Page 3 of 3 FirstFirst 123
Results 31 to 37 of 37

Thread: vm for the masses - a vm compiler incl source

  1. #31
    undefined
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    27
    maybe you can help me with this 0rp: im just trying to develop my own little grammar to play around with, but the scanner and parser generated use wchar_t* everywhere instead of char*. i saw your scanner and parser use just char *. is there any way on how to tell the coco to use char* instead of wchar_t? its driving me nuts cause every time i change something in the grammar and i have to regenerate the parser and scanner i have to manually edit all the files...
    -------
    nothing
    -------

  2. #32
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,204
    Blog Entries
    5
    Quote Originally Posted by b3n
    why did you decide to create a final binary version of the input program instead of letting the vm execute the vm instructions during runtime as kind of an interpreter? if you have a binary version of the input program, what do you need the vm for?
    Quote Originally Posted by 0rp
    bc you can easy replace the static number of opcodes by own hacked opcodes and do whatever you want
    Well, sure, but in the case of building a normal binary like this, you lose the entire idea of people not being able to analyze the code statically with any tool they like, not to mention creating a simple IDC script that marks up all these sequences into their corresponding VM instruction (or even dumps the entire original script to a text file). (and yes, a much more advanced IDC script could do this even if you do it in VM code, but that's much harder, and again, exactly what is the reason/advantage with a VM in the first place with this method?)

    And I really don't want to be rude or anything, I just wanted to check if I missed something here, just like b3n?
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  3. #33
    undefined
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    27
    i think you got more to the point than me dELTA
    -------
    nothing
    -------

  4. #34
    its using vmregs or a vmstack, so i would still call it a vm, or whats the definition of a vm?



    as i said, it was a vm like you mean in some early version:

    http://woodmann.com/forum/attachment.php?attachmentid=1531&d=1166647623

    opcodes were much bigger and generic, and there was an array of vminstructions that were in fact the params for those generic opcodes

    an opcode looked like this:

    Code:
    0040D0EE    8B6B 24         mov     ebp, dword ptr ds:[ebx+24]
    0040D0F1    036B 14         add     ebp, dword ptr ds:[ebx+14]
    0040D0F4    8D75 6C         lea     esi, dword ptr ss:[ebp+6C]
    0040D0F7    8B06            mov     eax, dword ptr ds:[esi]
    0040D0F9    B9 08000000     mov     ecx, 8
    0040D0FE    8B148E          mov     edx, dword ptr ds:[esi+ecx*4]
    0040D101    3353 28         xor     edx, dword ptr ds:[ebx+28]
    0040D104    0353 14         add     edx, dword ptr ds:[ebx+14]
    0040D107    3302            xor     eax, dword ptr ds:[edx]
    0040D109  ^ E2 F3           loopd   short testcon.0040D0FE
    0040D10B    8943 4C         mov     dword ptr ds:[ebx+4C], eax
    0040D10E    8DB5 90000000   lea     esi, dword ptr ss:[ebp+90]
    0040D114    8B06            mov     eax, dword ptr ds:[esi]
    0040D116    B9 08000000     mov     ecx, 8
    0040D11B    8B148E          mov     edx, dword ptr ds:[esi+ecx*4]
    0040D11E    3353 28         xor     edx, dword ptr ds:[ebx+28]
    0040D121    0353 14         add     edx, dword ptr ds:[ebx+14]
    0040D124    3302            xor     eax, dword ptr ds:[edx]
    0040D126  ^ E2 F3           loopd   short testcon.0040D11B
    0040D128    8943 50         mov     dword ptr ds:[ebx+50], eax
    0040D12B    8B43 4C         mov     eax, dword ptr ds:[ebx+4C]
    0040D12E    8B4B 50         mov     ecx, dword ptr ds:[ebx+50]
    0040D131    890C03          mov     dword ptr ds:[ebx+eax], ecx
    0040D134    8D75 00         lea     esi, dword ptr ss:[ebp]
    0040D137    8B06            mov     eax, dword ptr ds:[esi]
    0040D139    B9 08000000     mov     ecx, 8
    0040D13E    8B148E          mov     edx, dword ptr ds:[esi+ecx*4]
    0040D141    3353 28         xor     edx, dword ptr ds:[ebx+28]
    0040D144    0353 14         add     edx, dword ptr ds:[ebx+14]
    0040D147    3302            xor     eax, dword ptr ds:[edx]
    0040D149  ^ E2 F3           loopd   short testcon.0040D13E
    0040D14B    8943 24         mov     dword ptr ds:[ebx+24], eax
    0040D14E    8D75 48         lea     esi, dword ptr ss:[ebp+48]
    0040D151    8B06            mov     eax, dword ptr ds:[esi]
    0040D153    B9 08000000     mov     ecx, 8
    0040D158    8B148E          mov     edx, dword ptr ds:[esi+ecx*4]
    0040D15B    3353 28         xor     edx, dword ptr ds:[ebx+28]
    0040D15E    0353 14         add     edx, dword ptr ds:[ebx+14]
    0040D161    3302            xor     eax, dword ptr ds:[edx]
    0040D163  ^ E2 F3           loopd   short testcon.0040D158
    0040D165    50              push    eax
    0040D166    8D75 24         lea     esi, dword ptr ss:[ebp+24]
    0040D169    8B06            mov     eax, dword ptr ds:[esi]
    0040D16B    B9 08000000     mov     ecx, 8
    0040D170    8B148E          mov     edx, dword ptr ds:[esi+ecx*4]
    0040D173    3353 28         xor     edx, dword ptr ds:[ebx+28]
    0040D176    0353 14         add     edx, dword ptr ds:[ebx+14]
    0040D179    3302            xor     eax, dword ptr ds:[edx]
    0040D17B  ^ E2 F3           loopd   short testcon.0040D170
    0040D17D    8F43 28         pop     dword ptr ds:[ebx+28]
    0040D180    0343 14         add     eax, dword ptr ds:[ebx+14]
    0040D183    FFE0            jmp     eax



    but again, then you just need to make this basic opcode set patch safe (crcing an backup, or completly remove crcing), thats why i switched to executable instructions, wich are harder to retrieve from the vm, esp. when they are encrypted (yes, i failed here too: http://woodmann.com/forum/attachment.php?attachmentid=1572&d=1170436383)




    b3n: try switching your project to multibyte, or if you use coco, you can change the parser/lexer code templates. they are in parser.frame and scanner.frame

  5. #35
    hello , how we can use this source code to protect a sample app with it's VM ?

  6. #36
    you cant protect x86 code with it. you have to write your secret code with the vm-script language and compile it to vm

    (dont use it for serious business, because its too weak)

  7. #37
    Thank you so much.

Similar Threads

  1. A dongle for the masses?
    By SiGiNT in forum Off Topic
    Replies: 0
    Last Post: September 7th, 2006, 00:30
  2. Question about why a compiler does this sometimes
    By Technomancer in forum The Newbie Forum
    Replies: 4
    Last Post: June 5th, 2006, 22:23
  3. Understanding something about why a compiler does this
    By Technomancer in forum The Newbie Forum
    Replies: 15
    Last Post: May 19th, 2006, 05:39
  4. looking for a VB3 compiler
    By 0ffs3t in forum The Newbie Forum
    Replies: 10
    Last Post: October 31st, 2002, 12:31
  5. InstallSjield compiler
    By karakochev in forum Advanced Reversing and Programming
    Replies: 11
    Last Post: December 9th, 2001, 06:52

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •