VMP1.20的Opcode识别脚本
前言:前一阵学习了wangdell的<VMProtect1.2x总结>,受益非浅.于是照着写了个OD脚本,大部分Opcode名称与wangdell的命名相同,个别不同的纯属个人习惯,仅供参考.由于水平有限,接触的VMP程序程序不多,难免有错误的地方,请高手多多指教.// VMProtect1.2x Find OPcode Script
// Writen By DarkBull
data:
var codebase
var codesize
var init
var loopep
var optbl
var opaddr
var opcode
var opcnt
var findcnt
var loopcnt
var temp
code:
gmi eip,CODEBASE
mov codebase,$RESULT
gmi eip,CODESIZE
mov codesize,$RESULT
findinit:
find codebase,#??????????????????68000000008B742428#
cmp $RESULT,0
jne vminit
input1:
mov $RESULT,0
ask "Plese Input VMP Base Address:"
cmp $RESULT,0
je input1
find $RESULT,#??????????????????68000000008B742428#
cmp $RESULT,0
je error
vminit:
mov temp,$RESULT
lbl $RESULT,"VM_Init"
mov init,$RESULT
findep:
find temp,#033424#
cmp $RESULT,0
je error
add $RESULT,3
mov temp,$RESULT
lbl $RESULT,"VM_LoopEP"
mov loopep,$RESULT
findoptb:
find temp,#FF??85#
cmp $RESULT,0
je error
add $RESULT,3
mov optbl,[$RESULT]
lbl optbl,"VM_OP_Table"
// ************************************************************************************************************************
findop:
mov opaddr,
gn opaddr
cmp $RESULT,0
jne findnext
inc findcnt
mov opcode,,1
cmp opcode,0F
je op2b
cmp opcode,54
je VM_PUSH_ESP
cmp opcode,58
jb find@1
cmp opcode,5A
ja find@1
jmp popreg
find@1:
cmp opcode,5B
je ret1
cmp opcode,5C
je VM_POP_ESP
cmp opcode,5D
jb find@2
cmp opcode,5F
ja find@2
jmp ret1
find@2:
cmp opcode,66
je prefix
cmp opcode,88
je lodsb1
cmp opcode,89
je lodsdw1
cmp opcode,8A
je lodsb1
cmp opcode,8B
je lodsdw1
cmp opcode,09B
je VM_WAIT
cmp opcode,09D
je ret1
cmp opcode,0AC
je lodsb1
cmp opcode,0AD
je lodsdw1
cmp opcode,0C7
je ret2
cmp opcode,0D8
jb find@3
cmp opcode,0DF
ja find@3
jmp fpu
find@3:
cmp opcode,0F7
je norw
jmp error
op2b:
mov opcode,,1
cmp opcode,20
je spr1
cmp opcode,21
je spr2
cmp opcode,0B6
je lodsb1
cmp opcode,0B7
je lodsw1
jmp error
spr1:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,0
je VM_PUSH_CR0
cmp opcode,1
je VM_PUSH_CR1
cmp opcode,2
je VM_PUSH_CR2
cmp opcode,3
je VM_PUSH_CR3
cmp opcode,4
je VM_PUSH_CR4
cmp opcode,5
je VM_PUSH_CR5
cmp opcode,6
je VM_PUSH_CR6
cmp opcode,7
je VM_PUSH_CR7
jmp error
spr2:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,0
je VM_PUSH_DR0
cmp opcode,1
je VM_PUSH_DR1
cmp opcode,2
je VM_PUSH_DR2
cmp opcode,3
je VM_PUSH_DR3
cmp opcode,4
je VM_PUSH_DR4
cmp opcode,5
je VM_PUSH_DR5
cmp opcode,6
je VM_PUSH_DR6
cmp opcode,7
je VM_PUSH_DR7
jmp error
popreg:
mov opcode,,1
cmp opcode,01
je adddw
cmp opcode,0F
je pop2b
cmp opcode,26
je mov1
cmp opcode,28
je popsub
cmp opcode,2E
je mov1
cmp opcode,36
je mov1
cmp opcode,3E
je mov1
cmp opcode,58
jb pop@1
cmp opcode,5A
ja pop@1
jmp pop2
pop@1:
cmp opcode,5B
jb pop@2
cmp opcode,5F
ja pop@2
jmp ret1
pop@2:
cmp opcode,64
je mov1
cmp opcode,65
je mov1
cmp opcode,66
je poppref
cmp opcode,88
je popmovb
cmp opcode,89
je popmovdw
cmp opcode,8A
je popmovb
cmp opcode,8B
je popmovdw
cmp opcode,8F
je VM_MOV_DS1_S2
cmp opcode,9D
je ret1
cmp opcode,0E9
je gr1
cmp opcode,0F7
je nordw
cmp opcode,0FF
je VM_MOV_S1_DS1
jmp error
adddw:
mov opcode,,2
cmp opcode,2404
je add@1
cmp opcode,240C
je add@1
cmp opcode,2414
je add@1
jmp error
add@1:
mov opcode,,2
cmp opcode,9C66
je VM_ADD_F
jmp VM_ADD
pop2b:
mov opcode,,1
cmp opcode,22
je spr3
cmp opcode,23
je spr4
jmp error
spr3:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,0
je VM_POP_CR0
cmp opcode,1
je VM_POP_CR1
cmp opcode,2
je VM_POP_CR2
cmp opcode,3
je VM_POP_CR3
cmp opcode,4
je VM_POP_CR4
cmp opcode,5
je VM_POP_CR5
cmp opcode,6
je VM_POP_CR6
cmp opcode,7
je VM_POP_CR7
jmp error
spr4:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,0
je VM_POP_DR0
cmp opcode,1
je VM_POP_DR1
cmp opcode,2
je VM_POP_DR2
cmp opcode,3
je VM_POP_DR3
cmp opcode,4
je VM_POP_DR4
cmp opcode,5
je VM_POP_DR5
cmp opcode,6
je VM_POP_DR6
cmp opcode,7
je VM_POP_DR7
jmp error
mov1:
mov opcode,,2
cmp opcode,08A26
je VM_MOVB_S1_ES1
cmp opcode,08A2E
je VM_MOVB_S1_CS1
cmp opcode,08A36
je VM_MOVB_S1_SS1
cmp opcode,08A3E
je VM_MOVB_S1_DS1
cmp opcode,08A64
je VM_MOVB_S1_FS1
cmp opcode,08A65
je VM_MOVB_S1_GS1
cmp opcode,8F26
je VM_MOV_ES1_S2
cmp opcode,8F2E
je VM_MOV_CS1_S2
cmp opcode,8F36
je VM_MOV_SS1_S2
cmp opcode,8F3E
je VM_MOV_DS1_S2
cmp opcode,8F64
je VM_MOV_FS1_S2
cmp opcode,8F65
je VM_MOV_GS1_S2
cmp opcode,0FF26
je VM_MOV_S1_ES1
cmp opcode,0FF2E
je VM_MOV_S1_CS1
cmp opcode,0FF36
je VM_MOV_S1_SS1
cmp opcode,0FF3E
je VM_MOV_S1_DS1
cmp opcode,0FF64
je VM_MOV_S1_FS1
cmp opcode,0FF65
je VM_MOV_S1_GS1
jmp error
popsub:
mov opcode,,2
cmp opcode,08A26
je VM_MOVB_S1_ES1
cmp opcode,08A2E
je VM_MOVB_S1_CS1
cmp opcode,08A36
je VM_MOVB_S1_SS1
cmp opcode,08A3E
je VM_MOVB_S1_DS1
cmp opcode,08A64
je VM_MOVB_S1_FS1
cmp opcode,08A65
je VM_MOVB_S1_GS1
jmp error
pop2:
mov opcode,,1
cmp opcode,58
jb pop2@1
cmp opcode,5A
ja pop2@1
jmp pop3
pop2@1:
cmp opcode,5B
jb pop2@2
cmp opcode,5F
ja pop2@2
jmp ret1
pop2@2:
cmp opcode,66
je pop2pr
cmp opcode,9D
je ret1
cmp opcode,0F7
je muldw
jmp error
pop3:
mov opcode,,1
cmp opcode,5B
jb pop3@1
cmp opcode,5F
ja pop3@1
jmp ret1
pop3@1:
cmp opcode,9D
je ret1
cmp opcode,0F7
je divdw
jmp error
divdw:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,6
je VM_DIV
cmp opcode,7
je VM_IDIV
jmp error
pop2pr:
mov opcode,,1
cmp opcode,58
jb error
cmp opcode,5A
ja error
mov opcode,,2
cmp opcode,0A50F
je VM_SHLD_F
cmp opcode,0AD0F
je VM_SHRD_F
jmp error
muldw:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,4
je VM_MUL_F
cmp opcode,5
je VM_IMUL_F
jmp error
poppref:
mov opcode,,1
cmp opcode,26
je mov2
cmp opcode,2E
je mov2
cmp opcode,36
je mov2
cmp opcode,3E
je mov2
cmp opcode,58
jb popr@1
cmp opcode,5A
ja popr@1
jmp poprpo
popr@1:
cmp opcode,64
je mov2
cmp opcode,65
je mov2
cmp opcode,8F
je VM_MOVW_DS1_S2
cmp opcode,0FF
je VM_MOVW_S1_DS1
jmp error
mov2:
mov opcode,,2
cmp opcode,8F26
je VM_MOVW_ES1_S2
cmp opcode,8F2E
je VM_MOVW_CS1_S2
cmp opcode,8F36
je VM_MOVW_SS1_S2
cmp opcode,8F3E
je VM_MOVW_DS1_S2
cmp opcode,8F64
je VM_MOVW_FS1_S2
cmp opcode,8F65
je VM_MOVW_GS1_S2
cmp opcode,0FF26
je VM_MOVW_S1_ES1
cmp opcode,0FF2E
je VM_MOVW_S1_CS1
cmp opcode,0FF36
je VM_MOVW_S1_SS1
cmp opcode,0FF3E
je VM_MOVW_S1_DS1
cmp opcode,0FF64
je VM_MOVW_S1_FS1
cmp opcode,0FF65
je VM_MOVW_S1_GS1
mov opcode,,3
cmp opcode,0B60F26
je VM_MOVB_S1_ES1
cmp opcode,0B60F2E
je VM_MOVB_S1_CS1
cmp opcode,0B60F36
je VM_MOVB_S1_SS1
cmp opcode,0B60F3E
je VM_MOVB_S1_DS1
cmp opcode,0B60F64
je VM_MOVB_S1_FS1
cmp opcode,0B60F65
je VM_MOVB_S1_GS1
jmp error
poprpo:
mov opcode,,1
cmp opcode,26
je mov3
cmp opcode,2E
je mov3
cmp opcode,36
je mov3
cmp opcode,3E
je mov3
cmp opcode,64
je mov3
cmp opcode,65
je mov3
cmp opcode,88
je VM_MOVB_DS1_S2
cmp opcode,0D3
je shdw
jmp error
mov3:
mov opcode,,2
cmp opcode,8826
je VM_MOVB_ES1_S2
cmp opcode,882E
je VM_MOVB_CS1_S2
cmp opcode,8836
je VM_MOVB_SS1_S2
cmp opcode,883E
je VM_MOVB_DS1_S2
cmp opcode,8864
je VM_MOVB_FS1_S2
cmp opcode,8865
je VM_MOVB_GS1_S2
jmp error
shdw:
mov opcode,,1
cmp opcode,0E0
je shldw
cmp opcode,0E2
je shldw
cmp opcode,0E8
je shrdw
cmp opcode,0EA
je shrdw
jmp error
shldw:
mov opcode,,2
cmp opcode,9C66
je VM_SHL_F
jmp VM_SHL
shrdw:
mov opcode,,2
cmp opcode,9C66
je VM_SHR_F
jmp VM_SHR
popmovb:
mov opcode,,2
cmp opcode,5066
je VM_MOVB_S1_DS1
jmp error
popmovdw:
mov opcode,,1
cmp opcode,0C4
je VM_POP_ESP
cmp opcode,0CC
je VM_POP_ESP
cmp opcode,0D4
je VM_POP_ESP
cmp opcode,0C6
je VM_JMP
cmp opcode,0CE
je VM_JMP
cmp opcode,0D6
je VM_JMP
jmp error
gr1:
mov opcode,,1
cmp opcode,58
je VM_POP_EAX
cmp opcode,59
je VM_POP_ECX
cmp opcode,5A
je VM_POP_EDX
jmp error
nordw:
mov opcode,,2
cmp opcode,9C66
je VM_NOR_F
jmp VM_NOR
prefix:
mov opcode,,1
cmp opcode,6
je VM_PUSH_ES
cmp opcode,7
je VM_POP_ES
cmp opcode,0E
je VM_PUSH_CS
cmp opcode,0F
je sr1
cmp opcode,16
je VM_PUSH_SS
cmp opcode,17
je VM_POP_SS
cmp opcode,1E
je VM_PUSH_DS
cmp opcode,1F
je VM_POP_DS
cmp opcode,54
je VM_PUSH_SP
cmp opcode,58
jb pref@1
cmp opcode,5A
ja pref@1
jmp prefpop
pref@1:
cmp opcode,5C
je VM_POP_SP
cmp opcode,89
je lodsw1
cmp opcode,8B
je lodsw1
cmp opcode,8C
je sr3
cmp opcode,0AD
je lodsw1
jmp error
sr1:
mov opcode,,1
cmp opcode,0A0
je VM_PUSH_FS
cmp opcode,0A1
je VM_POP_FS
cmp opcode,0A8
je VM_PUSH_GS
cmp opcode,0A9
je VM_POP_GS
jmp error
prefpop:
mov opcode,,1
cmp opcode,0
je addb
cmp opcode,66
je prpopr
cmp opcode,0E9
je gr2
jmp error
addb:
mov opcode,,2
cmp opcode,9C66
je VM_ADDB_F
jmp VM_ADDB
prpopr:
mov opcode,,1
cmp opcode,1
je addw
cmp opcode,58
jb ppop@1
cmp opcode,5A
ja ppop@1
jmp prpo2
ppop@1:
cmp opcode,89
je popsp
cmp opcode,8E
je sr2
jmp error
addw:
mov opcode,,2
cmp opcode,9C66
je VM_ADDW_F
jmp VM_ADDW
prpo2:
mov opcode,,1
cmp opcode,66
je prpo2pr
cmp opcode,0D2
je shb
cmp opcode,0F6
je prpo2ex
prpo2pr:
mov opcode,,1
cmp opcode,58
jb pp2p@1
cmp opcode,5A
ja pp2p@1
jmp prpo3
pp2p@1:
cmp opcode,0D3
je shw
cmp opcode,0F7
je mulw
jmp error
prpo3:
mov opcode,,2
cmp opcode,0F766
je divw
jmp error
divw:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,6
je VM_DIVW
cmp opcode,7
je VM_IDIVW
jmp error
shw:
mov opcode,,1
cmp opcode,0E0
je shlwcode
cmp opcode,0E2
je shlwcode
cmp opcode,0E8
je shrwcode
cmp opcode,0EA
je shrwcode
shlwcode:
mov opcode,,2
cmp opcode,9C66
je VM_SHLW_F
jmp VM_SHLW
shrwcode:
mov opcode,,2
cmp opcode,9C66
je VM_SHRW_F
jmp VM_SHRW
mulw:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,4
je VM_MULW_F
cmp opcode,5
je VM_IMULW_F
