山寨版fakevmp(更新0.5)
本帖最后由 ximo 于 2010-11-27 10:08 编辑话说nooby发布了fkvmp,我这垃圾玩意也就不藏着掖着了。
nn的是纯静态解析的,效率很高,识别率也很高,非常强大,只能膜拜;
我这个是动态的,效率不咋的,识别也有可能出错。。。能力有限,只能这样。
所以,我这个虽然叫山寨版,不过离nn的原版差距还很大,纯属我自娱自乐而已。
更新日志:
11.22
更新一个链表的具大错误,同时新增爆破点的分析,用Maybe a crackpoint标注出来了,分析的可能有错误,请自行判断,仅做参考。
说明下:如果自动识别出错的话,请选择自定义模式,手动填写LoadOpcode地址和JMP Handler的地址。
生成的日志格式如下:
vm.eip:00415ec1 handler:0041073a VM_SetR32 vm.stack:00000000
vm.eip:00415ec2 handler:00410476 VM_GetI32 vm.stack:12770504
vm.eip:00415ec7 handler:0041301a VM_Add32 vm.stack:eda046e4
vm.eip:00415ec8 handler:0041073a VM_SetR32 vm.stack:00000207
vm.eip:00415ec9 handler:0041073a VM_SetR32 vm.stack:00174be8
vm.eip:00415eca handler:0041073a VM_SetR32 vm.stack:000806e8
vm.eip:00415ecb handler:0041073a VM_SetR32 vm.stack:00000000
vm.eip:00415ecc handler:0041073a VM_SetR32 vm.stack:00000000
vm.eip:00415ecd handler:0041073a VM_SetR32 vm.stack:0012fa74
vm.eip:00415ece handler:0041073a VM_SetR32 vm.stack:004016f0
vm.eip:00415ecf handler:0041073a VM_SetR32 vm.stack:0012fa58
vm.eip:00415ed0 handler:0041073a VM_SetR32 vm.stack:0012fa58
vm.eip:00415ed1 handler:0041073a VM_SetR32 vm.stack:00000246
vm.eip:00415ed2 handler:0041073a VM_SetR32 vm.stack:00000022
vm.eip:00415ed3 handler:0041073a VM_SetR32 vm.stack:db59a3a0
vm.eip:00415ed4 handler:0041073a VM_SetR32 vm.stack:40c1c8d9
vm.eip:00415ed5 handler:004130ec VM_GetR32 vm.stack:0040175e
vm.eip:00415ed6 handler:004130ec VM_GetR32 vm.stack:00000246
vm.eip:00415ed7 handler:004130ec VM_GetR32 vm.stack:0012fa58
vm.eip:00415ed8 handler:004130ec VM_GetR32 vm.stack:00000000
vm.eip:00415ed9 handler:004130ec VM_GetR32 vm.stack:00000022
vm.eip:00415eda handler:004106f0 VM_GetI8To32 vm.stack:00000000
vm.eip:00415edc handler:0041073a VM_SetR32 vm.stack:00000001
vm.eip:00415edd handler:004130ec VM_GetR32 vm.stack:00000000
vm.eip:00415ede handler:004129ed VM_Cpuid vm.stack:00000001
vm.eip:00415edf handler:0041073a VM_SetR32 vm.stack:bfebfbff
vm.eip:00415ee0 handler:0041073a VM_SetR32 vm.stack:0000e3bd
vm.eip:00415ee1 handler:0041073a VM_SetR32 vm.stack:01020800
vm.eip:00415ee2 handler:0041073a VM_SetR32 vm.stack:000006f6
...省略
vm.eip:0041604b handler:0041301a VM_Add32 vm.stack:00000000-------------------------------Maybe a CrackPoint
vm.eip:0041604c handler:0041073a VM_SetR32 vm.stack:00000202
vm.eip:0041604d handler:00413249 VM_RmSs32 vm.stack:0012f9f4
vm.eip:0041604e handler:0041073a VM_SetR32 vm.stack:b58f43a4
vm.eip:0041604f handler:0041073a VM_SetR32 vm.stack:b58f43a4
vm.eip:00416050 handler:0041073a VM_SetR32 vm.stack:b58f5fe4
vm.eip:00416051 handler:004130ec VM_GetR32 vm.stack:00000000
vm.eip:00416052 handler:0041351f VM_GetEsp vm.stack:b58f43a4
vm.eip:00416053 handler:00413249 VM_RmSs32 vm.stack:0012f9f8
vm.eip:00416054 handler:0041073a VM_SetR32 vm.stack:b58f43a4
vm.eip:00416055 handler:0041351f VM_GetEsp vm.stack:b58f43a4
vm.eip:00416056 handler:00413249 VM_RmSs32 vm.stack:0012f9f8
vm.eip:00416057 handler:00411273 VM_Nor32 vm.stack:b58f43a4
vm.eip:00416058 handler:0041073a VM_SetR32 vm.stack:00000202
vm.eip:00416059 handler:00410476 VM_GetI32 vm.stack:4a70bc5b
vm.eip:0041605e handler:00411273 VM_Nor32 vm.stack:4a301c2b
vm.eip:0041605f handler:0041073a VM_SetR32 vm.stack:00000286
vm.eip:00416060 handler:004130ec VM_GetR32 vm.stack:b58f4384
