The script language LUA built into VMProtect is object-oriented: it is very similar to JavaScript in its syntax, ideology and implementation. The script language includes standard classes providing basic functionality and specialized classes giving access to application protection functionality.
Project options:
enum ProjectOption {
None,
Pack,
ImportProtection,
MemoryProtection,
ResourceProtection,
CheckDebugger,
CheckKernelDebugger,
CheckVirtualMachine,
StripFixups,
StripDebugInfo,
DebugMode
}
A class to work with the VMProtect core:
class Core {
public:
string projectFileName(); // returns the name of the project
void saveProject(); // saves the project
string inputFileName(); // returns the name of the source file for the current project
string outputFileName(); // returns the name of the output file for the current project
void setOutputFileName(string name); // sets the name of the output file for the current project
string watermarkName(); // returns the name of the watermark of the current project
void setWatermarkName(string name); // sets the name of the watermark for the current project
int options(); // returns options of the current project
void setOptions(int options); // sets options of the current project
string vmSectionName(); // returns VM segment name for the current project
void setVMSectionName(); // sets VM segment name for the current project
Licenses licenses(); // returns the list of licenses for the current project
Files files(); // returns the list of files for the current project
Watermarks watermarks(); // returns the list of watermarks
PEFile/MacFile inputFile(); // returns source file
PEFile/MacFile outputFile(); // returns output file
PEArchitecture/MacArchitecture inputArchitecture(); // returns source architecture
PEArchitecture/MacArchitecture outputArchitecture(); // returns output architecture
};
A class to work with the list of watermarks:
class Watermarks {
public:
Watermark item(int index); // returns a watermark with the given index
int count(); // returns a number of watermarks in the list
Watermark itemByName(string name); // returns a watermark with the given name
Watermark add(string name, string value); // adds a watermark with the given name and value
}
A class to work with a watermark:
class Watermark {
public:
string name(); // returns the name of the watermark
string value(); // returns the value of the watermarks
bool blocked(); // returns the "Blocked" property
void setBlocked(bool value); // sets the "Blocked" property
}
A class to work with the list of licenses:
class Licenses {
public:
int keyLength(); // returns the length of the key
string publicExp(); // returns the public exponent
string privateExp(); // returns the private exponent
string modulus(); // returns modulus
License item(int index); // returns a license with the given index
int count(); // returns the number of licenses in the list
}
A class to work with a license:
class License {
public:
string date(string format = "%c"); // returns the date of the license
string customerName(); // returns the name of the license owner
string customerEmail(); // returns an e-mail of the license owner
string orderRef(); // returns the order id the license was purchased
string comments(); // returns comments to the license
string serialNumber(); // returns the serial number of the license
bool blocked(); // returns the "Blocked" property
void setBlocked(bool value); // sets the "Blocked" property
}
A class to work with the list of files:
class Files {
public:
File item(int index); // returns a file with the given index
int count(); // returns the number of files in the list
}
A class to work with a file:
class File {
public:
string name(); // returns the name of the file
string fileName(); // returns the filename