jmp error
shb:
mov opcode,,1
cmp opcode,0E0
je shlb
cmp opcode,0E2
je shlb
cmp opcode,0E8
je shrb
cmp opcode,0EA
je shrb
jmp error
shlb:
mov opcode,,2
cmp opcode,9C66
je VM_SHLB_F
jmp VM_SHLB
shrb:
mov opcode,,2
cmp opcode,9C66
je VM_SHRB_F
jmp VM_SHRB
prpo2ex:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,2
je norb
cmp opcode,4
je VM_MULB_F
cmp opcode,5
je VM_IMULB_F
cmp opcode,6
je VM_DIVB
cmp opcode,7
je VM_IDIVB
jmp error
norb:
mov opcode,,2
cmp opcode,9C66
je VM_NORB_F
jmp VM_NORB
popsp:
mov opcode,,1
cmp opcode,0C4
je VM_POP_SP
cmp opcode,0CC
je VM_POP_SP
cmp opcode,0D4
je VM_POP_SP
jmp error
sr2:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,0
je VM_POP_ES
cmp opcode,1
je VM_POP_CS
cmp opcode,2
je VM_POP_SS
cmp opcode,3
je VM_POP_DS
cmp opcode,4
je VM_POP_FS
cmp opcode,5
je VM_POP_GS
jmp error
gr2:
mov opcode,,1
cmp opcode,58
je VM_POP_AX
cmp opcode,59
je VM_POP_CX
cmp opcode,5A
je VM_POP_DX
jmp error
lodsw1:
mov opcode,,1
cmp opcode,0C4
je VM_PUSH_SP
cmp opcode,0CC
je VM_PUSH_SP
cmp opcode,0D4
je VM_PUSH_SP
mov $RESULT,opaddr
mov loopcnt,2
lodsw@1:
find $RESULT,#E9#
cmp $RESULT,0
je error
mov temp,loopep
sub temp,$RESULT
sub temp,5
cmp temp,[$RESULT+1]
jne lodsw@1
lodsw@2:
preop $RESULT
mov opcode,[$RESULT],1
cmp opcode,50
je VM_PUSHD_IMM16
cmp opcode,51
je VM_PUSHD_IMM16
cmp opcode,52
je VM_PUSHD_IMM16
mov opcode,[$RESULT],2
cmp opcode,5066
je VM_PUSH_IMM16
cmp opcode,5166
je VM_PUSH_IMM16
cmp opcode,5266
je VM_PUSH_IMM16
sub loopcnt,1
cmp loopcnt,0
jne lodsw@2
jmp error
sr3:
mov opcode,,1
shr opcode,3
and opcode,7
cmp opcode,0
je VM_PUSH_ES
cmp opcode,1
je VM_PUSH_CS
cmp opcode,2
je VM_PUSH_SS
cmp opcode,3
je VM_PUSH_DS
cmp opcode,4
je VM_PUSH_FS
cmp opcode,5
je VM_PUSH_GS
jmp error
lodsb1:
mov $RESULT,opaddr
mov loopcnt,2
lodsb@1:
find $RESULT,#E9#
cmp $RESULT,0
je error
mov temp,loopep
sub temp,$RESULT
sub temp,5
cmp temp,[$RESULT+1]
jne lodsb@1
lodsb@2:
preop $RESULT
mov opcode,[$RESULT],1
cmp opcode,50
jb lodsb@3
cmp opcode,52
ja lodsb@3
preop $RESULT
mov opcode,[$RESULT],3
cmp opcode,87048B
je VM_PUSH_CTX
cmp opcode,870C8B
je VM_PUSH_CTX
cmp opcode,87148B
je VM_PUSH_CTX
jne VM_PUSHD_IMM8
lodsb@3:
cmp opcode,66
jne lodsb@5
mov opcode,[$RESULT+1],1
cmp opcode,50
jb lodsb@4
cmp opcode,52
ja lodsb@4
preop $RESULT
mov opcode,[$RESULT],3
cmp opcode,87048A
je VM_PUSH_CTXB0
cmp opcode,870C8A
je VM_PUSH_CTXB0
cmp opcode,87148A
je VM_PUSH_CTXB0
mov opcode,[$RESULT],4
cmp opcode,187448A
je VM_PUSH_CTXB1
cmp opcode,1874C8A
je VM_PUSH_CTXB1
cmp opcode,187548A
je VM_PUSH_CTXB1
cmp opcode,87048B66
je VM_PUSH_CTXW
cmp opcode,870C8B66
je VM_PUSH_CTXW
cmp opcode,87148B66
je VM_PUSH_CTXW
jmp VM_PUSH_IMM8
lodsb@4:
mov opcode,[$RESULT+1],3
cmp opcode,870489
je VM_POP_CTXW
cmp opcode,870C89
je VM_POP_CTXW
cmp opcode,871489
je VM_POP_CTXW
cmp opcode,87048F
je VM_POP_CTXW
cmp opcode,8734FF
je VM_PUSH_CTXW
jmp error
lodsb@5:
mov opcode,[$RESULT],3
cmp opcode,870488
je VM_POP_CTXB0
cmp opcode,870C88
je VM_POP_CTXB0
cmp opcode,871488
je VM_POP_CTXB0
cmp opcode,8734FF
je VM_PUSH_CTX
cmp opcode,87048F
je VM_POP_CTX
cmp opcode,870489
je VM_POP_CTX