vm.eip:00416061 handler:00410476 VM_GetI32 vm.stack:b58f43a4
vm.eip:00416066 handler:00411273 VM_Nor32 vm.stack:b5cfe3d4
vm.eip:00416067 handler:0041073a VM_SetR32 vm.stack:00000202
vm.eip:00416068 handler:00411273 VM_Nor32 vm.stack:4a301c0b
vm.eip:00416069 handler:0041073a VM_SetR32 vm.stack:00000202
vm.eip:0041606a handler:0041073a VM_SetR32 vm.stack:0040a070
vm.eip:0041606b handler:004130ec VM_GetR32 vm.stack:00000000
vm.eip:0041606c handler:004130ec VM_GetR32 vm.stack:83ab5751
vm.eip:0041606d handler:004130ec VM_GetR32 vm.stack:00000202
vm.eip:0041606e handler:004130ec VM_GetR32 vm.stack:83ab5751
vm.eip:0041606f handler:004130ec VM_GetR32 vm.stack:00000000
vm.eip:00416070 handler:004130ec VM_GetR32 vm.stack:000806e8
vm.eip:00416071 handler:004130ec VM_GetR32 vm.stack:00000246
vm.eip:00416072 handler:004130ec VM_GetR32 vm.stack:004016f0
vm.eip:00416073 handler:004130ec VM_GetR32 vm.stack:3a5cdf64
vm.eip:00416074 handler:004130ec VM_GetR32 vm.stack:83ab5751
vm.eip:00416075 handler:004130ec VM_GetR32 vm.stack:3a5cdf64
vm.eip:00416076 handler:004130ec VM_GetR32 vm.stack:0012fa74
vm.eip:00416077 handler:00410476 VM_GetI32 vm.stack:00174be8
vm.eip:0041607c handler:0041301a VM_Add32 vm.stack:125fb91c
vm.eip:0041607d handler:0041073a VM_SetR32 vm.stack:00000212
vm.eip:0041607e handler:004130ec VM_GetR32 vm.stack:12770504
vm.eip:0041607f handler:004130ec VM_GetR32 vm.stack:00000000
vm.eip:00416080 handler:0041029e VM_SetEip vm.stack:0040a070
vm.eip:0040a072 handler:00410476 VM_GetI32 vm.stack:12770504
vm.eip:0040a077 handler:0041301a VM_Add32 vm.stack:eda046e4
vm.eip:0040a078 handler:0041073a VM_SetR32 vm.stack:00000207
vm.eip:0040a079 handler:0041073a VM_SetR32 vm.stack:00174be8
vm.eip:0040a07a handler:0041073a VM_SetR32 vm.stack:0012fa74
vm.eip:0040a07b handler:0041073a VM_SetR32 vm.stack:3a5cdf64
vm.eip:0040a07c handler:0041073a VM_SetR32 vm.stack:83ab5751
vm.eip:0040a07d handler:0041073a VM_SetR32 vm.stack:3a5cdf64
vm.eip:0040a07e handler:0041073a VM_SetR32 vm.stack:004016f0
vm.eip:0040a07f handler:0041073a VM_SetR32 vm.stack:00000246
vm.eip:0040a080 handler:0041073a VM_SetR32 vm.stack:000806e8
vm.eip:0040a081 handler:0041073a VM_SetR32 vm.stack:00000000
vm.eip:0040a082 handler:0041073a VM_SetR32 vm.stack:83ab5751
vm.eip:0040a083 handler:004130ec VM_GetR32 vm.stack:00000202
vm.eip:0040a084 handler:004130ec VM_GetR32 vm.stack:83ab5751
vm.eip:0040a085 handler:00411273 VM_Nor32 vm.stack:83ab5751
vm.eip:0040a086 handler:0041073a VM_SetR32 vm.stack:00000202
vm.eip:0040a087 handler:00410476 VM_GetI32 vm.stack:7c54a8ae
vm.eip:0040a08c handler:00411273 VM_Nor32 vm.stack:4a301c2b
vm.eip:0040a08d handler:0041073a VM_SetR32 vm.stack:00000286
vm.eip:0040a08e handler:004130ec VM_GetR32 vm.stack:818b4350
vm.eip:0040a08f handler:00410476 VM_GetI32 vm.stack:83ab5751
vm.eip:0040a094 handler:00411273 VM_Nor32 vm.stack:b5cfe3d4
vm.eip:0040a095 handler:0041073a VM_SetR32 vm.stack:00000202
vm.eip:0040a096 handler:00411273 VM_Nor32 vm.stack:4810082a
vm.eip:0040a097 handler:0041073a VM_SetR32 vm.stack:00000202
vm.eip:0040a098 handler:0041073a VM_SetR32 vm.stack:3664b485
vm.eip:0040a099 handler:0041073a VM_SetR32 vm.stack:00000202
vm.eip:0040a09a handler:0041073a VM_SetR32 vm.stack:83ab5751