int options(); // returns options
void setName(string name); // sets the name of the file
void setFileName(string name); // sets the filename of the file
void setOptions(); // sets options
}
A class to work with custom folders:
class Folders {
public:
int count(); // returns the number of folders in the list
Folder item(int index); // returns a folder with the given index
Folder add(string name); // adds a new folder
void clear(); // clears the list
};
A class to work with a custom folder:
class Folder {
public:
int count(); // returns the number of subfolders
Folder item(int index); // returns a subfolder with the given index
Folder add(string name); // adds a new subfolder
string name(); // returns the name of the folder
void clear(); // clears the list of subfolders
void destroy(); // destroys the folder an all child subfolders
};
Constants to work with the PE format:
enum PEFormat {
// Directory Entries
IMAGE_DIRECTORY_ENTRY_EXPORT,
IMAGE_DIRECTORY_ENTRY_IMPORT,
IMAGE_DIRECTORY_ENTRY_RESOURCE,
IMAGE_DIRECTORY_ENTRY_EXCEPTION,
IMAGE_DIRECTORY_ENTRY_SECURITY,
IMAGE_DIRECTORY_ENTRY_BASERELOC,
IMAGE_DIRECTORY_ENTRY_DEBUG,
IMAGE_DIRECTORY_ENTRY_ARCHITECTURE,
IMAGE_DIRECTORY_ENTRY_TLS,
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT,
IMAGE_DIRECTORY_ENTRY_IAT,
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT,
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR,
// Section characteristics
IMAGE_SCN_CNT_CODE,
IMAGE_SCN_CNT_INITIALIZED_DATA,
IMAGE_SCN_CNT_UNINITIALIZED_DATA,
IMAGE_SCN_MEM_DISCARDABLE,
IMAGE_SCN_MEM_NOT_CACHED,
IMAGE_SCN_MEM_NOT_PAGED,
IMAGE_SCN_MEM_SHARED,
IMAGE_SCN_MEM_EXECUTE,
IMAGE_SCN_MEM_READ,
IMAGE_SCN_MEM_WRITE,
// Resource types
RT_CURSOR,
RT_BITMAP,
RT_ICON,
RT_MENU,
RT_DIALOG,
RT_STRING,
RT_FONTDIR,
RT_FONT,
RT_ACCELERATOR,
RT_RCDATA,
RT_MESSAGETABLE,
RT_GROUP_CURSOR,
RT_GROUP_ICON,
RT_VERSION,
RT_DLGINCLUDE,
RT_PLUGPLAY,
RT_VXD,
RT_ANICURSOR,
RT_ANIICON,
RT_HTML,
RT_MANIFEST,
RT_DLGINIT,
RT_TOOLBAR
};
A class to work with a PE file:
class PEFile {
public:
string name(); // returns the filename
string format(); // returns the "PE" format name
uint64 size(); // returns the size of the file
int count(); // returns the number of architectures in the list
PEArchitecture item(int index); // returns an architecture with the given index
uint64 seek(uint64 offset); // sets a file position
uint64 tell(); // returns a file position
int write(string buffer); // records a buffer to the file
};
A class to work with the PE architecture:
class PEArchitecture {
public:
string name(); // returns the name of the architecture
PEFile file(); // returns the parent file
uint64 entryPoint(); // returns the starting address
uint64 imageBase(); // returns the base offset
OperandSize cpuAddressSize(); // returns bit count of the architecture
uint64 size(); // returns the size of the architecture
PESegments segments(); // returns the list of segments
PESections sections(); // returns the list of sections
PEDirectories directories(); // returns the list of directories
PEImports imports(); // returns the list of imported libraries
PEExports exports(); // returns the list of exported functions
PEResources resources(); // returns the list of resources
PEFixups fixups(); // returns the list of relocations (fixups);
MapFunctions mapFunctions(); // returns the list of functions available for protection
IntelFunctions functions(); // returns the list of protected functions
bool addressSeek(uint64 address); // sets a file position
uint64 seek(uint64 offset); // sets a file position
uint64 tell(); // returns a file position
int write(string buffer); // writes a buffer to a file
};
A class to work with the list of segments for the PE architecture:
class PESegments {
public:
PESegment item(int index); // returns a segment with the given index
