e2db63
Fixed several RFLAGS setting issues with airthmetic and shift instructions.
2021-02-23 18:11:40 +02:00
Ionel-Cristinel ANICHITEI
057d326433
Specify -maes when building bdshemu
2020-12-04 11:45:10 +02:00
Andrei Vlad LUTAS
e552aef1f5
Add march=westmere in bdshemu Makefile as well.
2020-12-04 11:16:21 +02:00
Andrei Vlad LUTAS
f8a3011a49
Added support for AESDEC, AESDECLAST and AESIMC emulation, using compiler intrinsics - they will be used only if the SHEMU_OPT_SUPPORT_AES is set (so the integrator can properly check for AES-NI support in hardware).
...
Fixed shemu option on Linux - make sure proper RIP is provided.
2020-12-04 10:52:56 +02:00
Ionel-Cristinel ANICHITEI
c1c3770cc6
Move bdhsemu.h to inc/
2020-11-17 16:05:40 +02:00
Andrei Vlad LUTAS
24ae7782d6
Fixed some static code check warnings.
2020-09-21 12:16:45 +03:00
Andrei Vlad LUTAS
ea28907359
Fix potential division error in bdshemu, when the destination operand is not large enough to hold the result.
2020-08-27 16:25:39 +03:00
Andrei Vlad LUTAS
d61a6fa5dd
* INC/DEC do not modify the CF.
...
* Fixed FXSAVE64, PUSHAD and POPAD emulation - when explicit mnemonics were added for them, emulation support was not added, thus causing emulation to stop when encountering one of these.
2020-08-19 19:14:22 +03:00
Andrei Vlad LUTAS
1d43b7b1ba
Improved stack string detection heuristic: only consider registers which have been modified during emulation; registers which were provided as "input" can be ignored, as they most likely contain addresses or other data relevant to the emulated code. We are only interested in string dynamically built during our emulation.
2020-08-11 09:26:48 +03:00
Andrei Vlad LUTAS
144baa5140
Renamed REG_* fields to NDR_*, so that we don't conflict with _GNU_SOURCES.
2020-07-29 11:05:27 +03:00
Andrei Vlad LUTAS
d11fe85599
Improved linear address computation in bdshemu.
2020-07-24 23:11:36 +03:00
Andrei Vlad LUTAS
7ddf7e448a
Apply address size override to gla computation.
2020-07-23 16:19:08 +03:00
Andrei Vlad LUTAS
698ba367a1
Initial commit.
2020-07-21 11:19:18 +03:00