Classes

The script language LUA built into VMProtect is object-oriented: it is very similar to JavaScript in its syntax, ideology and implementation. The script language includes standard classes providing basic functionality and specialized classes giving access to application protection functionality.

Class hierarchy

Core

Project options:

enum ProjectOption {
	None,
	Pack,
	ImportProtection,
	MemoryProtection,
	ResourceProtection,
	CheckDebugger,
	CheckKernelDebugger,
	CheckVirtualMachine,
	StripFixups,
	StripDebugInfo,
	DebugMode
}

A class to work with the VMProtect core:

class Core {
public:
	string projectFileName(); // returns the name of the project
	void saveProject(); // saves the project
	string inputFileName(); // returns the name of the source file for the current project
	string outputFileName(); // returns the name of the output file for the current project
	void setOutputFileName(string name); // sets the name of the output file for the current project
	string watermarkName(); // returns the name of the watermark of the current project
	void setWatermarkName(string name); // sets the name of the watermark for the current project
	int options(); // returns options of the current project                                                            
	void setOptions(int options); // sets options of the current project
	string vmSectionName(); // returns VM segment name for the current project
	void setVMSectionName(); // sets VM segment name for the current project
	Licenses licenses(); // returns the list of licenses for the current project
	Files files(); // returns the list of files for the current project
	Watermarks watermarks(); // returns the list of watermarks
	PEFile/MacFile inputFile(); // returns source file
	PEFile/MacFile outputFile(); // returns output file
	PEArchitecture/MacArchitecture inputArchitecture(); // returns source architecture
	PEArchitecture/MacArchitecture outputArchitecture(); // returns output architecture
};

Watermarks

A class to work with the list of watermarks:

class Watermarks {
public:
	Watermark item(int index); // returns a watermark with the given index
	int count(); // returns a number of watermarks in the list
	Watermark itemByName(string name); // returns a watermark with the given name
	Watermark add(string name, string value); // adds a watermark with the given name and value
}

A class to work with a watermark:

class Watermark {
public:
	string name(); // returns the name of the watermark
	string value(); // returns the value of the watermarks
	bool blocked(); // returns the "Blocked" property
	void setBlocked(bool value); // sets the "Blocked" property
}

Licenses

A class to work with the list of licenses:

class Licenses {
public:
	int keyLength(); // returns the length of the key
	string publicExp(); // returns the public exponent
	string privateExp(); // returns the private exponent
	string modulus(); // returns modulus
	License item(int index); // returns a license with the given index
	int count(); // returns the number of licenses in the list
}

A class to work with a license:

class License {
public:
	string date(string format = "%c"); // returns the date of the license
	string customerName(); // returns the name of the license owner
	string customerEmail(); // returns an e-mail of the license owner
	string orderRef(); // returns the order id the license was purchased
	string comments(); // returns comments to the license
	string serialNumber(); // returns the serial number of the license
	bool blocked(); // returns the "Blocked" property
	void setBlocked(bool value); // sets the "Blocked" property
}

Files

A class to work with the list of files:

class Files {
public:
	File item(int index); // returns a file with the given index
	int count(); // returns the number of files in the list
}

A class to work with a file:

class File {
public:
	string name(); // returns the name of the file
	string fileName(); // returns the filename
	int options(); // returns options
	void setName(string name); // sets the name of the file
	void setFileName(string name); // sets the filename of the file
	void setOptions(); // sets options
}

Folders

A class to work with custom folders:

class Folders {
public:
	int count(); // returns the number of folders in the list
	Folder item(int index); // returns a folder with the given index
	Folder add(string name); // adds a new folder
	void clear(); // clears the list
};

A class to work with a custom folder:

class Folder {
public:
	int count(); // returns the number of subfolders
	Folder item(int index); // returns a subfolder with the given index
	Folder add(string name); // adds a new subfolder
	string name(); // returns the name of the folder
	void clear(); // clears the list of subfolders
	void destroy(); // destroys the folder an all child subfolders
};