cmp opcode,870C89
je VM_POP_CTX
cmp opcode,871489
je VM_POP_CTX
mov opcode,[$RESULT],4
cmp opcode,1874488
je VM_POP_CTXB1
cmp opcode,1874C88
je VM_POP_CTXB1
cmp opcode,1875488
je VM_POP_CTXB1
sub loopcnt,1
cmp loopcnt,0
jne lodsb@2
jmp error
lodsdw1:
mov opcode,,1
cmp opcode,0E0
je VM_PUSH_ESP
cmp opcode,0E1
je VM_PUSH_ESP
cmp opcode,0E2
je VM_PUSH_ESP
mov $RESULT,opaddr
mov loopcnt,2
lodsdw@1:
find $RESULT,#E9#
cmp $RESULT,0
je error
mov temp,loopep
sub temp,$RESULT
sub temp,5
cmp temp,[$RESULT+1]
jne lodsdw@1
lodsdw@2:
preop $RESULT
mov opcode,[$RESULT],1
cmp opcode,50
je VM_PUSH_IMM32
cmp opcode,51
je VM_PUSH_IMM32
cmp opcode,52
je VM_PUSH_IMM32
sub loopcnt,1
cmp loopcnt,0
jne lodsdw@2
jmp error
ret1:
mov opcode,,1
jmp ret@1
ret2:
mov opcode,,1
ret@1:
cmp opcode,0C3
je VM_RETN
cmp opcode,0CB
je VM_RETF
jmp error
fpu:
mov opcode,,2
cmp opcode,0F0D9
je VM_F2XM1
cmp opcode,0E1D9
je VM_FABS
cmp opcode,04D8
je VM_FADD
cmp opcode,04DC
je VM_FADDQ
cmp opcode,0E0D9
je VM_FCHS
cmp opcode,0E2DB
je VM_FCLEX
cmp opcode,1CD8
je VM_FCOMP
cmp opcode,1CDC
je VM_FCOMPQ
cmp opcode,0FFD9
je VM_FCOS
cmp opcode,0F6D9
je VM_FDECSTP
cmp opcode,34D8
je VM_FDIV
cmp opcode,34DC
je VM_FDIVQ
cmp opcode,04DB
je VM_FILD
cmp opcode,2CDF
je VM_FILDQ
cmp opcode,0F7D9
je VM_FINCSTP
cmp opcode,0E3DB
je VM_FINIT
cmp opcode,1CDB
je VM_FISTP
cmp opcode,3CDF
je VM_FISTPQ
cmp opcode,1CDF
je VM_FISTPW
cmp opcode,24DA
je VM_FISUB
cmp opcode,24DE
je VM_FISUBW
cmp opcode,04D9
je VM_FLD
cmp opcode,04DD
je VM_FLDQ
cmp opcode,2CDB
je VM_FLDT
cmp opcode,0E8D9
je VM_FLD1
cmp opcode,2CD9
je VM_FLDCW
cmp opcode,0ECD9
je VM_FLDLG2
cmp opcode,0EDD9
je VM_FLDLN2
cmp opcode,0EBD9
je VM_FLDPI
cmp opcode,0EED9
je VM_FLDZ
cmp opcode,0CD8
je VM_FMUL
cmp opcode,0CDC
je VM_FMULQ
cmp opcode,0F3D9
je VM_FPATAN
cmp opcode,0F8D9
je VM_FPREM
cmp opcode,0F5D9
je VM_FPREM1
cmp opcode,0F2D9
je VM_FPTAN
cmp opcode,0FCD9
je VM_FRNDINT
cmp opcode,0FED9
je VM_FSIN
cmp opcode,0FAD9
je VM_FSQRT
cmp opcode,14D9
je VM_FST
cmp opcode,14DD
je VM_FSTQ
cmp opcode,3CD9
je VM_FSTCW
cmp opcode,1CD9
je VM_FSTP
cmp opcode,1CDD
je VM_FSTPQ
cmp opcode,3CDB
je VM_FSTPT
cmp opcode,0E0DF
je VM_FSTSW
cmp opcode,24D8
je VM_FSUB
cmp opcode,24DC
je VM_FSUBQ
cmp opcode,2CD8
je VM_FSUBR
cmp opcode,2CDC
je VM_FSUBRQ
cmp opcode,0E4D9
je VM_FTST
cmp opcode,0F1D9
je VM_FYL2X
jmp error
norw:
mov opcode,,2
cmp opcode,9C66
je VM_NORW_F
jmp VM_NORW
// ************************************************************************************************************************
VM_ADDB:
lbl opaddr,"VM_ADDB"
jmp findnext
VM_ADDB_F:
lbl opaddr,"VM_ADDB_F"
jmp findnext
VM_ADDW:
lbl opaddr,"VM_ADDW"
jmp findnext
VM_ADDW_F:
lbl opaddr,"VM_ADDW_F"
jmp findnext
VM_ADD:
lbl opaddr,"VM_ADD"
jmp findnext
VM_ADD_F:
lbl opaddr,"VM_ADD_F"
jmp findnext
VM_MULB_F:
lbl opaddr,"VM_MULB_F"
jmp findnext
VM_MULW_F:
lbl opaddr,"VM_MULW_F"
jmp findnext
VM_MUL_F:
lbl opaddr,"VM_MUL_F"
jmp findnext
VM_IMULB_F:
lbl opaddr,"VM_IMULB_F"
jmp findnext
VM_IMULW_F:
lbl opaddr,"VM_IMULW_F"
jmp findnext
VM_IMUL_F:
lbl opaddr,"VM_IMUL_F"
jmp findnext
VM_DIVB:
lbl opaddr,"VM_DIVB"
jmp findnext
VM_DIVW:
lbl opaddr,"VM_DIVW"
jmp findnext
VM_DIV:
lbl opaddr,"VM_DIV"
jmp findnext
VM_IDIVB:
lbl opaddr,"VM_IDIVB"
jmp findnext
VM_IDIVW:
lbl opaddr,"VM_IDIVW"
jmp findnext
VM_IDIV:
lbl opaddr,"VM_IDIV"
jmp findnext
VM_SHLB:
lbl opaddr,"VM_SHLB"
jmp findnext
VM_SHLB_F:
lbl opaddr,"VM_SHLB_F"
jmp findnext
VM_SHLW:
lbl opaddr,"VM_SHLW"
jmp findnext
VM_SHLW_F:
lbl opaddr,"VM_SHLW_F"
jmp findnext
VM_SHL:
lbl opaddr,"VM_SHL"
jmp findnext
VM_SHL_F:
lbl opaddr,"VM_SHL_F"
jmp findnext
VM_SHLD_F:
lbl opaddr,"VM_SHLD_F"
jmp findnext
VM_SHRB:
lbl opaddr,"VM_SHRB"
jmp findnext
VM_SHRB_F:
lbl opaddr,"VM_SHRB_F"
jmp findnext
VM_SHRW:
lbl opaddr,"VM_SHRW"
jmp findnext
VM_SHRW_F:
lbl opaddr,"VM_SHRW_F"
jmp findnext
VM_SHR:
lbl opaddr,"VM_SHR"
jmp findnext
VM_SHR_F:
lbl opaddr,"VM_SHR_F"
jmp findnext
VM_SHRD_F:
lbl opaddr,"VM_SHRD_F"
jmp findnext
VM_MOVB_S1_CS1:
lbl opaddr,"VM_MOVB_S1_CS1"
jmp findnext
VM_MOVB_S1_DS1:
lbl opaddr,"VM_MOVB_S1_DS1"
jmp findnext
VM_MOVB_S1_ES1:
lbl opaddr,"VM_MOVB_S1_ES1"
jmp findnext
VM_MOVB_S1_FS1:
lbl opaddr,"VM_MOVB_S1_FS1"
jmp findnext
VM_MOVB_S1_GS1:
lbl opaddr,"VM_MOVB_S1_GS1"
jmp findnext
VM_MOVB_S1_SS1:
lbl opaddr,"VM_MOVB_S1_SS1"
jmp findnext
VM_MOVW_S1_CS1:
lbl opaddr,"VM_MOVW_S1_CS1"
jmp findnext
VM_MOVW_S1_DS1:
lbl opaddr,"VM_MOVW_S1_DS1"
jmp findnext
VM_MOVW_S1_ES1:
lbl opaddr,"VM_MOVW_S1_ES1"
jmp findnext
VM_MOVW_S1_FS1:
lbl opaddr,"VM_MOVW_S1_FS1"
jmp findnext
VM_MOVW_S1_GS1:
lbl opaddr,"VM_MOVW_S1_GS1"
jmp findnext
VM_MOVW_S1_SS1:
lbl opaddr,"VM_MOVW_S1_SS1"
jmp findnext
VM_MOV_S1_CS1:
lbl opaddr,"VM_MOV_S1_CS1"
jmp findnext
VM_MOV_S1_DS1:
lbl opaddr,"VM_MOV_S1_DS1"
jmp findnext
VM_MOV_S1_ES1:
lbl opaddr,"VM_MOV_S1_ES1"
jmp findnext
VM_MOV_S1_FS1:
lbl opaddr,"VM_MOV_S1_FS1"
jmp findnext
VM_MOV_S1_GS1:
lbl opaddr,"VM_MOV_S1_GS1"
jmp findnext
VM_MOV_S1_SS1:
lbl opaddr,"VM_MOV_S1_SS1"
jmp findnext
VM_MOVB_CS1_S2:
lbl opaddr,"VM_MOVB_CS1_S2"
jmp findnext
VM_MOVB_DS1_S2:
lbl opaddr,"VM_MOVB_DS1_S2"
jmp findnext
VM_MOVB_ES1_S2:
lbl opaddr,"VM_MOVB_ES1_S2"
jmp findnext
VM_MOVB_FS1_S2:
lbl opaddr,"VM_MOVB_FS1_S2"
jmp findnext
VM_MOVB_GS1_S2:
lbl opaddr,"VM_MOVB_GS1_S2"
jmp findnext
VM_MOVB_SS1_S2:
lbl opaddr,"VM_MOVB_SS1_S2"
jmp findnext
VM_MOVW_CS1_S2:
lbl opaddr,"VM_MOVW_CS1_S2"
jmp findnext
VM_MOVW_DS1_S2:
lbl opaddr,"VM_MOVW_DS1_S2"
jmp findnext
VM_MOVW_ES1_S2:
lbl opaddr,"VM_MOVW_ES1_S2"
jmp findnext
VM_MOVW_FS1_S2:
lbl opaddr,"VM_MOVW_FS1_S2"
jmp findnext
VM_MOVW_GS1_S2:
lbl opaddr,"VM_MOVW_GS1_S2"
jmp findnext
VM_MOVW_SS1_S2:
lbl opaddr,"VM_MOVW_SS1_S2"
jmp findnext
VM_MOV_CS1_S2:
lbl opaddr,"VM_MOV_CS1_S2"
jmp findnext
VM_MOV_DS1_S2:
lbl opaddr,"VM_MOV_DS1_S2"
jmp findnext
VM_MOV_ES1_S2:
lbl opaddr,"VM_MOV_ES1_S2"
jmp findnext
VM_MOV_FS1_S2:
lbl opaddr,"VM_MOV_FS1_S2"
jmp findnext
VM_MOV_GS1_S2:
lbl opaddr,"VM_MOV_GS1_S2"
jmp findnext
VM_MOV_SS1_S2:
lbl opaddr,"VM_MOV_SS1_S2"
jmp findnext
VM_PUSH_SP:
lbl opaddr,"VM_PUSH_SP"
jmp findnext
VM_PUSH_ESP:
lbl opaddr,"VM_PUSH_ESP"
jmp findnext
VM_POP_SP:
lbl opaddr,"VM_POP_SP"
jmp findnext
VM_POP_ESP:
lbl opaddr,"VM_POP_ESP"
jmp findnext
VM_POP_AX:
lbl opaddr,"VM_POP_AX"