int count(); // returns the number of segments in the list
PESegment itemByAddress(uint64 address); // returns the segment at the given address
};
A class to work with a PE architecture segment:
class PESegment {
public:
uint64 address(); // returns the address of the segment
string name(); // returns the name of the segment
uint64 size(); // returns the size of the segment
int physicalOffset(); // returns the file position (offset) of the segment
int physicalSize(); // returns the file size of the segment
int flags(); // returns flags of the segment
bool excludedFromPacking(); // returns the "Excluded from packing" property
void setName(string name); // sets the name of the segment
};
A class to work with the list of PE architecture sections:
class PESections {
public:
PESection item(int index); // returns a section with the given index
int count(); // returns the number of sections in the list
PESection itemByAddress(uint64 address); // returns a section at the given address
};
A class to work with a PE architecture section:
class PESection {
public:
uint64 address(); // returns the address of the section
string name(); // returns the name of the section
uint64 size(); // returns the size of the section
int offset(); // returns the file positions of the section
PESegment segment(); // returns the parent segment
};
A class to work with PE architecture directories:
class PEDirectories {
public:
PEDirectory item(int index); // returns a directory with the given index
int count(); // returns the number of directories in the list
PEDirectory itemByType(int type); // returns a directory of the given type
};
A class to work with a PE architecture directory:
class PEDirectory {
public:
uint64 address(); // returns the address of the directory
string name(); // returns the name of the directory
uint64 size(); // returns the size of the directory
int type(); // returns the type of the directory
void setAddress(uint64 address); // sets the address of the directory
void setSize(int size); // sets the size of the directory
void clear(); // clears the address and the size of the directory
};
A class to work with the list of imported libraries for the PE architecture:
class PEImports {
public:
PEImport item(int index); // returns a library with the given index
int count(); // returns the number of libraries in the list
PEImport itemByName(string name); // returns a library with the given name
};
A class to work with an imported library for the PE architecture :
class PEImport {
public:
string name(); // returns the name of the library
PEImportFunction item(int index); // returns an imported function with the given index
int count(); // returns the number of imported functions
void setName(string name); // sets the name of the library
};
A class to work with a PE architecture imported function:
class PEImportFunction {
public:
uint64 address(); // returns a memory address where the imported function address is stored
string name(); // returns the name of the imported function
};
A class to work with the list of exported functions for the PE architecture :
class PEExports {
public:
string name(); // returns the name of the library
void setName(string name); // sets the name of the library
PEExport item(int index); // returns an exported function with the given index
int count(); // returns the number of exported functions in the list
void clear(); // clears the list
PEExport itemByAddress(uint64 address); // returns an exported function at the given address
PEExport itemByName(string name); // returns an exported function with the given name
};
A class to wotk with a PE architecture exported function:
class PEExport {
public:
uint64 address(); // returns the address of the exported function
string name(); // returns the name of the exported function