PE files

Constants to work with the PE format:

enum PEFormat {
	// Directory Entries
	IMAGE_DIRECTORY_ENTRY_EXPORT,
	IMAGE_DIRECTORY_ENTRY_IMPORT,
	IMAGE_DIRECTORY_ENTRY_RESOURCE,
	IMAGE_DIRECTORY_ENTRY_EXCEPTION,
	IMAGE_DIRECTORY_ENTRY_SECURITY,
	IMAGE_DIRECTORY_ENTRY_BASERELOC,
	IMAGE_DIRECTORY_ENTRY_DEBUG,
	IMAGE_DIRECTORY_ENTRY_ARCHITECTURE,
	IMAGE_DIRECTORY_ENTRY_TLS,
	IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
	IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT,
	IMAGE_DIRECTORY_ENTRY_IAT,
	IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT,
	IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR,
	// Section characteristics
	IMAGE_SCN_CNT_CODE,
	IMAGE_SCN_CNT_INITIALIZED_DATA,
	IMAGE_SCN_CNT_UNINITIALIZED_DATA,
	IMAGE_SCN_MEM_DISCARDABLE,
	IMAGE_SCN_MEM_NOT_CACHED,
	IMAGE_SCN_MEM_NOT_PAGED,
	IMAGE_SCN_MEM_SHARED,
	IMAGE_SCN_MEM_EXECUTE,
	IMAGE_SCN_MEM_READ,
	IMAGE_SCN_MEM_WRITE,
	// Resource types
	RT_CURSOR,
	RT_BITMAP,
	RT_ICON,
	RT_MENU,
	RT_DIALOG,
	RT_STRING,
	RT_FONTDIR,
	RT_FONT,
	RT_ACCELERATOR,
	RT_RCDATA,
	RT_MESSAGETABLE,
	RT_GROUP_CURSOR,
	RT_GROUP_ICON,
	RT_VERSION,
	RT_DLGINCLUDE,
	RT_PLUGPLAY,
	RT_VXD,
	RT_ANICURSOR,
	RT_ANIICON,
	RT_HTML,
	RT_MANIFEST,
	RT_DLGINIT,
	RT_TOOLBAR
};

A class to work with a PE file:

class PEFile {
public:
	string name(); // returns the filename
	string format(); // returns the "PE" format name
	uint64 size(); // returns the size of the file
	int count(); // returns the number of architectures in the list
	PEArchitecture item(int index); // returns an architecture with the given index
	uint64 seek(uint64 offset); // sets a file position
	uint64 tell(); // returns a file position
	int write(string buffer); // records a buffer to the file
};

A class to work with the PE architecture:

class PEArchitecture {
public:
	string name(); // returns the name of the architecture
	PEFile file(); // returns the parent file
	uint64 entryPoint(); // returns the starting address
	uint64 imageBase(); // returns the base offset
	OperandSize cpuAddressSize(); // returns bit count of the architecture
	uint64 size(); // returns the size of the architecture
	PESegments segments(); // returns the list of segments
	PESections sections(); // returns the list of sections
	PEDirectories directories(); // returns the list of directories
	PEImports imports(); // returns the list of imported libraries
	PEExports exports(); // returns the list of exported functions
	PEResources resources(); // returns the list of resources
	PEFixups fixups(); // returns the list of relocations (fixups);
	MapFunctions mapFunctions(); // returns the list of functions available for protection
	IntelFunctions functions(); // returns the list of protected functions
	bool addressSeek(uint64 address); // sets a file position
	uint64 seek(uint64 offset); // sets a file position
	uint64 tell(); // returns a file position
	int write(string buffer); // writes a buffer to a file
};

A class to work with the list of segments for the PE architecture:

class PESegments {
public:
	PESegment item(int index); // returns a segment with the given index
	int count(); // returns the number of segments in the list
	PESegment itemByAddress(uint64 address); // returns the segment at the given address
};

A class to work with a PE architecture segment:

class PESegment {
public:
	uint64 address(); // returns the address of the segment
	string name(); // returns the name of the segment
	uint64 size(); // returns the size of the segment
	int physicalOffset(); // returns the file position (offset) of the segment
	int physicalSize(); // returns the file size of the segment
	int flags(); // returns flags of the segment
	bool excludedFromPacking(); // returns the "Excluded from packing" property
	void setName(string name); // sets the name of the segment
};

A class to work with the list of PE architecture sections:

class PESections {
public:
	PESection item(int index); // returns a section with the given index
	int count(); // returns the number of sections in the list
	PESection itemByAddress(uint64 address); // returns a section at the given address
};

A class to work with a PE architecture section:

class PESection {
public:
	uint64 address(); // returns the address of the section
	string name(); // returns the name of the section
	uint64 size(); // returns the size of the section
	int offset(); // returns the file positions of the section
	PESegment segment(); // returns the parent segment
};

A class to work with PE architecture directories:

class PEDirectories {
public:
	PEDirectory item(int index); // returns a directory with the given index
	int count(); // returns the number of directories in the list
	PEDirectory itemByType(int type); // returns a directory of the given type
};

A class to work with a PE architecture directory:

class PEDirectory {
public:
	uint64 address(); // returns the address of the directory
	string name(); // returns the name of the directory
	uint64 size(); // returns the size of the directory
	int type(); // returns the type of the directory
	void setAddress(uint64 address); // sets the address of the directory
	void setSize(int size); // sets the size of the directory
	void clear(); // clears the address and the size of the directory
};

A class to work with the list of imported libraries for the PE architecture:

class PEImports {
public:
	PEImport item(int index); // returns a library with the given index
	int count(); // returns the number of libraries in the list
	PEImport itemByName(string name); // returns a library with the given name
};

A class to work with an imported library for the PE architecture :

class PEImport {
public:
	string name(); // returns the name of the library
	PEImportFunction item(int index); // returns an imported function with the given index
	int count(); // returns the number of imported functions
	void setName(string name); // sets the name of the library
};

A class to work with a PE architecture imported function:

class PEImportFunction {
public:
	uint64 address(); // returns a memory address where the imported function address is stored
	string name();  // returns the name of the imported function
};

A class to work with the list of exported functions for the PE architecture :

class PEExports {
public:
	string name(); // returns the name of the library
	void setName(string name); // sets the name of the library
	PEExport item(int index); // returns an exported function with the given index
	int count(); // returns the number of exported functions in the list
	void clear(); // clears the list
	PEExport itemByAddress(uint64 address); // returns an exported function at the given address
	PEExport itemByName(string name); // returns an exported function with the given name
};

A class to wotk with a PE architecture exported function:

class PEExport {
public:
	uint64 address(); // returns the address of the exported function
	string name(); // returns the name of the exported function
	void setName(string name); // sets the name of the exported function
	int ordinal();  // returns the ordinal of the exported function
	string forwardedName(); // returns the name of the function the exported function forwards to
	void destroy(); // destroys the exported function
};

A class to work with the list of PE architecture resources:

class PEResources {
public:
	PEResource item(int index); // returns a resources with the given index
	int count(); // returns the number of resources in the list
	void clear(); // clears the list
	PEResource itemByType(int type); // returns a resource of the given type
	PEResource itemByName(string name); // returns a resource with the given name
};

A class to work with a PE architecture resource:

class PEResource {
public:
	PEResource item(int index); // returns a resource with the given index
	int count(); // returns the number of resources in the list
	void clear(); // clears the list
	uint64 address(); // returns the address of the resource
	int size(); // returns the size of the resource
	string name(); // returns the name of the resource
	int type(); // returns the type of the resource
	bool isDirectory(); // returns the "Directory" property
	void destroy(); // destroys the resource
	PEResource itemByName(string name); // returns a resource with the given name
	bool excludedFromPacking(); // returns the "Excluded from packing" property
};

A class to work with the list of PE architecture fixups (relocations):

class PEFixups {
public:
	PEFixup item(int index); // returns an element with the given index
	int count(); // returns the number of elements in the list
	PEFixup itemByAddress(uint64 address); // returns an element at the given address
};

A class to work with a PE architecture fixup (relocation):

class PEFixup {
public:
	uint64 address(); // returns the address of the element
};

Mach-O files

Constants to work with the Mach-O format:

enum MacFormat {
	// Load Command Types
	LC_SEGMENT,
	LC_SYMTAB,
	LC_SYMSEG,
	LC_THREAD,
	LC_UNIXTHREAD,
	LC_LOADFVMLIB,
	LC_IDFVMLIB,
	LC_IDENT,
	LC_FVMFILE,
	LC_PREPAGE,
	LC_DYSYMTAB,
	LC_LOAD_DYLIB,
	LC_ID_DYLIB,
	LC_LOAD_DYLINKER,
	LC_PREBOUND_DYLIB,
	LC_ROUTINES,
	LC_SUB_FRAMEWORK,
	LC_SUB_UMBRELLA,
	LC_SUB_CLIENT,
	LC_SUB_LIBRARY,
	LC_TWOLEVEL_HINTS,
	LC_PREBIND_CKSUM,
	LC_LOAD_WEAK_DYLIB,
	LC_SEGMENT_64,
	LC_ROUTINES_64,
	LC_UUID,
	LC_RPATH,
	LC_CODE_SIGNATURE,
	LC_SEGMENT_SPLIT_INFO,
	LC_REEXPORT_DYLIB,
	LC_LAZY_LOAD_DYLIB,
	LC_ENCRYPTION_INFO,
	LC_DYLD_INFO,
	LC_DYLD_INFO_ONLY,
	LC_LOAD_UPWARD_DYLIB,
	LC_VERSION_MIN_MACOSX,
	// Section Types	
	SECTION_TYPE,
	SECTION_ATTRIBUTES,
	S_REGULAR,
	S_ZEROFILL,
	S_CSTRING_LITERALS,
	S_4BYTE_LITERALS,
	S_8BYTE_LITERALS,
	S_LITERAL_POINTERS,
	S_NON_LAZY_SYMBOL_POINTERS,
	S_LAZY_SYMBOL_POINTERS,
	S_SYMBOL_STUBS,
	S_MOD_INIT_FUNC_POINTERS,
	S_MOD_TERM_FUNC_POINTERS,
	S_COALESCED,
	S_GB_ZEROFILL,
	S_INTERPOSING,
	S_16BYTE_LITERALS,
	S_DTRACE_DOF,
	S_LAZY_DYLIB_SYMBOL_POINTERS,
	SECTION_ATTRIBUTES_USR,
	S_ATTR_PURE_INSTRUCTIONS,
	S_ATTR_NO_TOC,
	S_ATTR_STRIP_STATIC_SYMS,
	S_ATTR_NO_DEAD_STRIP,
	S_ATTR_LIVE_SUPPORT,
	S_ATTR_SELF_MODIFYING_CODE,
	S_ATTR_DEBUG,
	SECTION_ATTRIBUTES_SYS,
	S_ATTR_SOME_INSTRUCTIONS,
	S_ATTR_EXT_RELOC,
	S_ATTR_LOC_RELOC
};

A class to work with a Mach-O file:

class MacFile {
public:
	string name(); // returns the name of the file
	string format(); // returns the name of the "Mach-O" format
	uint64 size(); // returns the size of the file
	int count(); // returns the number of architectures in the list
	MacArchitecture item(int index); // returns an architecture with the given index
	uint64 seek(uint64 offset); // sets the file position
	uint64 tell(); // returns the file position
	int write(string buffer); // writes a buffer to the file
};

A class to work with the Mach-O architecture:

class MacArchitecture {
public:
	string name(); // returns the name of the architecture
	MacFile file(); // returns the parent file
	uint64 entryPoint(); // returns the starting address
	OperandSize cpuAddressSize(); // returns bit count of the architecture
	uint64 size(); // returns the size of the architecture
	MacSegments segments(); // returns the list of segments
	MacSections sections(); // returns the list of sections
	MacCommands commands(); // returns the list of load commands
	MacSymbols symbols(); // returns the list of symbols
	MacImports imports(); // returns the list of imported libraries
	MacExports exports(); // returns the list of exported functions
	MacFixups fixups(); // returns the list of fixups (relocations)
	MapFunctions mapFunctions(); // returns the list of functions available for protection
	IntelFunctions functions(); // returns the list of protected functions
	bool addressSeek(uint64 address); // sets the file position
	uint64 seek(uint64 offset); // sets the file position
	uint64 tell(); // returns the file position
	int write(string buffer); // writes a buffer to the file
};

A class to work with the list of Mach-O architecture segments:

class MacSegments {
public:
	MacSegment item(int index); // returns a segment with the given index
	int count(); // returns the number of segments in the list
	MacSegment itemByAddress(); // returns a segment at the given address
};