jmp findnext
VM_POP_EAX:
lbl opaddr,"VM_POP_EAX"
jmp findnext
VM_POP_CX:
lbl opaddr,"VM_POP_CX"
jmp findnext
VM_POP_ECX:
lbl opaddr,"VM_POP_ECX"
jmp findnext
VM_POP_DX:
lbl opaddr,"VM_POP_DX"
jmp findnext
VM_POP_EDX:
lbl opaddr,"VM_POP_EDX"
jmp findnext
VM_PUSH_CR0:
lbl opaddr,"VM_PUSH_CR0"
jmp findnext
VM_PUSH_CR1:
lbl opaddr,"VM_PUSH_CR1"
jmp findnext
VM_PUSH_CR2:
lbl opaddr,"VM_PUSH_CR2"
jmp findnext
VM_PUSH_CR3:
lbl opaddr,"VM_PUSH_CR3"
jmp findnext
VM_PUSH_CR4:
lbl opaddr,"VM_PUSH_CR4"
jmp findnext
VM_PUSH_CR5:
lbl opaddr,"VM_PUSH_CR5"
jmp findnext
VM_PUSH_CR6:
lbl opaddr,"VM_PUSH_CR6"
jmp findnext
VM_PUSH_CR7:
lbl opaddr,"VM_PUSH_CR7"
jmp findnext
VM_PUSH_DR0:
lbl opaddr,"VM_PUSH_DR0"
jmp findnext
VM_PUSH_DR1:
lbl opaddr,"VM_PUSH_DR1"
jmp findnext
VM_PUSH_DR2:
lbl opaddr,"VM_PUSH_DR2"
jmp findnext
VM_PUSH_DR3:
lbl opaddr,"VM_PUSH_DR3"
jmp findnext
VM_PUSH_DR4:
lbl opaddr,"VM_PUSH_DR4"
jmp findnext
VM_PUSH_DR5:
lbl opaddr,"VM_PUSH_DR5"
jmp findnext
VM_PUSH_DR6:
lbl opaddr,"VM_PUSH_DR6"
jmp findnext
VM_PUSH_DR7:
lbl opaddr,"VM_PUSH_DR7"
jmp findnext
VM_POP_CR0:
lbl opaddr,"VM_POP_CR0"
jmp findnext
VM_POP_CR1:
lbl opaddr,"VM_POP_CR1"
jmp findnext
VM_POP_CR2:
lbl opaddr,"VM_POP_CR2"
jmp findnext
VM_POP_CR3:
lbl opaddr,"VM_POP_CR3"
jmp findnext
VM_POP_CR4:
lbl opaddr,"VM_POP_CR4"
jmp findnext
VM_POP_CR5:
lbl opaddr,"VM_POP_CR5"
jmp findnext
VM_POP_CR6:
lbl opaddr,"VM_POP_CR6"
jmp findnext
VM_POP_CR7:
lbl opaddr,"VM_POP_CR7"
jmp findnext
VM_POP_DR0:
lbl opaddr,"VM_POP_DR0"
jmp findnext
VM_POP_DR1:
lbl opaddr,"VM_POP_DR1"
jmp findnext
VM_POP_DR2:
lbl opaddr,"VM_POP_DR2"
jmp findnext
VM_POP_DR3:
lbl opaddr,"VM_POP_DR3"
jmp findnext
VM_POP_DR4:
lbl opaddr,"VM_POP_DR4"
jmp findnext
VM_POP_DR5:
lbl opaddr,"VM_POP_DR5"
jmp findnext
VM_POP_DR6:
lbl opaddr,"VM_POP_DR6"
jmp findnext
VM_POP_DR7:
lbl opaddr,"VM_POP_DR7"
jmp findnext
VM_PUSH_CS:
lbl opaddr,"VM_PUSH_CS"
jmp findnext
VM_PUSH_DS:
lbl opaddr,"VM_PUSH_DS"
jmp findnext
VM_PUSH_ES:
lbl opaddr,"VM_PUSH_ES"
jmp findnext
VM_PUSH_FS:
lbl opaddr,"VM_PUSH_FS"
jmp findnext
VM_PUSH_GS:
lbl opaddr,"VM_PUSH_GS"
jmp findnext
VM_PUSH_SS:
lbl opaddr,"VM_PUSH_SS"
jmp findnext
VM_POP_DS:
lbl opaddr,"VM_POP_DS"
jmp findnext
VM_POP_ES:
lbl opaddr,"VM_POP_ES"
jmp findnext
VM_POP_FS:
lbl opaddr,"VM_POP_FS"
jmp findnext
VM_POP_GS:
lbl opaddr,"VM_POP_GS"
jmp findnext
VM_POP_SS:
lbl opaddr,"VM_POP_SS"
jmp findnext
VM_PUSH_CTXB0:
lbl opaddr,"VM_PUSH_CTXB0"
jmp findnext
VM_PUSH_CTXB1:
lbl opaddr,"VM_PUSH_CTXB1"
jmp findnext
VM_PUSH_CTXW:
lbl opaddr,"VM_PUSH_CTXW"
jmp findnext
VM_PUSH_CTX:
lbl opaddr,"VM_PUSH_CTX"
jmp findnext
VM_POP_CTXB0:
lbl opaddr,"VM_POP_CTXB0"
jmp findnext
VM_POP_CTXB1:
lbl opaddr,"VM_POP_CTXB1"
jmp findnext
VM_POP_CTXW:
lbl opaddr,"VM_POP_CTXW"
jmp findnext
VM_POP_CTX:
lbl opaddr,"VM_POP_CTX"
jmp findnext
VM_PUSH_IMM8:
lbl opaddr,"VM_PUSH_IMM8"
jmp findnext
VM_PUSH_IMM16:
lbl opaddr,"VM_PUSH_IMM16"
jmp findnext
VM_PUSH_IMM32:
lbl opaddr,"VM_PUSH_IMM32"
jmp findnext
VM_PUSHD_IMM8:
lbl opaddr,"VM_PUSHD_IMM8"
jmp findnext
VM_PUSHD_IMM16:
lbl opaddr,"VM_PUSHD_IMM16"
jmp findnext
VM_NORB:
lbl opaddr,"VM_NORB"