void setName(string name); // sets the name of the exported function
int ordinal(); // returns the ordinal of the exported function
string forwardedName(); // returns the name of the function the exported function forwards to
void destroy(); // destroys the exported function
};
A class to work with the list of PE architecture resources:
class PEResources {
public:
PEResource item(int index); // returns a resources with the given index
int count(); // returns the number of resources in the list
void clear(); // clears the list
PEResource itemByType(int type); // returns a resource of the given type
PEResource itemByName(string name); // returns a resource with the given name
};
A class to work with a PE architecture resource:
class PEResource {
public:
PEResource item(int index); // returns a resource with the given index
int count(); // returns the number of resources in the list
void clear(); // clears the list
uint64 address(); // returns the address of the resource
int size(); // returns the size of the resource
string name(); // returns the name of the resource
int type(); // returns the type of the resource
bool isDirectory(); // returns the "Directory" property
void destroy(); // destroys the resource
PEResource itemByName(string name); // returns a resource with the given name
bool excludedFromPacking(); // returns the "Excluded from packing" property
};
A class to work with the list of PE architecture fixups (relocations):
class PEFixups {
public:
PEFixup item(int index); // returns an element with the given index
int count(); // returns the number of elements in the list
PEFixup itemByAddress(uint64 address); // returns an element at the given address
};
A class to work with a PE architecture fixup (relocation):
class PEFixup {
public:
uint64 address(); // returns the address of the element
};
Constants to work with the Mach-O format:
enum MacFormat {
// Load Command Types
LC_SEGMENT,
LC_SYMTAB,
LC_SYMSEG,
LC_THREAD,
LC_UNIXTHREAD,
LC_LOADFVMLIB,
LC_IDFVMLIB,
LC_IDENT,
LC_FVMFILE,
LC_PREPAGE,
LC_DYSYMTAB,
LC_LOAD_DYLIB,
LC_ID_DYLIB,
LC_LOAD_DYLINKER,
LC_PREBOUND_DYLIB,
LC_ROUTINES,
LC_SUB_FRAMEWORK,
LC_SUB_UMBRELLA,
LC_SUB_CLIENT,
LC_SUB_LIBRARY,
LC_TWOLEVEL_HINTS,
LC_PREBIND_CKSUM,
LC_LOAD_WEAK_DYLIB,
LC_SEGMENT_64,
LC_ROUTINES_64,
LC_UUID,
LC_RPATH,
LC_CODE_SIGNATURE,
LC_SEGMENT_SPLIT_INFO,
LC_REEXPORT_DYLIB,
LC_LAZY_LOAD_DYLIB,
LC_ENCRYPTION_INFO,
LC_DYLD_INFO,
LC_DYLD_INFO_ONLY,
LC_LOAD_UPWARD_DYLIB,
LC_VERSION_MIN_MACOSX,
// Section Types
SECTION_TYPE,
SECTION_ATTRIBUTES,
S_REGULAR,
S_ZEROFILL,
S_CSTRING_LITERALS,
S_4BYTE_LITERALS,
S_8BYTE_LITERALS,
S_LITERAL_POINTERS,
S_NON_LAZY_SYMBOL_POINTERS,
S_LAZY_SYMBOL_POINTERS,
S_SYMBOL_STUBS,
S_MOD_INIT_FUNC_POINTERS,
S_MOD_TERM_FUNC_POINTERS,
S_COALESCED,
S_GB_ZEROFILL,
S_INTERPOSING,
S_16BYTE_LITERALS,
S_DTRACE_DOF,
S_LAZY_DYLIB_SYMBOL_POINTERS,
SECTION_ATTRIBUTES_USR,
S_ATTR_PURE_INSTRUCTIONS,
S_ATTR_NO_TOC,
S_ATTR_STRIP_STATIC_SYMS,
S_ATTR_NO_DEAD_STRIP,
S_ATTR_LIVE_SUPPORT,
S_ATTR_SELF_MODIFYING_CODE,
S_ATTR_DEBUG,
SECTION_ATTRIBUTES_SYS,
S_ATTR_SOME_INSTRUCTIONS,
S_ATTR_EXT_RELOC,
S_ATTR_LOC_RELOC
};
A class to work with a Mach-O file:
class MacFile {
public:
string name(); // returns the name of the file
string format(); // returns the name of the "Mach-O" format
uint64 size(); // returns the size of the file
int count(); // returns the number of architectures in the list
MacArchitecture item(int index); // returns an architecture with the given index
uint64 seek(uint64 offset); // sets the file position
uint64 tell(); // returns the file position
int write(string buffer); // writes a buffer to the file
};
A class to work with the Mach-O architecture:
class MacArchitecture {
public:
string name(); // returns the name of the architecture
MacFile file(); // returns the parent file
uint64 entryPoint(); // returns the starting address
OperandSize cpuAddressSize(); // returns bit count of the architecture
uint64 size(); // returns the size of the architecture
MacSegments segments(); // returns the list of segments
MacSections sections(); // returns the list of sections
MacCommands commands(); // returns the list of load commands
MacSymbols symbols(); // returns the list of symbols
MacImports imports(); // returns the list of imported libraries
MacExports exports(); // returns the list of exported functions
MacFixups fixups(); // returns the list of fixups (relocations)
MapFunctions mapFunctions(); // returns the list of functions available for protection
IntelFunctions functions(); // returns the list of protected functions
bool addressSeek(uint64 address); // sets the file position
uint64 seek(uint64 offset); // sets the file position
uint64 tell(); // returns the file position
int write(string buffer); // writes a buffer to the file
};
A class to work with the list of Mach-O architecture segments:
class MacSegments {
public:
MacSegment item(int index); // returns a segment with the given index
int count(); // returns the number of segments in the list
MacSegment itemByAddress(); // returns a segment at the given address
};
A class to work with a Mach-O architecture segment:
class MacSegment {
public:
uint64 address(); // returns the address of the segment
string name(); // returns the name of the segment
uint64 size(); // returns the size of the segment
int physicalOffset(); // returns the file position of the segment
int physicalSize(); // returns the file size of the segment
int flags(); // returns flags of the segment
bool excludedFromPacking(); // returns the "Excluded from packing" property
};
A class to work with the list of Mach-O architecture sections:
class MacSections {
public:
MacSection item(int index); // returns a section with the given index
int count(); // returns the number of sections in the list
MacSection itemByAddress(uint64 address); // returns a section at the given address
};
A class to work with a Mach-O architecture section:
class MacSection {
public:
uint64 address(); // returns the address of the section
string name(); // returns the name of the section
uint64 size(); // returns the size of the section
int offset(); // returns the file position of the section
MacSegment segment(); // returns the parent segment
};
A class to work with the list of Mach-O architecture load commands:
class MacCommands {
public:
MacCommand item(int index); // returns a command with the given index
int count(); // returns the number of command in the list
MacCommand itemByType(int type); // returns a command of the given type
};
A class to work with a Mach-O architecture load command:
class MacCommand {
public:
uint64 address(); // returns the address of the command
int type(); // returns the type of the command
string name(); // returns the name of the command
int size(); // returns the size of the command
};
A class to work with the list of Mach-O architecture symbols:
class MacSymbols {
public:
MacSymbol item(int index); // returns a symbol with the given index
int count(); // returns the number of symbols in the list
};
A class to work with a Mach-O architecture symbol:
class MacSymbol {
public:
uint64 value(); // returns the value of the symbol
string name(); // returns the name of the symbol
};
A class to work with the list of imported libraries for the Mach-O architecture:
class MacImports {
public:
MacImport item(int index); // returns an imported library with the given index
int count(); // returns the number of imported libraries in the list
MacImport itemByName(string name); // returns an imported library with the given name
};