vm.eip:0040a09b handler:0041073a VM_SetR32 vm.stack:00000000
vm.eip:0040a09c handler:0041073a VM_SetR32 vm.stack:00000022
vm.eip:0040a09d handler:0041073a VM_SetR32 vm.stack:00000000
vm.eip:0040a09e handler:0041073a VM_SetR32 vm.stack:0012fa58
vm.eip:0040a09f handler:0041073a VM_SetR32 vm.stack:00000246
vm.eip:0040a0a0 handler:004130ec VM_GetR32 vm.stack:0040175e
vm.eip:0040a0a1 handler:0041351f VM_GetEsp vm.stack:00000246
vm.eip:0040a0a2 handler:00413249 VM_RmSs32 vm.stack:0012fa0c
vm.eip:0040a0a3 handler:00411273 VM_Nor32 vm.stack:00000246
vm.eip:0040a0a4 handler:0041073a VM_SetR32 vm.stack:00000282
vm.eip:0040a0a5 handler:00412fec VM_GetI16To32 vm.stack:fffffdb9
vm.eip:0040a0a8 handler:00411273 VM_Nor32 vm.stack:000008ff
vm.eip:0040a0a9 handler:0041073a VM_SetR32 vm.stack:00000206
vm.eip:0040a0aa handler:0041120e VM_Popfd vm.stack:00000200
vm.eip:0040a0ab handler:004130ec VM_GetR32 vm.stack:0040175e
vm.eip:0040a0ac handler:004130ec VM_GetR32 vm.stack:0012fa58
vm.eip:0040a0ad handler:004130ec VM_GetR32 vm.stack:00000000
vm.eip:0040a0ae handler:004130ec VM_GetR32 vm.stack:00000022
vm.eip:0040a0af handler:004106f0 VM_GetI8To32 vm.stack:00000000
vm.eip:0040a0b1 handler:0041351f VM_GetEsp vm.stack:00000014
vm.eip:0040a0b2 handler:0041301a VM_Add32 vm.stack:0012f9fc
vm.eip:0040a0b3 handler:0041073a VM_SetR32 vm.stack:00000212
vm.eip:0040a0b4 handler:004130ec VM_GetR32 vm.stack:0012fa10
vm.eip:0040a0b5 handler:004130ec VM_GetR32 vm.stack:0012fa74
vm.eip:0040a0b6 handler:004130ec VM_GetR32 vm.stack:004016f0
vm.eip:0040a0b7 handler:004106f0 VM_GetI8To32 vm.stack:000806e8
vm.eip:0040a0b9 handler:0041351f VM_GetEsp vm.stack:00000024
vm.eip:0040a0ba handler:004106f0 VM_GetI8To32 vm.stack:0012f9ec
vm.eip:0040a0bc handler:0041301a VM_Add32 vm.stack:00000004-------------------------------Maybe a CrackPoint
vm.eip:0040a0bd handler:0041073a VM_SetR32 vm.stack:00000216
vm.eip:0040a0be handler:0041301a VM_Add32 vm.stack:0012f9f0
vm.eip:0040a0bf handler:0041073a VM_SetR32 vm.stack:00000206
vm.eip:0040a0c0 handler:00413249 VM_RmSs32 vm.stack:0012fa14
vm.eip:0040a0c1 handler:0041073a VM_SetR32 vm.stack:0012fa58
vm.eip:0040a0c2 handler:004130ec VM_GetR32 vm.stack:000806e8
vm.eip:0040a0c3 handler:00410476 VM_GetI32 vm.stack:00000000
vm.eip:0040a0c8 handler:0041301a VM_Add32 vm.stack:00401005
vm.eip:0040a0c9 handler:0041073a VM_SetR32 vm.stack:00000206
vm.eip:0040a0ca handler:004130ec VM_GetR32 vm.stack:00401005
vm.eip:0040a0cb handler:004130ec VM_GetR32 vm.stack:00000022
vm.eip:0040a0cc handler:004130ec VM_GetR32 vm.stack:00000246
vm.eip:0040a0cd handler:004130ec VM_GetR32 vm.stack:3664b485
vm.eip:0040a0ce handler:004130ec VM_GetR32 vm.stack:0012fa58
vm.eip:0040a0cf handler:004130ec VM_GetR32 vm.stack:0012fa58
vm.eip:0040a0d0 handler:004130ec VM_GetR32 vm.stack:0012fa74
vm.eip:0040a0d1 handler:004130ec VM_GetR32 vm.stack:00000000
vm.eip:0040a0d2 handler:004130ec VM_GetR32 vm.stack:00000000
vm.eip:0040a0d3 handler:004130ec VM_GetR32 vm.stack:000806e8
vm.eip:0040a0d4 handler:004130ec VM_GetR32 vm.stack:0012fa58
vm.eip:0040a0d5 handler:00411456 VM_Retn vm.stack:00000022
经济不景气,卖点小钱。。。 卖的太便宜了 膜拜细末大牛 :funk:eweqw呵呵 不错 确实卖的便宜啊 收下了 谢谢 确实便宜了 :lol 也公开了~~~~呱唧呱唧 好东西:victory: 买不起。。先收藏下吧 论坛恢复,礼物不断啊!