A class to work with a Mach-O architecture segment:

class MacSegment {
public:
	uint64 address(); // returns the address of the segment
	string name(); // returns the name of the segment
	uint64 size(); // returns the size of the segment
	int physicalOffset(); // returns the file position of the segment
	int physicalSize(); // returns the file size of the segment
	int flags(); // returns flags of the segment
	bool excludedFromPacking(); // returns the "Excluded from packing" property
};

A class to work with the list of Mach-O architecture sections:

class MacSections {
public:
	MacSection item(int index); // returns a section with the given index
	int count(); // returns the number of sections in the list
	MacSection itemByAddress(uint64 address); // returns a section at the given address
};

A class to work with a Mach-O architecture section:

class MacSection {
public:
	uint64 address(); // returns the address of the section
	string name(); // returns the name of the section
	uint64 size(); // returns the size of the section
	int offset(); // returns the file position of the section
	MacSegment segment(); // returns the parent segment
};

A class to work with the list of Mach-O architecture load commands:

class MacCommands {
public:
	MacCommand item(int index); // returns a command with the given index
	int count(); // returns the number of command in the list
	MacCommand itemByType(int type); // returns a command of the given type
};

A class to work with a Mach-O architecture load command:

class MacCommand {
public:
	uint64 address(); // returns the address of the command
	int type(); // returns the type of the command
	string name(); // returns the name of the command
	int size(); // returns the size of the command
};

A class to work with the list of Mach-O architecture symbols:

class MacSymbols {
public:
	MacSymbol item(int index); // returns a symbol with the given index
	int count(); // returns the number of symbols in the list
};

A class to work with a Mach-O architecture symbol:

class MacSymbol {
public:
	uint64 value(); // returns the value of the symbol
	string name(); // returns the name of the symbol
};

A class to work with the list of imported libraries for the Mach-O architecture:

class MacImports {
public:
	MacImport item(int index); // returns an imported library with the given index
	int count(); // returns the number of imported libraries in the list
	MacImport itemByName(string name); // returns an imported library with the given name
};

A class to work with a Mach-O architecture imported library:

class MacImport {
public:
	string name(); // returns the name of the imported library
	MacImportFunction item(int index); // returns an imported function with the given index
	int count(); // returns the number of imported functions in the list
	void setName(string name); // sets the name of the imported library
};

A class to work with a Mach-O architecture imported function:

class MacImportFunction {
public:
	uint64 address(); // returns the memory address where the address of the imported function is stored
	string name(); // returns the name of the imported function
};

A class to work with the list of exported functions for the Mach-O architecture:

class MacExports {
public:
	string name(); // returns the name of the library
	MacExport item(); // returns an exported function with the given index
	int count(); // returns the number of exported functions in the list
	void clear(); // clears the list
	MacExport itemByAddress(uint64 address); // returns an exported function at the given address
	MacExport itemByName(string name); // returns an exported function with the given name
};

A class to work with a Mach-O architecture exported function:

class MacExport {
public:
	uint64 address(); // returns the address of the exported function
	string name(); // returns the name of the exported function
	string forwardedName(); // returns the name of the function the exported function is forwarded to
	void destroy(); // destroys the exported function
};

A class to work with the list of fixups (relocations) for the Mach-O architecture:

class MacFixups {
public:
	MacFixup item(int index); // returns an element with the given index
	int count(); // returns the number of elements in the list
	MacFixup itemByAddress(uint64 address); // returns an element at the given address
};

A class to work with a Mach-O architecture fixup:

class MacFixup {
public:
	uint64 address(); // returns the address of the element
};

Functions

A class to work with the list of functions:

class MapFunctions {
public:
	MapFunction item(int index); // returns a function with the given index
	int count(); // returns the number of functions in the list
	MapFunction itemByAddress(uint64 address); // returns a function at the given address
	MapFunction itemByName(string name); // returns a function with the given name
};

Types of functions:

enum ObjectType {
	Unknown,
	Code,
	Data,
	Export,
	Marker,
	APIMarker,
	Import,
	String
};

A class to work with a function:

class MapFunction {
public:
	uint64 address(); // returns the address of the function
	string name(); // returns the name of the function
	ObjectType type(); // returns the type of the function
	References references(); // returns the list of references
};

A class to work with the list of references:

class References {
public:
	Reference item(int index); // returns a reference with the given index
	int count(); // returns the number of references in the list
};