A class to work with a Mach-O architecture imported library:
class MacImport {
public:
string name(); // returns the name of the imported library
MacImportFunction item(int index); // returns an imported function with the given index
int count(); // returns the number of imported functions in the list
void setName(string name); // sets the name of the imported library
};
A class to work with a Mach-O architecture imported function:
class MacImportFunction {
public:
uint64 address(); // returns the memory address where the address of the imported function is stored
string name(); // returns the name of the imported function
};
A class to work with the list of exported functions for the Mach-O architecture:
class MacExports {
public:
string name(); // returns the name of the library
MacExport item(); // returns an exported function with the given index
int count(); // returns the number of exported functions in the list
void clear(); // clears the list
MacExport itemByAddress(uint64 address); // returns an exported function at the given address
MacExport itemByName(string name); // returns an exported function with the given name
};
A class to work with a Mach-O architecture exported function:
class MacExport {
public:
uint64 address(); // returns the address of the exported function
string name(); // returns the name of the exported function
string forwardedName(); // returns the name of the function the exported function is forwarded to
void destroy(); // destroys the exported function
};
A class to work with the list of fixups (relocations) for the Mach-O architecture:
class MacFixups {
public:
MacFixup item(int index); // returns an element with the given index
int count(); // returns the number of elements in the list
MacFixup itemByAddress(uint64 address); // returns an element at the given address
};
A class to work with a Mach-O architecture fixup:
class MacFixup {
public:
uint64 address(); // returns the address of the element
};
A class to work with the list of functions:
class MapFunctions {
public:
MapFunction item(int index); // returns a function with the given index
int count(); // returns the number of functions in the list
MapFunction itemByAddress(uint64 address); // returns a function at the given address
MapFunction itemByName(string name); // returns a function with the given name
};
Types of functions:
enum ObjectType {
Unknown,
Code,
Data,
Export,
Marker,
APIMarker,
Import,
String
};
A class to work with a function:
class MapFunction {
public:
uint64 address(); // returns the address of the function
string name(); // returns the name of the function
ObjectType type(); // returns the type of the function
References references(); // returns the list of references
};
A class to work with the list of references:
class References {
public:
Reference item(int index); // returns a reference with the given index
int count(); // returns the number of references in the list
};
A class to work with a reference:
class Reference {
public:
uint64 address(); // returns the address of the command
uint64 operandAddress(); // returns the address of the references
};
A class to work with the list of Intel functions:
class IntelFunctions {
public:
IntelFunction item(int index); // returns a function with the given index
int count(); // returns the number of functions in the list
void clear(); // clears the list
IntelFunction itemByAddress(uint64 address); // returns a function at the given address
IntelFunction itemByName(string name); // returns a function with the given name
IntelFunction addByAddress(uint64 address, CompilationType type = ctVirtualization);
// Adds a new function with the given address and compilation type
};
Compilation types:
enum CompilationType {
None,
Virtualization,
Mutation,
Ultra
};
A class to work with an Intel function:
class IntelFunction {
public:
uint64 address(); // returns the address of the function
string name(); // returns the name of the function
ObjectType type(); // returns the type of the function
IntelCommand item(int index); // returns a command with the given index
int count(); // returns the number of commands in the list
CompilationType compilationType(); // returns the compilation type
void setCompilationType(CompilationType value); // sets the compilation type
CommandLinks links(); // returns the list of links
IntelCommand itemByAddress(uint64 address); // returns a command at the given address
void destroy(); // destroys the function
Folder folder(); // returns the custom folder
void setFolder(Folder folder); // sets the custom folder
};
Types of Intel commands:
enum IntelCommandType {
Unknown, Push, Pop, Mov, Add, Xor, Test, Lea, Ud0, Ret, Ssh, Crc, Call, Jmp,
Fstsw, Fsqrt, Fchs, Fstcw, Fldcw, Fild, Fist, Fistp, Fld, Fstp, Fst, Fadd,
Fsub, Fsubr, Fisub, Fisubr, Fdiv, Fcomp, Fmul, Repe, Repne, Rep, DB, DW, DD, DQ,
Movs, Cmps, Scas, Movzx, Movsx, Inc, Dec, Les, Lds, Lfs, Lgs, Lss, Xadd, Bswap,
Jxx, And, Sub, Stos, Lods, Nop, Xchg, Pushf, Popf, Sahf, Lahf, Shl, Shr, Sal,
Sar, Rcl, Rcr, Rol, Ror, Shld, Shrd, Loope, Loopne, Loop, Jcxz, In, Ins, Out,
Outs, Wait, Cbw, Cwde, Cdqe, Cwd, Cdq, Cqo, Clc, Stc, Cli, Sti, Cld, Std, Not,
Neg, Div, Imul, Idiv, Mul, Or, Adc, Cmp, Sbb, Pusha, Popa, Clflush, Pause,
Bound, Arpl, Daa, Das, Aaa, Aam, Aad, Aas, Enter, Leave, Int, Into, Iret, Set,
Cmov, Addpd, Addps, Addsd, Addss, Andpd, Andps, Andnpd, Andnps, Cmppd, Cmpps,
Cmpsd, Cmpss, Comisd, Comiss, Cvtdq2ps, Cvtpd2dq, Cvtdq2pd, Cvtpd2pi, Cvtps2pi,
Cvtpd2ps, Cvtps2pd, Cvtpi2pd, Cvtpi2ps, Cvtps2dq, Cvtsd2si, Cvtss2si, Cvtsd2ss,
Cvtss2sd, Cvttpd2pi, Cvttps2pi, Cvttpd2dq, Cvttps2dq, Cvttsd2si, Cvttss2si,
Divpd, Divps, Divsd, Divss, Maxpd, Maxps, Maxsd, Maxss, Minpd, Minps, Minsd,
Minss, Mulpd, Mulps, Mulsd, Mulss, Orpd, Orps, Movd, Movq, Movntq, Movapd, Movaps,
Movdqa, Movdqu, Movdq2q, Movq2dq, Movhlps, Movhpd, Movhps, Movlhps, Movlpd,
Movlps, Movmskpd, Movmskps, Movnti, Movntpd, Movntps, Movsd, Movss, Movupd,
Movups, Pmovmskb, Psadbw, Pshufw, Pshufd, Pshuflw, Pshufhw, Psubb, Psubw, Psubd,
Psubq, Psubsb, Psubsw, Psubusb, Psubusw, Paddb, Paddw, Paddd, Paddq, Paddsb,
Paddsw, Paddusb, Paddusw, Pavgb, Pavgw, Pinsrw, Pextrw, Pmaxsw, Pmaxub, Pminsw,
Pminub, Pmulhuw, Pmulhw, Pmullw, Pmuludq, Psllw, Pslld, Psllq, Pslldq, Psraw,
Psrad, Psrlw, Psrld, Psrlq, Psrldq, Punpcklbw, Punpcklwd, Punpckldq, Punpcklqdq,
Punpckhqdq, Packusdw, Pcmpgtb, Pcmpgtw, Pcmpgtd, Pcmpeqb, Pcmpeqw, Pcmpeqd,
Emms, Packsswb, Packuswb, Punpckhbw, Punpckhwd, Punpckhdq, Packssdw, Pand,
Pandn, Por, Pxor, Pmaddwd, Rcpps, Rcpss, Rsqrtss, Movsxd, Shufps, Shufpd, Sqrtpd,
Sqrtps, Sqrtsd, Sqrtss, Subpd, Subps, Subsd, Subss, Ucomisd, Ucomiss, Unpckhpd,
Unpckhps, Unpcklpd, Unpcklps, Xorpd, Xorps, Bt, Bts, Btr, Btc, Xlat, Cpuid,
Rsm, Bsf, Bsr, Cmpxchg, Cmpxchg8b, Hlt, Cmc, Lgdt, Sgdt, Lidt, Sidt, Smsw, Lmsw,
Invlpg, Lar, Lsl, Clts, Invd, Wbinvd, Ud2, Wrmsr, Rdtsc, Rdmsr, Rdpmc, Fcom,
Fdivr, Fiadd, Fimul, Ficom, Ficomp, Fidiv, Fidivr, Faddp, Fmulp, Fsubp, Fsubrp,
Fdivp, Fdivrp, Fbld, Fbstp, Ffree, Frstor, Fsave, Fucom, Fucomp, Fldenv, Fstenvm,
Fxch, Fabs, Fxam, Fld1, Fldl2t, Fldl2e, Fldpi, Fldlg2, Fldln2, Fldz, Fyl2x,
Fptan, Fpatan, Fxtract, Fprem1, Fdecstp, Fincstp, Fprem, Fyl2xp1, Fsincos, Frndint,
Fscale, Fsin, Fcos, Ftst, Fstenv, F2xm1, Fnop, Finit, Fclex, Fcompp, Sysenter,
Sysexit, Sldt, Str, Lldt, Ltr, Verr, Verw, Sfence, Lfence, Mfence, Prefetchnta,
Prefetcht0, Prefetcht1, Prefetcht2, Prefetch, Prefetchw, Fxrstor, Fxsave, Ldmxcsr,
Stmxcsr, Fcmovb, Fcmove, Fcmovbe, Fcmovu, Fcmovnb, Fcmovne, Fcmovnbe, Fcmovnu,
Fucomi, Fcomi, Fucomip, Fcomip, Fucompp, Vmcall, Vmlaunch, Vmresume, Vmxoff,
