[Python] 纯文本查看 复制代码
'VM_PushRealStackTop32':['mov eax, dword ptr [esp]','sub ebp, 4','mov dword ptr [ebp], eax'] 压入esp指向的值到栈上
'VM_PopR32':['movsx eax, byte ptr [esi]','mov edx, dword ptr [ebp]','add ebp, 4','mov dword ptr [edi + eax], edx'] 将32位的值弹到寄存器上
'VM_Add32':['mov eax, dword ptr [ebp]','add ebp, 4','add dword ptr [ebp], eax'] 将栈上的两个值相加
'VM_PushR16':['movsx eax, byte ptr [esi]','mov ax, word ptr [edi + eax]','mov word ptr [ebp], ax'] 压入16位的寄存器值
'VM_ExecRealInst':['mov dword ptr [esp - 4], esi','push dword ptr [edi]','popfd','ret'] 退出虚拟机,执行未虚拟化的代码
'VM_PopSp':['mov eax, dword ptr [ebp]','mov ebp, eax'] 设置vm_esp的值
'VM_PushStackTop32':['mov eax, dword ptr [ebp]','sub ebp, 4','mov dword ptr [ebp], eax'] 将栈上的值再次压入栈
'VM_PushI8':['mov al, byte ptr [esi]','sub ebp, 1','mov byte ptr [ebp], al'] 压入8位立即数
'VM_Nop':[] 无操作
'VM_Popfd':['pushfd','pop dword ptr [edi]'] 将真实flag寄存器压入虚拟机的flag寄存器中
'VM_Extend16To32':['movzx eax, word ptr [ebp]','sub ebp, 2','mov dword ptr [ebp], eax'] 将16位值扩展成32位
'VM_PushI16':['mov ax, word ptr [esi]','sub ebp, 2','mov word ptr [ebp], ax'] 压入16位立即数
'VM_Nor32':['mov edx, dword ptr [ebp + 4]','not eax','not edx','add ebp, 4','and eax, edx','mov dword ptr [ebp], eax'] 将栈上两个值nor
'VM_PopRealfd':['push dword ptr [edi]','popfd'] 将虚拟机的flag弹出到真实的寄存器
'VM_Retn':['push dword ptr [edi]','popfd','ret'] 退出虚拟机
'VM_Shr32':['mov ecx, dword ptr [ebp]','mov eax, dword ptr [ebp + 4]','shr eax, cl','add ebp, 4','mov dword ptr [ebp], eax'] 右移
'VM_PushI32':['mov eax, dword ptr [esi]','sub ebp, 4','mov dword ptr [ebp], eax'] 压入32位的立即数
'VM_ShortJMP':['mov edx, dword ptr [esi]','imul edx','add esi, edx'] 短跳转
'VM_ReadDs16':['mov eax, dword ptr [ebp]','mov ax, word ptr [eax]','mov word ptr [ebp], ax'] 读16位内存值
'VM_CALL':['push dword ptr [ebp]','pop dword ptr [ebp - 4]','lea esp, dword ptr [ebp + 4]','push dword ptr [esi]','ret'] 退出虚拟机,函数调用
'VM_ReadDs8':['mov eax, dword ptr [ebp]','mov al, byte ptr [eax]','mov byte ptr [ebp], al'] 读8位内存值
'VM_Neg_':['mov eax, dword ptr [ebp]','neg eax','inc eax','mov dword ptr [ebp], eax'] 求补码后+1
'VM_Imul32':['mov eax, dword ptr [ebp + 4]','mov edx, dword ptr [ebp]','imul edx','mov dword ptr [ebp + 4], eax','mov dword ptr [ebp], edx'] 将栈上两个值mul
'VM_JMP':['movzx eax, byte ptr [ebp]','add ebp, 4','mov esi, dword ptr [ebp + eax*4]','add ebp, 8'] 根据标志位进行跳转
'VM_PopR16':['mov dx, word ptr [ebp]','add ebp, 2','mov word ptr [edi + eax], dx'] 将16位的值弹到寄存器上
'VM_AddSp':['movzx eax, word ptr [esi]','add ebp, eax'] 调整栈指针
'VM_Sub32':['mov eax, dword ptr [ebp]','add ebp, 4','sub dword ptr [ebp], eax'] 将栈上两个值sub
'VM_WriteDs32':['mov eax, dword ptr [ebp]','mov edx, dword ptr [ebp + 4]','mov dword ptr [eax], edx'] 写32位内存
'VM_WriteDs8':['mov eax, dword ptr [ebp]','mov dl, byte ptr [ebp + 4]','mov byte ptr [eax], dl'] 写8位内存
'VM_PushR32':['movsx eax, byte ptr [esi]','mov eax, dword ptr [edi + eax]','sub ebp, 4','mov dword ptr [ebp], eax'] 压入32位的寄存器值
'VM_WriteDs16':['mov eax, dword ptr [ebp]','mov dx, word ptr [ebp + 4]','mov word ptr [eax], dx'] 写16位内存
'VM_PopR8':['mov dl, byte ptr [ebp]','add ebp, 1','mov byte ptr [edi + eax], dl'] 将8位的值弹到寄存器上
'VM_ReadDs32':['mov eax, dword ptr [ebp]','mov eax, dword ptr [eax]','mov dword ptr [ebp], eax'] 读32位内存值
'VM_PushR8':['movsx eax, byte ptr [esi]','add esi, 1','mov al, byte ptr [edi + eax]','sub ebp, 1','mov byte ptr [ebp], al'] 压入8位的寄存器值
'VM_GetAddESP':['movzx eax, byte ptr [esi]','lea eax, dword ptr [ebp + eax]','sub ebp, 4','mov dword ptr [ebp], eax'] 获取esp+某个立即数后的值
'VM_Neg':['mov eax, dword ptr [ebp]','neg eax','mov dword ptr [ebp], eax'] 求补码
'VM_Extend8To32':['movsx eax, byte ptr [ebp]','sub ebp, 3','mov dword ptr [ebp], eax'] 将8位值扩展成32位
[复制链接]
发表于 2018-12-31 17:49
![P%BGM4ZDEFH64Y]48GE4`76.png](https://attach.52pojie.cn/forum/201812/31/173839uvtmhhammj033jvf.png "P%BGM4ZDEFH64Y]48GE4`76.png")
