Page 1 of 3 123 LastLast
Results 1 to 15 of 37

Thread: vm for the masses - a vm compiler incl source

  1. #1

    vm for the masses - a vm compiler incl source

    hi,

    i have attached the complete sourcecode of a working vm compiler. this compiler was used for the 'impossible crackme' - crackmes

    i have also included a brief explanation of everything

    please keep in mind that this vm underwent some major changes (read the impossible crackme threads), thats why parts of the code are messy and smelly

    p.
    Attached Files Attached Files
    • File Type: zip xm.zip (305.1 KB, 1585 views)

  2. #2

    hm

    Great to see a good public contribution. Thanks orp.

  3. #3
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Thank you Orp

  4. #4
    undefined
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    27
    thanks orp, i was looking for something like this!
    -------
    nothing
    -------

  5. #5
    thank you very much!!
    That's what I'm looking for.
    Crack and unpack is a way to enjoy life.

  6. #6
    FaTaL_PrIdE
    Guest
    Great contribution. Thank you for sharing!

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    I try to compile it with VS6.

    I download msvcr80.dll and msvcp80.dll.
    But opcodetoheader still can't be executed.
    Finally I found it's side-by-side configuration error.
    I installed vcredist_x86.exe.It still cann't run .

    opcodetoheader source isn't included.
    Orp,would you please upload opcodetoheader source code?
    Thanks!!

    Another question:
    What's the BYTE base[] array?
    How does it be generated?
    Last edited by winndy; April 13th, 2007 at 03:17.
    Crack and unpack is a way to enjoy life.

  8. #8
    thx for source i was looking for something like this for long time

    i think its for VC 7


    bye

  9. #9
    hi,

    i have attached the opcodetoheader sources

    the base[] array is the ready-to-use vm-binary-code.
    this whole sourcefile (vmfuncs.cpp) is generated by the backend
    see void Backend::generateCPP()
    Attached Files Attached Files

  10. #10
    Nice stuff 0rp, I'll have a browse through your code later.

    Is there a lot of interest in VM these days? Was mulling over a RECON submission for this year...
    Still here...

  11. #11
    Thank you,Orp.
    I'll take a good study at your code.

    So If we want add more fuctions in vmfuncs.cpp,
    we should write code to generate it.
    Every fuction in vmfuncs.cpp has a different offset.

    And instructions.dat is the base array.
    char* mem points to the randmized data which is writed in base[] later.

    While in compiler.cpp,some base array DWORD are wrote with fuction address or variabal address.
    Code:
    	*(DWORD *)(base + 0) = (DWORD)xm_allocate;
    	*(DWORD *)(base + 4) = (DWORD)xm_free;
    	*(DWORD *)(base + 8) = (DWORD)sprintf;
    	*(DWORD *)(base + 12) = (DWORD)globals;
    	*(DWORD *)(base + 16) = (DWORD)xm_printf;
    	*(DWORD *)(base + 20) = (DWORD)xm_export;
    I'll study it more carefully to understand the blueprint of how VM works.

    BR
    Crack and unpack is a way to enjoy life.

  12. #12
    if you want more functions in vmfuncs.cpp, then you have to put more funcs into your input script (test.txt)

    basically each function has an own startoffset in this base array, but only functions that are exported (__export) get special code, that pushes real stack parameters to the vm stack:

    Code:
    	if (function->containsDeclSpec("export"))
    	{
    		INSTR_BEGIN(ENTER);
    			vmFunction->exportStart = instr;
    		INSTR_END();
    
    		for (int i = 0; i < function->parameters.size(); i++)
    		{
    			MOV_TEMP_CONST(TEMP(1), (10 + i) * 4);
    			ADD(TEMP(1), APPREGS);
    			MOV_TEMP_MEM(TEMP(0), TEMP(1));
    			
    			MOV_MEM_TEMP(ESP, TEMP(0));
    			MOV_TEMP_CONST(TEMP(0), 4);
    			ADD(ESP, TEMP(0));
    		}
    	}



    Code:
    	*(DWORD *)(base + 0) = (DWORD)xm_allocate;
    	*(DWORD *)(base + 4) = (DWORD)xm_free;
    	*(DWORD *)(base + 8) = (DWORD)sprintf;
    .....
    this are required 'imports', that the vm needs to run happily. so if you finally generated a vm and want to start it, you have to write this functionptrs to those vm addresses. its done in compiler just for testing purposes, since the vm gets executed:

    Code:
    	char msg[1024];
    	test(43, msg);
    	info("%s", msg);

  13. #13
    Orp,Thanks for your explanation.

    I'm sorry to trouble you again.
    Coco.exe caused side-by-side configuration error.
    It just donn't work.
    It seems that you rebuild your coco.exe .
    Is your coco source this one:
    Coco/R for C++
    ported and maintained by Markus Löberbauer and Csaba Balazs
    I replaced Coco.exe with the above coco.exe.
    I just got error:
    Coco/R (Jan 15, 2007)
    checking
    FuncCallParams deletable
    Statements deletable
    XM deletable
    LL1 warning in Factor: "(" is start of several alternatives
    LL1 warning in IfElse: "else" is start & successor of deletable structure
    parser -- incomplete or corrupt parser frame file
    I wonder what coco.exe you used.Thanks.

    I just want to compile your xm sourcecode.I didn't expect so much problems.
    Sorry.
    And I think I should turn to VS2005.


    BR
    Last edited by winndy; April 14th, 2007 at 04:13.
    Crack and unpack is a way to enjoy life.

  14. #14
    check the attachment
    i recompiled coco without msvcrt dlls, ive also included its source
    i changed coco a bit to fit my needs

    i also re-enabled a fancy vm feature:

    data MessageBoxA = __export("user32.dll", "MessageBoxA");
    MessageBoxA(0, "oook", "hi", 3);
    Attached Files Attached Files
    • File Type: zip xm.zip (473.6 KB, 718 views)

  15. #15
    That's very kind of you.
    I'll study it.
    You're a great coder and reverser.
    What's more,you are my patient teacher.
    Last edited by winndy; April 14th, 2007 at 05:46.
    Crack and unpack is a way to enjoy life.

Similar Threads

  1. A dongle for the masses?
    By SiGiNT in forum Off Topic
    Replies: 0
    Last Post: September 7th, 2006, 00:30
  2. Question about why a compiler does this sometimes
    By Technomancer in forum The Newbie Forum
    Replies: 4
    Last Post: June 5th, 2006, 22:23
  3. Understanding something about why a compiler does this
    By Technomancer in forum The Newbie Forum
    Replies: 15
    Last Post: May 19th, 2006, 05:39
  4. looking for a VB3 compiler
    By 0ffs3t in forum The Newbie Forum
    Replies: 10
    Last Post: October 31st, 2002, 12:31
  5. InstallSjield compiler
    By karakochev in forum Advanced Reversing and Programming
    Replies: 11
    Last Post: December 9th, 2001, 06:52

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •