Classes
The script language LUA built into VMProtect is object-oriented: it is very similar to JavaScript in its syntax, ideology and implementation. The script language includes standard classes providing basic functionality and specialized classes giving access to application protection functionality.
Class hierarchy
Core
Project options:
enum ProjectOption {
None,
Pack,
ImportProtection,
MemoryProtection,
ResourceProtection,
CheckDebugger,
CheckKernelDebugger,
CheckVirtualMachine,
StripFixups,
StripDebugInfo,
DebugMode
}
A class to work with the VMProtect core:
class Core {
public:
string projectFileName(); // returns the name of the project
void saveProject(); // saves the project
string inputFileName(); // returns the name of the source file for the current project
string outputFileName(); // returns the name of the output file for the current project
void setOutputFileName(string name); // sets the name of the output file for the current project
string watermarkName(); // returns the name of the watermark of the current project
void setWatermarkName(string name); // sets the name of the watermark for the current project
int options(); // returns options of the current project
void setOptions(int options); // sets options of the current project
string vmSectionName(); // returns VM segment name for the current project
void setVMSectionName(); // sets VM segment name for the current project
Licenses licenses(); // returns the list of licenses for the current project
Files files(); // returns the list of files for the current project
Watermarks watermarks(); // returns the list of watermarks
PEFile/MacFile inputFile(); // returns source file
PEFile/MacFile outputFile(); // returns output file
PEArchitecture/MacArchitecture inputArchitecture(); // returns source architecture
PEArchitecture/MacArchitecture outputArchitecture(); // returns output architecture
};
Watermarks
A class to work with the list of watermarks:
class Watermarks {
public:
Watermark item(int index); // returns a watermark with the given index
int count(); // returns a number of watermarks in the list
Watermark itemByName(string name); // returns a watermark with the given name
}
A class to work with a watermark:
class Watermark {
public:
string name(); // returns the name of the watermark
string value(); // returns the value of the watermarks
bool blocked(); // returns the "Blocked" property
void setBlocked(bool value); // sets the "Blocked" property
}
Licenses
A class to work with the list of licenses:
class Licenses {
public:
int keyLength(); // returns the length of the key
string publicExp(); // returns the public exponent
string privateExp(); // returns the private exponent
string modulus(); // returns modulus
License item(int index); // returns a license with the given index
int count(); // returns the number of licenses in the list
}
A class to work with a license:
class License {
public:
string date(string format = "%c"); // returns the date of the license
string customerName(); // returns the name of the license owner
string customerEmail(); // returns an e-mail of the license owner
string orderRef(); // returns the order id the license was purchased
string comments(); // returns comments to the license
string serialNumber(); // returns the serial number of the license
bool blocked(); // returns the "Blocked" property
void setBlocked(bool value); // sets the "Blocked" property
}
Files
A class to work with the list of files:
class Files {
public:
File item(int index); // returns a file with the given index
int count(); // returns the number of files in the list
}
A class to work with a file:
class File {
public:
string name(); // returns the name of the file
string fileName(); // returns the filename
int options(); // returns options
void setName(string name); // sets the name of the file
void setFileName(string name); // sets the filename of the file
void setOptions(); // sets options
}
Folders
A class to work with custom folders:
class Folders {
public:
int count(); // returns the number of folders in the list
Folder item(int index); // returns a folder with the given index
Folder add(string name); // adds a new folder
void clear(); // clears the list
};
A class to work with a custom folder:
class Folder {
public:
int count(); // returns the number of subfolders
Folder item(int index); // returns a subfolder with the given index
Folder add(string name); // adds a new subfolder
string name(); // returns the name of the folder
void clear(); // clears the list of subfolders
void destroy(); // destroys the folder an all child subfolders
};
PE files
Constants to work with the PE format:
enum PEFormat {
// Directory Entries
IMAGE_DIRECTORY_ENTRY_EXPORT,
IMAGE_DIRECTORY_ENTRY_IMPORT,
IMAGE_DIRECTORY_ENTRY_RESOURCE,
IMAGE_DIRECTORY_ENTRY_EXCEPTION,
IMAGE_DIRECTORY_ENTRY_SECURITY,
IMAGE_DIRECTORY_ENTRY_BASERELOC,
IMAGE_DIRECTORY_ENTRY_DEBUG,
IMAGE_DIRECTORY_ENTRY_ARCHITECTURE,
IMAGE_DIRECTORY_ENTRY_TLS,
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT,
IMAGE_DIRECTORY_ENTRY_IAT,
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT,
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR,
// Section characteristics
IMAGE_SCN_CNT_CODE,
IMAGE_SCN_CNT_INITIALIZED_DATA,
IMAGE_SCN_CNT_UNINITIALIZED_DATA,
IMAGE_SCN_MEM_DISCARDABLE,
IMAGE_SCN_MEM_NOT_CACHED,
IMAGE_SCN_MEM_NOT_PAGED,
IMAGE_SCN_MEM_SHARED,
IMAGE_SCN_MEM_EXECUTE,
IMAGE_SCN_MEM_READ,
IMAGE_SCN_MEM_WRITE,
// Resource types
RT_CURSOR,
RT_BITMAP,
RT_ICON,
RT_MENU,
RT_DIALOG,
RT_STRING,
RT_FONTDIR,
RT_FONT,
RT_ACCELERATOR,
RT_RCDATA,
RT_MESSAGETABLE,
RT_GROUP_CURSOR,
RT_GROUP_ICON,
RT_VERSION,
RT_DLGINCLUDE,
RT_PLUGPLAY,
RT_VXD,
RT_ANICURSOR,
RT_ANIICON,
RT_HTML,
RT_MANIFEST,
RT_DLGINIT,
RT_TOOLBAR
};
A class to work with a PE file:
class PEFile {
public:
string name(); // returns the filename
string format(); // returns the "PE" format name
uint64 size(); // returns the size of the file
int count(); // returns the number of architectures in the list
PEArchitecture item(int index); // returns an architecture with the given index
uint64 seek(uint64 offset); // sets a file position
uint64 tell(); // returns a file position
int write(string buffer); // records a buffer to the file
};
A class to work with the PE architecture:
class PEArchitecture {
public:
string name(); // returns the name of the architecture
PEFile file(); // returns the parent file
uint64 entryPoint(); // returns the starting address
uint64 imageBase(); // returns the base offset
OperandSize cpuAddressSize(); // returns bit count of the architecture
uint64 size(); // returns the size of the architecture
PESegments segments(); // returns the list of segments
PESections sections(); // returns the list of sections
PEDirectories directories(); // returns the list of directories
PEImports imports(); // returns the list of imported libraries
PEExports exports(); // returns the list of exported functions
PEResources resources(); // returns the list of resources
PEFixups fixups(); // returns the list of relocations (fixups);
MapFunctions mapFunctions(); // returns the list of functions available for protection
IntelFunctions functions(); // returns the list of protected functions
bool addressSeek(uint64 address); // sets a file position
uint64 seek(uint64 offset); // sets a file position
uint64 tell(); // returns a file position
int write(string buffer); // writes a buffer to a file
};
A class to work with the list of segments for the PE architecture:
class PESegments {
public:
PESegment item(int index); // returns a segment with the given index
int count(); // returns the number of segments in the list
PESegment itemByAddress(uint64 address); // returns the segment at the given address
};
A class to work with a PE architecture segment:
class PESegment {
public:
uint64 address(); // returns the address of the segment
string name(); // returns the name of the segment
uint64 size(); // returns the size of the segment
int physicalOffset(); // returns the file position (offset) of the segment
int physicalSize(); // returns the file size of the segment
int flags(); // returns flags of the segment
bool excludedFromPacking(); // returns the "Excluded from packing" property
void setName(string name); // sets the name of the segment
};
A class to work with the list of PE architecture sections:
class PESections {
public:
PESection item(int index); // returns a section with the given index
int count(); // returns the number of sections in the list
PESection itemByAddress(uint64 address); // returns a section at the given address
};
A class to work with a PE architecture section:
class PESection {
public:
uint64 address(); // returns the address of the section
string name(); // returns the name of the section
uint64 size(); // returns the size of the section
int offset(); // returns the file positions of the section
PESegment segment(); // returns the parent segment
};
A class to work with PE architecture directories:
class PEDirectories {
public:
PEDirectory item(int index); // returns a directory with the given index
int count(); // returns the number of directories in the list
PEDirectory itemByType(int type); // returns a directory of the given type
};
A class to work with a PE architecture directory:
class PEDirectory {
public:
uint64 address(); // returns the address of the directory
string name(); // returns the name of the directory
uint64 size(); // returns the size of the directory
int type(); // returns the type of the directory
void setAddress(uint64 address); // sets the address of the directory
void setSize(int size); // sets the size of the directory
void clear(); // clears the address and the size of the directory
};
A class to work with the list of imported libraries for the PE architecture:
class PEImports {
public:
PEImport item(int index); // returns a library with the given index
int count(); // returns the number of libraries in the list
PEImport itemByName(string name); // returns a library with the given name
};
A class to work with an imported library for the PE architecture :
class PEImport {
public:
string name(); // returns the name of the library
PEImportFunction item(int index); // returns an imported function with the given index
int count(); // returns the number of imported functions
void setName(string name); // sets the name of the library
};
A class to work with a PE architecture imported function:
class PEImportFunction {
public:
uint64 address(); // returns a memory address where the imported function address is stored
string name(); // returns the name of the imported function
};
A class to work with the list of exported functions for the PE architecture :
class PEExports {
public:
string name(); // returns the name of the library
PEExport item(int index); // returns an exported function with the given index
int count(); // returns the number of exported functions in the list
void clear(); // clears the list
PEExport itemByAddress(uint64 address); // returns an exported function at the given address
PEExport itemByName(string name); // returns an exported function with the given name
};
A class to wotk with a PE architecture exported function:
class PEExport {
public:
uint64 address(); // returns the address of the exported function
string name(); // returns the name of the exported function
int ordinal(); // returns the ordinal of the exported function
string forwardedName(); // returns the name of the function the exported function forwards to
void destroy(); // destroys the exported function
};
A class to work with the list of PE architecture resources:
class PEResources {
public:
PEResource item(int index); // returns a resources with the given index
int count(); // returns the number of resources in the list
void clear(); // clears the list
PEResource itemByType(int type); // returns a resource of the given type
PEResource itemByName(string name); // returns a resource with the given name
};
A class to work with a PE architecture resource:
class PEResource {
public:
PEResource item(int index); // returns a resource with the given index
int count(); // returns the number of resources in the list
void clear(); // clears the list
uint64 address(); // returns the address of the resource
int size(); // returns the size of the resource
string name(); // returns the name of the resource
int type(); // returns the type of the resource
bool isDirectory(); // returns the "Directory" property
void destroy(); // destroys the resource
PEResource itemByName(string name); // returns a resource with the given name
bool excludedFromPacking(); // returns the "Excluded from packing" property
};
A class to work with the list of PE architecture fixups (relocations):
class PEFixups {
public:
PEFixup item(int index); // returns an element with the given index
int count(); // returns the number of elements in the list
PEFixup itemByAddress(uint64 address); // returns an element at the given address
};
A class to work with a PE architecture fixup (relocation):
class PEFixup {
public:
uint64 address(); // returns the address of the element
};
Mach-O files
Constants to work with the Mach-O format:
enum MacFormat {
// Load Command Types
LC_SEGMENT,
LC_SYMTAB,
LC_SYMSEG,
LC_THREAD,
LC_UNIXTHREAD,
LC_LOADFVMLIB,
LC_IDFVMLIB,
LC_IDENT,
LC_FVMFILE,
LC_PREPAGE,
LC_DYSYMTAB,
LC_LOAD_DYLIB,
LC_ID_DYLIB,
LC_LOAD_DYLINKER,
LC_PREBOUND_DYLIB,
LC_ROUTINES,
LC_SUB_FRAMEWORK,
LC_SUB_UMBRELLA,
LC_SUB_CLIENT,
LC_SUB_LIBRARY,
LC_TWOLEVEL_HINTS,
LC_PREBIND_CKSUM,
LC_LOAD_WEAK_DYLIB,
LC_SEGMENT_64,
LC_ROUTINES_64,
LC_UUID,
LC_RPATH,
LC_CODE_SIGNATURE,
LC_SEGMENT_SPLIT_INFO,
LC_REEXPORT_DYLIB,
LC_LAZY_LOAD_DYLIB,
LC_ENCRYPTION_INFO,
LC_DYLD_INFO,
LC_DYLD_INFO_ONLY,
LC_LOAD_UPWARD_DYLIB,
LC_VERSION_MIN_MACOSX,
// Section Types
SECTION_TYPE,
SECTION_ATTRIBUTES,
S_REGULAR,
S_ZEROFILL,
S_CSTRING_LITERALS,
S_4BYTE_LITERALS,
S_8BYTE_LITERALS,
S_LITERAL_POINTERS,
S_NON_LAZY_SYMBOL_POINTERS,
S_LAZY_SYMBOL_POINTERS,
S_SYMBOL_STUBS,
S_MOD_INIT_FUNC_POINTERS,
S_MOD_TERM_FUNC_POINTERS,
S_COALESCED,
S_GB_ZEROFILL,
S_INTERPOSING,
S_16BYTE_LITERALS,
S_DTRACE_DOF,
S_LAZY_DYLIB_SYMBOL_POINTERS,
SECTION_ATTRIBUTES_USR,
S_ATTR_PURE_INSTRUCTIONS,
S_ATTR_NO_TOC,
S_ATTR_STRIP_STATIC_SYMS,
S_ATTR_NO_DEAD_STRIP,
S_ATTR_LIVE_SUPPORT,
S_ATTR_SELF_MODIFYING_CODE,
S_ATTR_DEBUG,
SECTION_ATTRIBUTES_SYS,
S_ATTR_SOME_INSTRUCTIONS,
S_ATTR_EXT_RELOC,
S_ATTR_LOC_RELOC
};
A class to work with a Mach-O file:
class MacFile {
public:
string name(); // returns the name of the file
string format(); // returns the name of the "Mach-O" format
uint64 size(); // returns the size of the file
int count(); // returns the number of architectures in the list
MacArchitecture item(int index); // returns an architecture with the given index
uint64 seek(uint64 offset); // sets the file position
uint64 tell(); // returns the file position
int write(string buffer); // writes a buffer to the file
};
A class to work with the Mach-O architecture:
class MacArchitecture {
public:
string name(); // returns the name of the architecture
MacFile file(); // returns the parent file
uint64 entryPoint(); // returns the starting address
OperandSize cpuAddressSize(); // returns bit count of the architecture
uint64 size(); // returns the size of the architecture
MacSegments segments(); // returns the list of segments
MacSections sections(); // returns the list of sections
MacCommands commands(); // returns the list of load commands
MacSymbols symbols(); // returns the list of symbols
MacImports imports(); // returns the list of imported libraries
MacExports exports(); // returns the list of exported functions
MacFixups fixups(); // returns the list of fixups (relocations)
MapFunctions mapFunctions(); // returns the list of functions available for protection
IntelFunctions functions(); // returns the list of protected functions
bool addressSeek(uint64 address); // sets the file position
uint64 seek(uint64 offset); // sets the file position
uint64 tell(); // returns the file position
int write(string buffer); // writes a buffer to the file
};
A class to work with the list of Mach-O architecture segments:
class MacSegments {
public:
MacSegment item(int index); // returns a segment with the given index
int count(); // returns the number of segments in the list
MacSegment itemByAddress(); // returns a segment at the given address
};
A class to work with a Mach-O architecture segment:
class MacSegment {
public:
uint64 address(); // returns the address of the segment
string name(); // returns the name of the segment
uint64 size(); // returns the size of the segment
int physicalOffset(); // returns the file position of the segment
int physicalSize(); // returns the file size of the segment
int flags(); // returns flags of the segment
bool excludedFromPacking(); // returns the "Excluded from packing" property
};
A class to work with the list of Mach-O architecture sections:
class MacSections {
public:
MacSection item(int index); // returns a section with the given index
int count(); // returns the number of sections in the list
MacSection itemByAddress(uint64 address); // returns a section at the given address
};
A class to work with a Mach-O architecture section:
class MacSection {
public:
uint64 address(); // returns the address of the section
string name(); // returns the name of the section
uint64 size(); // returns the size of the section
int offset(); // returns the file position of the section
MacSegment segment(); // returns the parent segment
};
A class to work with the list of Mach-O architecture load commands:
class MacCommands {
public:
MacCommand item(int index); // returns a command with the given index
int count(); // returns the number of command in the list
MacCommand itemByType(int type); // returns a command of the given type
};
A class to work with a Mach-O architecture load command:
class MacCommand {
public:
uint64 address(); // returns the address of the command
int type(); // returns the type of the command
string name(); // returns the name of the command
int size(); // returns the size of the command
};
A class to work with the list of Mach-O architecture symbols:
class MacSymbols {
public:
MacSymbol item(int index); // returns a symbol with the given index
int count(); // returns the number of symbols in the list
};
A class to work with a Mach-O architecture symbol:
class MacSymbol {
public:
uint64 value(); // returns the value of the symbol
string name(); // returns the name of the symbol
};
A class to work with the list of imported libraries for the Mach-O architecture:
class MacImports {
public:
MacImport item(int index); // returns an imported library with the given index
int count(); // returns the number of imported libraries in the list
MacImport itemByName(string name); // returns an imported library with the given name
};
A class to work with a Mach-O architecture imported library:
class MacImport {
public:
string name(); // returns the name of the imported library
MacImportFunction item(int index); // returns an imported function with the given index
int count(); // returns the number of imported functions in the list
void setName(string name); // sets the name of the imported library
};
A class to work with a Mach-O architecture imported function:
class MacImportFunction {
public:
uint64 address(); // returns the memory address where the address of the imported function is stored
string name(); // returns the name of the imported function
};
A class to work with the list of exported functions for the Mach-O architecture:
class MacExports {
public:
string name(); // returns the name of the library
MacExport item(); // returns an exported function with the given index
int count(); // returns the number of exported functions in the list
void clear(); // clears the list
MacExport itemByAddress(uint64 address); // returns an exported function at the given address
MacExport itemByName(string name); // returns an exported function with the given name
};
A class to work with a Mach-O architecture exported function:
class MacExport {
public:
uint64 address(); // returns the address of the exported function
string name(); // returns the name of the exported function
string forwardedName(); // returns the name of the function the exported function is forwarded to
void destroy(); // destroys the exported function
};
A class to work with the list of fixups (relocations) for the Mach-O architecture:
class MacFixups {
public:
MacFixup item(int index); // returns an element with the given index
int count(); // returns the number of elements in the list
MacFixup itemByAddress(uint64 address); // returns an element at the given address
};
A class to work with a Mach-O architecture fixup:
class MacFixup {
public:
uint64 address(); // returns the address of the element
};
Functions
A class to work with the list of functions:
class MapFunctions {
public:
MapFunction item(int index); // returns a function with the given index
int count(); // returns the number of functions in the list
MapFunction itemByAddress(uint64 address); // returns a function at the given address
MapFunction itemByName(string name); // returns a function with the given name
};
Types of functions:
enum ObjectType {
Unknown,
Code,
Data,
Export,
Marker,
APIMarker,
Import,
String
};
A class to work with a function:
class MapFunction {
public:
uint64 address(); // returns the address of the function
string name(); // returns the name of the function
ObjectType type(); // returns the type of the function
References references(); // returns the list of references
};
A class to work with the list of references:
class References {
public:
Reference item(int index); // returns a reference with the given index
int count(); // returns the number of references in the list
};
A class to work with a reference:
class Reference {
public:
uint64 address(); // returns the address of the command
uint64 operandAddress(); // returns the address of the references
};
Intel functions
A class to work with the list of Intel functions:
class IntelFunctions {
public:
IntelFunction item(int index); // returns a function with the given index
int count(); // returns the number of functions in the list
void clear(); // clears the list
IntelFunction itemByAddress(uint64 address); // returns a function at the given address
IntelFunction itemByName(string name); // returns a function with the given name
IntelFunction addByAddress(uint64 address, CompilationType type = ctVirtualization);
// Adds a new function with the given address and compilation type
};
Compilation types:
enum CompilationType {
None,
Virtualization,
Mutation,
Ultra
};
A class to work with an Intel function:
class IntelFunction {
public:
uint64 address(); // returns the address of the function
string name(); // returns the name of the function
ObjectType type(); // returns the type of the function
IntelCommand item(int index); // returns a command with the given index
int count(); // returns the number of commands in the list
CompilationType compilationType(); // returns the compilation type
void setCompilationType(CompilationType value); // sets the compilation type
CommandLinks links(); // returns the list of links
IntelCommand itemByAddress(uint64 address); // returns a command at the given address
void destroy(); // destroys the function
Folder folder(); // returns the custom folder
void setFolder(Folder folder); // sets the custom folder
};
Types of Intel commands:
enum IntelCommandType {
Unknown, Push, Pop, Mov, Add, Xor, Test, Lea, Ud0, Ret, Ssh, Crc, Call, Jmp,
Fstsw, Fsqrt, Fchs, Fstcw, Fldcw, Fild, Fist, Fistp, Fld, Fstp, Fst, Fadd,
Fsub, Fsubr, Fisub, Fisubr, Fdiv, Fcomp, Fmul, Repe, Repne, Rep, DB, DW, DD, DQ,
Movs, Cmps, Scas, Movzx, Movsx, Inc, Dec, Les, Lds, Lfs, Lgs, Lss, Xadd, Bswap,
Jxx, And, Sub, Stos, Lods, Nop, Xchg, Pushf, Popf, Sahf, Lahf, Shl, Shr, Sal,
Sar, Rcl, Rcr, Rol, Ror, Shld, Shrd, Loope, Loopne, Loop, Jcxz, In, Ins, Out,
Outs, Wait, Cbw, Cwde, Cdqe, Cwd, Cdq, Cqo, Clc, Stc, Cli, Sti, Cld, Std, Not,
Neg, Div, Imul, Idiv, Mul, Or, Adc, Cmp, Sbb, Pusha, Popa, Clflush, Pause,
Bound, Arpl, Daa, Das, Aaa, Aam, Aad, Aas, Enter, Leave, Int, Into, Iret, Set,
Cmov, Addpd, Addps, Addsd, Addss, Andpd, Andps, Andnpd, Andnps, Cmppd, Cmpps,
Cmpsd, Cmpss, Comisd, Comiss, Cvtdq2ps, Cvtpd2dq, Cvtdq2pd, Cvtpd2pi, Cvtps2pi,
Cvtpd2ps, Cvtps2pd, Cvtpi2pd, Cvtpi2ps, Cvtps2dq, Cvtsd2si, Cvtss2si, Cvtsd2ss,
Cvtss2sd, Cvttpd2pi, Cvttps2pi, Cvttpd2dq, Cvttps2dq, Cvttsd2si, Cvttss2si,
Divpd, Divps, Divsd, Divss, Maxpd, Maxps, Maxsd, Maxss, Minpd, Minps, Minsd,
Minss, Mulpd, Mulps, Mulsd, Mulss, Orpd, Orps, Movd, Movq, Movntq, Movapd, Movaps,
Movdqa, Movdqu, Movdq2q, Movq2dq, Movhlps, Movhpd, Movhps, Movlhps, Movlpd,
Movlps, Movmskpd, Movmskps, Movnti, Movntpd, Movntps, Movsd, Movss, Movupd,
Movups, Pmovmskb, Psadbw, Pshufw, Pshufd, Pshuflw, Pshufhw, Psubb, Psubw, Psubd,
Psubq, Psubsb, Psubsw, Psubusb, Psubusw, Paddb, Paddw, Paddd, Paddq, Paddsb,
Paddsw, Paddusb, Paddusw, Pavgb, Pavgw, Pinsrw, Pextrw, Pmaxsw, Pmaxub, Pminsw,
Pminub, Pmulhuw, Pmulhw, Pmullw, Pmuludq, Psllw, Pslld, Psllq, Pslldq, Psraw,
Psrad, Psrlw, Psrld, Psrlq, Psrldq, Punpcklbw, Punpcklwd, Punpckldq, Punpcklqdq,
Punpckhqdq, Packusdw, Pcmpgtb, Pcmpgtw, Pcmpgtd, Pcmpeqb, Pcmpeqw, Pcmpeqd,
Emms, Packsswb, Packuswb, Punpckhbw, Punpckhwd, Punpckhdq, Packssdw, Pand,
Pandn, Por, Pxor, Pmaddwd, Rcpps, Rcpss, Rsqrtss, Movsxd, Shufps, Shufpd, Sqrtpd,
Sqrtps, Sqrtsd, Sqrtss, Subpd, Subps, Subsd, Subss, Ucomisd, Ucomiss, Unpckhpd,
Unpckhps, Unpcklpd, Unpcklps, Xorpd, Xorps, Bt, Bts, Btr, Btc, Xlat, Cpuid,
Rsm, Bsf, Bsr, Cmpxchg, Cmpxchg8b, Hlt, Cmc, Lgdt, Sgdt, Lidt, Sidt, Smsw, Lmsw,
Invlpg, Lar, Lsl, Clts, Invd, Wbinvd, Ud2, Wrmsr, Rdtsc, Rdmsr, Rdpmc, Fcom,
Fdivr, Fiadd, Fimul, Ficom, Ficomp, Fidiv, Fidivr, Faddp, Fmulp, Fsubp, Fsubrp,
Fdivp, Fdivrp, Fbld, Fbstp, Ffree, Frstor, Fsave, Fucom, Fucomp, Fldenv, Fstenvm,
Fxch, Fabs, Fxam, Fld1, Fldl2t, Fldl2e, Fldpi, Fldlg2, Fldln2, Fldz, Fyl2x,
Fptan, Fpatan, Fxtract, Fprem1, Fdecstp, Fincstp, Fprem, Fyl2xp1, Fsincos, Frndint,
Fscale, Fsin, Fcos, Ftst, Fstenv, F2xm1, Fnop, Finit, Fclex, Fcompp, Sysenter,
Sysexit, Sldt, Str, Lldt, Ltr, Verr, Verw, Sfence, Lfence, Mfence, Prefetchnta,
Prefetcht0, Prefetcht1, Prefetcht2, Prefetch, Prefetchw, Fxrstor, Fxsave, Ldmxcsr,
Stmxcsr, Fcmovb, Fcmove, Fcmovbe, Fcmovu, Fcmovnb, Fcmovne, Fcmovnbe, Fcmovnu,
Fucomi, Fcomi, Fucomip, Fcomip, Fucompp, Vmcall, Vmlaunch, Vmresume, Vmxoff,
Monitor, Mwait, Xgetbv, Xsetbv, Vmrun, Vmmcall, Vmload, Vmsave, Stgi, Clgi,
Skinit, Invlpga, Swapgs, Rdtscp, Syscall, Sysret, Femms, Getsec, Pshufb, Phaddw,
Phaddd, Phaddsw, Pmaddubsw, Phsubw, Phsubd, Phsubsw, Psignb, Psignw, Psignd,
Pmulhrsw, Pabsb, Pabsw, Pabsd, Movbe, Palignr, Rsqrtps, Vmread, Vmwrite, Svldt,
Rsldt, Svts, Rsts, Xsave, Xrstor, Vmptrld, Vmptrst, Maskmovq, Fnstenv, Fnstcw,
Fstp1, Fneni, Fndisi, Fnclex, Fninit, Fsetpm, Fisttp, Fnsave, Fnstsw, Fxch4,
Fcomp5, Ffreep, Fxch7, Fstp8, Fstp9, Haddpd, Hsubpd, Addsubpd, Addsubps, Movntdq,
Fcom2, Fcomp3, Haddps, Hsubps, Movddup, Movsldup, Cvtsi2sd, Cvtsi2ss, Movntsd,
Movntss, Lddqu, Movshdup, Popcnt, Tzcnt, Lzcnt, Pblendvb, Pblendps, Pblendpd,
Ptest, Movsxbw, Movsxbd, Movsxbq, Movsxwd, Movsxwq, Movsxdq, Muldq, Pcmpeqq,
Movntdqa, Xsaveopt, Maskmovdqu, Ud1, Pcmpgtq, Movzxbw, Movzxbd, Movzxbq, Movzxwd,
Movzxwq, Movzxdq
};
Intel segments:
enum IntelSegment {
None,
es,
cs,
ss,
ds,
fs,
gs
};
Intel flags:
enum IntelFlag {
C,
P,
A,
Z,
S,
T,
I,
D,
O
};
Intel registers:
enum IntelRegistr {
eax,
ecx,
edx,
ebx,
esp,
ebp,
esi,
edi,
r8,
r9,
r10,
r11,
r12,
r13,
r14,
r15
};
A class to work with an Intel command:
class IntelCommand {
public:
uint64 address(); // returns the address of the command
IntelCommandType type(); // returns the type of the command
string text(); // returns the text representation
int size(); // returns the size of the command
int dump(int index); // returns data of the command with the given index
CommandLink link(); // returns the command link
int flags(); // returns command flags
IntelSegment baseSegment(); // returns the base segment
IntelCommandType preffix(); // returns the type of the prefix command
IntelOperand operand(int index); // returns an operand with the given index
};
Operand types:
enum OperandType {
None,
Value,
Registr,
Memory,
SegmentRegistr,
ControlRegistr,
DebugRegistr,
FPURegistr,
HiPartRegistr,
BaseRegistr,
MMXRegistr,
XMMRegistr
};
Operand sizes:
enum OperandSize {
Byte,
Word,
DWord,
QWord,
TByte,
OWord,
FWord
};
A class to work with an operand of the Intel command:
class IntelOperand {
public:
int type(); // returns the type of the operand
OperandSize size(); // returns the size of the operand
int registr(); // returns the register
int baseRegistr(); // returns the base register
int scale(); // returns the scale
uint64 value(); // returns the value
};
A class to work with the list of command links:
class CommandLinks {
public:
CommandLink item(int index); // returns a link with the given index
int count(); // returns the number of links in the list
};
Link types:
enum LinkType {
None,
SEHBlock,
FinallyBlock,
DualSEHBlock,
FilterSEHBlock,
Jmp,
JmpWithFlag,
JmpWithFlagNSFS,
JmpWithFlagNSNA,
JmpWithFlagNSNS,
Call,
Case,
Switch,
Native,
Offset,
GateOffset,
ExtSEHBlock,
MemSEHBlock,
ExtSEHHandler,
VBMemSEHBlock
};
A class to work with a command link:
class CommandLink {
public:
uint64 toAddress(); // returns the address the link refers
LinkType type(); // returns the type of the link
IntelCommand from(); // returns the parent command
};
A class to work with a library:
enum ParamType {
"void",
"byte",
"char",
"short",
"ushort",
"int",
"uint",
"long",
"ulong",
"size_t",
"float",
"double",
"string",
"pointer"
};
enum CallType {
"default",
"cdecl",
"stdcall"
};
class FFILibrary {
public:
string name(); // returns the name
uint64 address(); // returns the address in the memory
void close();
FFIFunction getFunction(string name, ParamType ret, ParamType param1, ...); // returns a function
FFIFunction getFunction(string name, table (ParamType ret, CallType abi, ParamType, ...)); // returns a function
};
A class to work with a foreign function:
class FFIFunction {
string name(); // returns the name
uint64 address(); // returns the address in the memory
};