A class to work with a reference:

class Reference {
public:
	uint64 address(); // returns the address of the command
	uint64 operandAddress(); // returns the address of the references
};

Intel functions

A class to work with the list of Intel functions:

class IntelFunctions {
public:
	IntelFunction item(int index); // returns a function with the given index
	int count(); // returns the number of functions in the list
	void clear(); // clears the list
	IntelFunction itemByAddress(uint64 address); // returns a function at the given address
	IntelFunction itemByName(string name); // returns a function with the given name
	IntelFunction addByAddress(uint64 address, CompilationType type = ctVirtualization); 
		// Adds a new function with the given address and compilation type
};

Compilation types:

enum CompilationType {
	None,
	Virtualization,
	Mutation,
	Ultra
};

A class to work with an Intel function:

class IntelFunction {
public:
	uint64 address(); // returns the address of the function
	string name(); // returns the name of the function
	ObjectType type(); // returns the type of the function
	IntelCommand item(int index); // returns a command with the given index
	int count(); // returns the number of commands in the list
	CompilationType compilationType(); // returns the compilation type
	void setCompilationType(CompilationType value); // sets the compilation type
	CommandLinks links(); // returns the list of links
	IntelCommand itemByAddress(uint64 address); // returns a command at the given address
	void destroy(); // destroys the function
	Folder folder(); // returns the custom folder
	void setFolder(Folder folder); // sets the custom folder
};

Types of Intel commands:

enum IntelCommandType {
	Unknown, Push, Pop, Mov, Add, Xor, Test, Lea, Ud0, Ret, Ssh, Crc, Call, Jmp, 
	Fstsw, Fsqrt, Fchs, Fstcw, Fldcw, Fild, Fist, Fistp, Fld, Fstp, Fst, Fadd, 
	Fsub, Fsubr, Fisub, Fisubr, Fdiv, Fcomp, Fmul, Repe, Repne, Rep, DB, DW, DD, DQ,
	Movs, Cmps, Scas, Movzx, Movsx, Inc, Dec, Les, Lds, Lfs, Lgs, Lss, Xadd, Bswap,
	Jxx, And, Sub, Stos, Lods, Nop, Xchg, Pushf, Popf, Sahf, Lahf, Shl, Shr, Sal, 
	Sar, Rcl, Rcr, Rol, Ror, Shld, Shrd, Loope, Loopne, Loop, Jcxz, In, Ins, Out, 
	Outs, Wait, Cbw, Cwde, Cdqe, Cwd, Cdq, Cqo, Clc, Stc, Cli, Sti, Cld, Std, Not,
	Neg, Div, Imul, Idiv, Mul, Or, Adc, Cmp, Sbb, Pusha, Popa, Clflush, Pause, 
	Bound, Arpl, Daa, Das, Aaa, Aam, Aad, Aas, Enter, Leave, Int, Into, Iret, Set, 
	Cmov, Addpd, Addps, Addsd, Addss, Andpd, Andps, Andnpd, Andnps, Cmppd, Cmpps, 
	Cmpsd, Cmpss, Comisd, Comiss, Cvtdq2ps, Cvtpd2dq, Cvtdq2pd, Cvtpd2pi, Cvtps2pi,
	Cvtpd2ps, Cvtps2pd, Cvtpi2pd, Cvtpi2ps, Cvtps2dq, Cvtsd2si, Cvtss2si, Cvtsd2ss,
	Cvtss2sd, Cvttpd2pi, Cvttps2pi, Cvttpd2dq, Cvttps2dq, Cvttsd2si, Cvttss2si, 
	Divpd, Divps, Divsd, Divss, Maxpd, Maxps, Maxsd, Maxss, Minpd, Minps, Minsd, 
	Minss, Mulpd, Mulps, Mulsd, Mulss, Orpd, Orps, Movd, Movq, Movntq, Movapd, Movaps,
	Movdqa, Movdqu, Movdq2q, Movq2dq, Movhlps, Movhpd, Movhps, Movlhps, Movlpd, 
	Movlps, Movmskpd, Movmskps, Movnti, Movntpd, Movntps, Movsd, Movss, Movupd, 
	Movups, Pmovmskb, Psadbw, Pshufw, Pshufd, Pshuflw, Pshufhw, Psubb, Psubw, Psubd, 
	Psubq, Psubsb, Psubsw, Psubusb, Psubusw, Paddb, Paddw, Paddd, Paddq, Paddsb, 
	Paddsw, Paddusb, Paddusw, Pavgb, Pavgw, Pinsrw, Pextrw, Pmaxsw, Pmaxub, Pminsw, 
	Pminub, Pmulhuw, Pmulhw, Pmullw, Pmuludq, Psllw, Pslld, Psllq, Pslldq, Psraw, 
	Psrad, Psrlw, Psrld, Psrlq, Psrldq, Punpcklbw, Punpcklwd, Punpckldq, Punpcklqdq, 
	Punpckhqdq, Packusdw, Pcmpgtb, Pcmpgtw, Pcmpgtd, Pcmpeqb, Pcmpeqw, Pcmpeqd, 
	Emms, Packsswb, Packuswb, Punpckhbw, Punpckhwd, Punpckhdq, Packssdw, Pand, 
	Pandn, Por, Pxor, Pmaddwd, Rcpps, Rcpss, Rsqrtss, Movsxd, Shufps, Shufpd, Sqrtpd, 
	Sqrtps, Sqrtsd, Sqrtss, Subpd, Subps, Subsd, Subss, Ucomisd, Ucomiss, Unpckhpd, 
	Unpckhps, Unpcklpd, Unpcklps, Xorpd, Xorps, Bt, Bts, Btr, Btc, Xlat, Cpuid, 
	Rsm, Bsf, Bsr, Cmpxchg, Cmpxchg8b, Hlt, Cmc, Lgdt, Sgdt, Lidt, Sidt, Smsw, Lmsw, 
	Invlpg, Lar, Lsl, Clts, Invd, Wbinvd, Ud2, Wrmsr, Rdtsc, Rdmsr, Rdpmc, Fcom, 
	Fdivr, Fiadd, Fimul, Ficom, Ficomp, Fidiv, Fidivr, Faddp, Fmulp, Fsubp, Fsubrp, 
	Fdivp, Fdivrp, Fbld, Fbstp, Ffree, Frstor, Fsave, Fucom, Fucomp, Fldenv, Fstenvm,
	Fxch, Fabs, Fxam, Fld1, Fldl2t, Fldl2e, Fldpi, Fldlg2, Fldln2, Fldz, Fyl2x, 
	Fptan, Fpatan, Fxtract, Fprem1, Fdecstp, Fincstp, Fprem, Fyl2xp1, Fsincos, Frndint, 
	Fscale, Fsin, Fcos, Ftst, Fstenv, F2xm1, Fnop, Finit, Fclex, Fcompp, Sysenter, 
	Sysexit, Sldt, Str, Lldt, Ltr, Verr, Verw, Sfence, Lfence, Mfence, Prefetchnta, 
	Prefetcht0, Prefetcht1, Prefetcht2, Prefetch, Prefetchw, Fxrstor, Fxsave, Ldmxcsr, 
	Stmxcsr, Fcmovb, Fcmove, Fcmovbe, Fcmovu, Fcmovnb, Fcmovne, Fcmovnbe, Fcmovnu,
	Fucomi, Fcomi, Fucomip, Fcomip, Fucompp, Vmcall, Vmlaunch, Vmresume, Vmxoff, 
	Monitor, Mwait, Xgetbv, Xsetbv, Vmrun, Vmmcall, Vmload, Vmsave, Stgi, Clgi, 
	Skinit, Invlpga, Swapgs, Rdtscp, Syscall, Sysret, Femms, Getsec, Pshufb, Phaddw, 
	Phaddd, Phaddsw, Pmaddubsw, Phsubw, Phsubd, Phsubsw, Psignb, Psignw, Psignd, 
	Pmulhrsw, Pabsb, Pabsw, Pabsd, Movbe, Palignr, Rsqrtps, Vmread, Vmwrite, Svldt, 
	Rsldt, Svts, Rsts, Xsave, Xrstor, Vmptrld, Vmptrst, Maskmovq, Fnstenv, Fnstcw, 
	Fstp1, Fneni, Fndisi, Fnclex, Fninit, Fsetpm, Fisttp, Fnsave, Fnstsw, Fxch4, 
	Fcomp5, Ffreep, Fxch7, Fstp8, Fstp9, Haddpd, Hsubpd, Addsubpd, Addsubps, Movntdq, 
	Fcom2, Fcomp3, Haddps, Hsubps, Movddup, Movsldup, Cvtsi2sd, Cvtsi2ss, Movntsd, 
	Movntss, Lddqu, Movshdup, Popcnt, Tzcnt, Lzcnt, Pblendvb, Pblendps, Pblendpd, 
	Ptest, Movsxbw, Movsxbd, Movsxbq, Movsxwd, Movsxwq, Movsxdq, Muldq, Pcmpeqq, 
	Movntdqa, Xsaveopt, Maskmovdqu, Ud1, Pcmpgtq, Movzxbw, Movzxbd, Movzxbq, Movzxwd, 
	Movzxwq, Movzxdq
};