Monitor, Mwait, Xgetbv, Xsetbv, Vmrun, Vmmcall, Vmload, Vmsave, Stgi, Clgi,
Skinit, Invlpga, Swapgs, Rdtscp, Syscall, Sysret, Femms, Getsec, Pshufb, Phaddw,
Phaddd, Phaddsw, Pmaddubsw, Phsubw, Phsubd, Phsubsw, Psignb, Psignw, Psignd,
Pmulhrsw, Pabsb, Pabsw, Pabsd, Movbe, Palignr, Rsqrtps, Vmread, Vmwrite, Svldt,
Rsldt, Svts, Rsts, Xsave, Xrstor, Vmptrld, Vmptrst, Maskmovq, Fnstenv, Fnstcw,
Fstp1, Fneni, Fndisi, Fnclex, Fninit, Fsetpm, Fisttp, Fnsave, Fnstsw, Fxch4,
Fcomp5, Ffreep, Fxch7, Fstp8, Fstp9, Haddpd, Hsubpd, Addsubpd, Addsubps, Movntdq,
Fcom2, Fcomp3, Haddps, Hsubps, Movddup, Movsldup, Cvtsi2sd, Cvtsi2ss, Movntsd,
Movntss, Lddqu, Movshdup, Popcnt, Tzcnt, Lzcnt, Pblendvb, Pblendps, Pblendpd,
Ptest, Movsxbw, Movsxbd, Movsxbq, Movsxwd, Movsxwq, Movsxdq, Muldq, Pcmpeqq,
Movntdqa, Xsaveopt, Maskmovdqu, Ud1, Pcmpgtq, Movzxbw, Movzxbd, Movzxbq, Movzxwd,
Movzxwq, Movzxdq
};
Intel segments:
enum IntelSegment {
None,
es,
cs,
ss,
ds,
fs,
gs
};
Intel flags:
enum IntelFlag {
C,
P,
A,
Z,
S,
T,
I,
D,
O
};
Intel registers:
enum IntelRegistr {
eax,
ecx,
edx,
ebx,
esp,
ebp,
esi,
edi,
r8,
r9,
r10,
r11,
r12,
r13,
r14,
r15
};
A class to work with an Intel command:
class IntelCommand {
public:
uint64 address(); // returns the address of the command
IntelCommandType type(); // returns the type of the command
string text(); // returns the text representation
int size(); // returns the size of the command
int dump(int index); // returns data of the command with the given index
CommandLink link(); // returns the command link
int flags(); // returns command flags
IntelSegment baseSegment(); // returns the base segment
IntelCommandType preffix(); // returns the type of the prefix command
IntelOperand operand(int index); // returns an operand with the given index
};
Operand types:
enum OperandType {
None,
Value,
Registr,
Memory,
SegmentRegistr,
ControlRegistr,
DebugRegistr,
FPURegistr,
HiPartRegistr,
BaseRegistr,
MMXRegistr,
XMMRegistr
};
Operand sizes:
enum OperandSize {
Byte,
Word,
DWord,
QWord,
TByte,
OWord,
FWord
};
A class to work with an operand of the Intel command:
class IntelOperand {
public:
int type(); // returns the type of the operand
OperandSize size(); // returns the size of the operand
int registr(); // returns the register
int baseRegistr(); // returns the base register
int scale(); // returns the scale
uint64 value(); // returns the value
};
A class to work with the list of command links:
class CommandLinks {
public:
CommandLink item(int index); // returns a link with the given index
int count(); // returns the number of links in the list
};
Link types:
enum LinkType {
None,
SEHBlock,
FinallyBlock,
DualSEHBlock,
FilterSEHBlock,
Jmp,
JmpWithFlag,
JmpWithFlagNSFS,
JmpWithFlagNSNA,
JmpWithFlagNSNS,
Call,
Case,
Switch,
Native,
Offset,
GateOffset,
ExtSEHBlock,
MemSEHBlock,
ExtSEHHandler,
VBMemSEHBlock
};
A class to work with a command link:
class CommandLink {
public:
uint64 toAddress(); // returns the address the link refers
LinkType type(); // returns the type of the link
IntelCommand from(); // returns the parent command
};
A class to work with a library:
enum ParamType {
"void",
"byte",
"char",
"short",
"ushort",
"int",
"uint",
"long",
"ulong",
"size_t",
"float",
"double",
"string",
"pointer"
};
enum CallType {
"default",
"cdecl",
"stdcall"
};
class FFILibrary {
public:
string name(); // returns the name
uint64 address(); // returns the address in the memory
void close();
FFIFunction getFunction(string name, ParamType ret, ParamType param1, ...); // returns a function
FFIFunction getFunction(string name, table (ParamType ret, CallType abi, ParamType, ...)); // returns a function
};
A class to work with a foreign function:
class FFIFunction {
string name(); // returns the name
uint64 address(); // returns the address in the memory
};