jmp findnext
VM_NORB_F:
lbl opaddr,"VM_NORB_F"
jmp findnext
VM_NORW:
lbl opaddr,"VM_NORW"
jmp findnext
VM_NORW_F:
lbl opaddr,"VM_NORW_F"
jmp findnext
VM_NOR:
lbl opaddr,"VM_NOR"
jmp findnext
VM_NOR_F:
lbl opaddr,"VM_NOR_F"
jmp findnext
VM_WAIT:
lbl opaddr,"VM_WAIT"
jmp findnext
VM_JMP:
lbl opaddr,"VM_JMP"
jmp findnext
VM_RETN:
lbl opaddr,"VM_RETN"
jmp findnext
VM_RETF:
lbl opaddr,"VM_RETF"
jmp findnext
VM_F2XM1:
lbl opaddr,"VM_F2XM1"
jmp findnext
VM_FABS:
lbl opaddr,"VM_FABS"
jmp findnext
VM_FADD:
lbl opaddr,"VM_FADD"
jmp findnext
VM_FADDQ:
lbl opaddr,"VM_FADDQ"
jmp findnext
VM_FCHS:
lbl opaddr,"VM_FCHS"
jmp findnext
VM_FCLEX:
lbl opaddr,"VM_FCLEX"
jmp findnext
VM_FCOMP:
lbl opaddr,"VM_FCOMP"
jmp findnext
VM_FCOMPQ:
lbl opaddr,"VM_FCOMPQ"
jmp findnext
VM_FCOS:
lbl opaddr,"VM_FCOS"
jmp findnext
VM_FDECSTP:
lbl opaddr,"VM_FDECSTP"
jmp findnext
VM_FDIV:
lbl opaddr,"VM_FDIV"
jmp findnext
VM_FDIVQ:
lbl opaddr,"VM_FDIVQ"
jmp findnext
VM_FILD:
lbl opaddr,"VM_FILD"
jmp findnext
VM_FILDQ:
lbl opaddr,"VM_FILDQ"
jmp findnext
VM_FINCSTP:
lbl opaddr,"VM_FINCSTP"
jmp findnext
VM_FINIT:
lbl opaddr,"VM_FINIT"
jmp findnext
VM_FISTP:
lbl opaddr,"VM_FISTP"
jmp findnext
VM_FISTPQ:
lbl opaddr,"VM_FISTPQ"
jmp findnext
VM_FISTPW:
lbl opaddr,"VM_FISTPW"
jmp findnext
VM_FISUB:
lbl opaddr,"VM_FISUB"
jmp findnext
VM_FISUBW:
lbl opaddr,"VM_FISUBW"
jmp findnext
VM_FLD:
lbl opaddr,"VM_FLD"
jmp findnext
VM_FLDQ:
lbl opaddr,"VM_FLDQ"
jmp findnext
VM_FLDT:
lbl opaddr,"VM_FLDT"
jmp findnext
VM_FLD1:
lbl opaddr,"VM_FLD1"
jmp findnext
VM_FLDCW:
lbl opaddr,"VM_FLDCW"
jmp findnext
VM_FLDLG2:
lbl opaddr,"VM_FLDLG2"
jmp findnext
VM_FLDLN2:
lbl opaddr,"VM_FLDLN2"
jmp findnext
VM_FLDPI:
lbl opaddr,"VM_FLDPI"
jmp findnext
VM_FLDZ:
lbl opaddr,"VM_FLDZ"
jmp findnext
VM_FMUL:
lbl opaddr,"VM_FMUL"
jmp findnext
VM_FMULQ:
lbl opaddr,"VM_FMULQ"
jmp findnext
VM_FPATAN:
lbl opaddr,"VM_FPATAN"
jmp findnext
VM_FPREM:
lbl opaddr,"VM_FPREM"
jmp findnext
VM_FPREM1:
lbl opaddr,"VM_FPREM1"
jmp findnext
VM_FPTAN:
lbl opaddr,"VM_FPTAN"
jmp findnext
VM_FRNDINT:
lbl opaddr,"VM_FRNDINT"
jmp findnext
VM_FSIN:
lbl opaddr,"VM_FSIN"
jmp findnext
VM_FSQRT:
lbl opaddr,"VM_FSQRT"
jmp findnext
VM_FST:
lbl opaddr,"VM_FST"
jmp findnext
VM_FSTQ:
lbl opaddr,"VM_FSTQ"
jmp findnext
VM_FSTCW:
lbl opaddr,"VM_FSTCW"
jmp findnext
VM_FSTP:
lbl opaddr,"VM_FSTP"
jmp findnext
VM_FSTPQ:
lbl opaddr,"VM_FSTPQ"
jmp findnext
VM_FSTPT:
lbl opaddr,"VM_FSTPT"
jmp findnext
VM_FSTSW:
lbl opaddr,"VM_FSTSW"
jmp findnext
VM_FSUB:
lbl opaddr,"VM_FSUB"
jmp findnext
VM_FSUBQ:
lbl opaddr,"VM_FSUBQ"
jmp findnext
VM_FSUBR:
lbl opaddr,"VM_FSUBR"
jmp findnext
VM_FSUBRQ:
lbl opaddr,"VM_FSUBRQ"
jmp findnext
VM_FTST:
lbl opaddr,"VM_FTST"
jmp findnext
VM_FYL2X:
lbl opaddr,"VM_FYL2X"
jmp findnext
// ************************************************************************************************************************
findnext:
add optbl,4
inc opcnt
cmp opcnt,100
jne findop
itoa findcnt,10.
eval "Find {$RESULT} VM Opcode."
log $RESULT,""
msg $RESULT
jmp end
error:
msg "出错了!@#$%^&*"
pause
end:
ret 这脚本不错...可能多少对VM过的程序有点效果,等下测试一下看看~~~ 高手要编一个通用脚本好了。 好贴顶起来,人气聚起来
页:
[1]