Intel segments:

enum IntelSegment {
	None,
	es,
	cs,
	ss,
	ds,
	fs,
	gs
};

Intel flags:

enum IntelFlag {
	C,
	P,
	A,
	Z,
	S,
	T,
	I,
	D,
	O
};

Intel registers:

enum IntelRegistr {
	eax,
	ecx,
	edx,
	ebx,
	esp,
	ebp,
	esi,
	edi,
	r8,
	r9,
	r10,
	r11,
	r12,
	r13,
	r14,
	r15
};

A class to work with an Intel command:

class IntelCommand {
public:
	uint64 address(); // returns the address of the command
	IntelCommandType type(); // returns the type of the command
	string text(); // returns the text representation
	int size(); // returns the size of the command
	int dump(int index); // returns data of the command with the given index
	CommandLink link(); // returns the command link
	int flags(); // returns command flags
	IntelSegment baseSegment(); // returns the base segment
	IntelCommandType preffix(); // returns the type of the prefix command
	IntelOperand operand(int index); // returns an operand with the given index
};

Operand types:

enum OperandType {
	None,
	Value,
	Registr,
	Memory,
	SegmentRegistr,
	ControlRegistr,
	DebugRegistr,
	FPURegistr,
	HiPartRegistr,
	BaseRegistr,
	MMXRegistr,
	XMMRegistr
};

Operand sizes:

enum OperandSize {
	Byte,
	Word,
	DWord,
	QWord,
	TByte,
	OWord,
	FWord
};

A class to work with an operand of the Intel command:

class IntelOperand {
public:
	int type(); // returns the type of the operand
	OperandSize size(); // returns the size of the operand
	int registr(); // returns the register
	int baseRegistr(); // returns the base register
	int scale(); // returns the scale
	uint64 value(); // returns the value
};

Link types:

enum LinkType {
	None,
	SEHBlock,
	FinallyBlock,
	DualSEHBlock,
	FilterSEHBlock,
	Jmp,
	JmpWithFlag,
	JmpWithFlagNSFS,
	JmpWithFlagNSNA,
	JmpWithFlagNSNS,
	Call,
	Case,
	Switch,
	Native,
	Offset,
	GateOffset,
	ExtSEHBlock,
	MemSEHBlock,
	ExtSEHHandler,
	VBMemSEHBlock
};
class CommandLink {
public:
	uint64 toAddress(); // returns the address the link refers
	LinkType type(); // returns the type of the link
	IntelCommand from(); // returns the parent command
};

A class to work with a library:

enum ParamType {
	"void",
	"byte",
	"char",
	"short",
	"ushort",
	"int",
	"uint",
	"long",
	"ulong",
	"size_t",
	"float",
	"double",
	"string",
	"pointer"
};

enum CallType {
	"default", 
	"cdecl", 
	"stdcall"
};

class FFILibrary {
public:
	string name(); // returns the name 
	uint64 address(); // returns the address in the memory
	void close();
	FFIFunction getFunction(string name, ParamType ret, ParamType param1, ...); // returns a function
	FFIFunction getFunction(string name, table (ParamType ret, CallType abi, ParamType, ...)); // returns a function
};

A class to work with a foreign function:

class FFIFunction {
	string name(); // returns the name
	uint64 address(); // returns the address in the memory
};





© 2006-2015 Copyright VMProtect Software