能力值:
![]()
(RANK:330 )
|
-
-
2 楼
等你的东西,顺便open source吧。
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
期待...... 
|
能力值:
( LV4,RANK:50 )
|
-
-
4 楼
I'm Waiting...
|
能力值:
( LV12,RANK:250 )
|
-
-
5 楼
多谢版主支持。
我不是计算机出身,写的代码都是想到哪里就写到哪里,边学边写,只重视结果,不重视过程,代码会被高手笑话的(指针一直晕呼呼的,里面的字符串都是本办法,数组弄出来的)。呵呵。如果大家认为这个插件还可以用,我就再仔细把代码好好修饰一下贴出来。
|
能力值:
![]()
(RANK:330 )
|
-
-
6 楼
时间: 23:47:06
--------------------------------------------------------------------------------
序 号 :[跳转表地址]->跳转地址 ||[机器码地址]->机器码:伪指令
第000001条:[0x0040B550]->0x0040B89D||[0x0040BC1D]->0x5b:VM_OP_064
第000002条:[0x0040B5A0]->0x0040B89D||[0x0040BC1E]->0xfb:VM_OP_064
第000003条:[0x0040B560]->0x0040B89D||[0x0040BC1F]->0x97:VM_OP_064
第000004条:[0x0040B5C0]->0x0040B89D||[0x0040BC20]->0x3d:VM_OP_064
第000005条:[0x0040B530]->0x0040B89D||[0x0040BC21]->0xf3:VM_OP_064
第000006条:[0x0040B500]->0x0040B89D||[0x0040BC22]->0x97:VM_OP_064
第000007条:[0x0040B5E0]->0x0040B89D||[0x0040BC23]->0x2b:VM_OP_064
第000008条:[0x0040B580]->0x0040B89D||[0x0040BC24]->0xc5:VM_OP_064
第000009条:[0x0040B5D0]->0x0040B89D||[0x0040BC25]->0x5d:VM_OP_064
第000010条:[0x0040B570]->0x0040B89D||[0x0040BC26]->0x03:VM_OP_064
第000011条:[0x0040B540]->0x0040B89D||[0x0040BC27]->0xd2:VM_OP_064
第000012条:[0x0040B468]->0x0040B9CB||[0x0040BC28]->0x0d:VM_OP_026
第000013条:[0x0040B5A4]->0x0040109B||[0x0040BC29]->0x0e:VM_OP_053
第000014条:[0x0040B670]->0x0040B87F||[0x0040BC2A]->0x98:VM_OP_074
第000015条:[0x0040B520]->0x0040B89D||[0x0040BC2B]->0x67:VM_OP_064
第000016条:[0x0040B488]->0x0040BA66||[0x0040BC2C]->0x56:VM_OP_034
第000017条:[0x0040B660]->0x0040BA26||[0x0040BC2E]->0x97:VM_OP_003
第000018条:[0x0040B520]->0x0040B89D||[0x0040BC2F]->0x3c:VM_OP_064
第000019条:[0x0040B5D8]->0x0040104E||[0x0040BC30]->0x3a:VM_OP_061
第000020条:[0x0040B660]->0x0040BA26||[0x0040BC35]->0xa6:VM_OP_003
第000021条:[0x0040B540]->0x0040B89D||[0x0040BC36]->0x44:VM_OP_064
第000022条:[0x0040B5F0]->0x0040B89D||[0x0040BC37]->0x7a:VM_OP_064
第000023条:[0x0040B444]->0x0040B91F||[0x0040BC38]->0xd7:VM_OP_017
第000024条:[0x0040B7CC]->0x00401077||[0x0040BC3A]->0xcf:VM_OP_038
第000025条:[0x0040B558]->0x00401077||[0x0040BC3C]->0x3b:VM_OP_038
第000026条:[0x0040B56C]->0x0040B9D3||[0x0040BC3E]->0xab:VM_OP_091
第000027条:[0x0040B590]->0x0040B89D||[0x0040BC3F]->0x92:VM_OP_064
第000028条:[0x0040B73C]->0x0040B91F||[0x0040BC40]->0x22:VM_OP_017
第000029条:[0x0040B498]->0x00401077||[0x0040BC42]->0x61:VM_OP_038
第000030条:[0x0040B558]->0x00401077||[0x0040BC44]->0xcf:VM_OP_038
第000031条:[0x0040B56C]->0x0040B9D3||[0x0040BC46]->0x37:VM_OP_091
第000032条:[0x0040B540]->0x0040B89D||[0x0040BC47]->0x70:VM_OP_064
第000033条:[0x0040B51C]->0x0040BA30||[0x0040BC48]->0x64:VM_OP_010
第000034条:[0x0040B468]->0x0040B9CB||[0x0040BC4A]->0x77:VM_OP_026
第000035条:[0x0040B4B8]->0x0040BA66||[0x0040BC4B]->0xec:VM_OP_034
第000036条:[0x0040B40C]->0x0040BA26||[0x0040BC4D]->0x39:VM_OP_003
第000037条:[0x0040B520]->0x0040B89D||[0x0040BC4E]->0xda:VM_OP_064
第000038条:[0x0040B5F8]->0x0040BA5C||[0x0040BC4F]->0x5d:VM_OP_031
第000039条:[0x0040B5F0]->0x0040B89D||[0x0040BC50]->0xed:VM_OP_064
第000040条:[0x0040B590]->0x0040B89D||[0x0040BC51]->0x79:VM_OP_064
第000041条:[0x0040B610]->0x0040104E||[0x0040BC52]->0x1c:VM_OP_061
第000042条:[0x0040B4F0]->0x0040B9E9||[0x0040BC57]->0xe0:VM_OP_000
第000043条:[0x0040B40C]->0x0040BA26||[0x0040BC58]->0x2c:VM_OP_003
第000044条:[0x0040B590]->0x0040B89D||[0x0040BC59]->0xbc:VM_OP_064
第000045条:[0x0040B5F0]->0x0040B89D||[0x0040BC5A]->0xf2:VM_OP_064
第000046条:[0x0040B444]->0x0040B91F||[0x0040BC5B]->0x5f:VM_OP_017
第000047条:[0x0040B558]->0x00401077||[0x0040BC5D]->0xe4:VM_OP_038
第000048条:[0x0040B498]->0x00401077||[0x0040BC5F]->0x80:VM_OP_038
第000049条:[0x0040B640]->0x0040B9D3||[0x0040BC61]->0xc1:VM_OP_091
第000050条:[0x0040B540]->0x0040B89D||[0x0040BC62]->0xbe:VM_OP_064
第000051条:[0x0040B6FC]->0x0040B91F||[0x0040BC63]->0xee:VM_OP_017
第000052条:[0x0040B498]->0x00401077||[0x0040BC65]->0x95:VM_OP_038
第000053条:[0x0040B498]->0x00401077||[0x0040BC67]->0x33:VM_OP_038
第000054条:[0x0040B56C]->0x0040B9D3||[0x0040BC69]->0x9f:VM_OP_091
第000055条:[0x0040B520]->0x0040B89D||[0x0040BC6A]->0xdc:VM_OP_064
第000056条:[0x0040B51C]->0x0040BA30||[0x0040BC6B]->0xaf:VM_OP_010
第000057条:[0x0040B488]->0x0040BA66||[0x0040BC6D]->0xbe:VM_OP_034
第000058条:[0x0040B7C4]->0x0040B9CB||[0x0040BC6F]->0xd5:VM_OP_026
第000059条:[0x0040B660]->0x0040BA26||[0x0040BC70]->0x65:VM_OP_003
第000060条:[0x0040B520]->0x0040B89D||[0x0040BC71]->0x7f:VM_OP_064
第000061条:[0x0040B634]->0x0040BA5C||[0x0040BC72]->0x7a:VM_OP_031
第000062条:[0x0040B5F0]->0x0040B89D||[0x0040BC73]->0x1a:VM_OP_064
第000063条:[0x0040B510]->0x0040B89D||[0x0040BC74]->0x79:VM_OP_064
第000064条:[0x0040B7F8]->0x0040BA66||[0x0040BC75]->0xd3:VM_OP_034
第000065条:[0x0040B4F0]->0x0040B9E9||[0x0040BC77]->0x6d:VM_OP_000
第000066条:[0x0040B660]->0x0040BA26||[0x0040BC78]->0xf3:VM_OP_003
第000067条:[0x0040B590]->0x0040B89D||[0x0040BC79]->0x83:VM_OP_064
第000068条:[0x0040B5F0]->0x0040B89D||[0x0040BC7A]->0x29:VM_OP_064
第000069条:[0x0040B4C0]->0x0040B9E9||[0x0040BC7B]->0x07:VM_OP_000
第000070条:[0x0040B470]->0x0040B9E9||[0x0040BC7C]->0xdf:VM_OP_000
第000071条:[0x0040B4D0]->0x0040B9E9||[0x0040BC7D]->0xb1:VM_OP_000
第000072条:[0x0040B480]->0x0040B9E9||[0x0040BC7E]->0x85:VM_OP_000
第000073条:[0x0040B4E0]->0x0040B9E9||[0x0040BC7F]->0x6a:VM_OP_000
第000074条:[0x0040B400]->0x0040B9E9||[0x0040BC80]->0x68:VM_OP_000
第000075条:[0x0040B430]->0x0040B9E9||[0x0040BC81]->0x45:VM_OP_000
第000076条:[0x0040B4C0]->0x0040B9E9||[0x0040BC82]->0x21:VM_OP_000
第000077条:[0x0040B460]->0x0040B9E9||[0x0040BC83]->0x01:VM_OP_000
第000078条:[0x0040B4A0]->0x0040B9E9||[0x0040BC84]->0xe7:VM_OP_000
第000079条:[0x0040B450]->0x0040B9E9||[0x0040BC85]->0xbf:VM_OP_000
第000080条:[0x0040B4F0]->0x0040B9E9||[0x0040BC86]->0x1d:VM_OP_000
第000081条:[0x0040B404]->0x0040B957||[0x0040BC87]->0x24:VM_OP_001
第000082条:[0x0040B570]->0x0040B89D||[0x0040BC88]->0xc6:VM_OP_064
第000083条:[0x0040B560]->0x0040B89D||[0x0040BC89]->0x68:VM_OP_064
第000084条:[0x0040B5B0]->0x0040B89D||[0x0040BC8A]->0x08:VM_OP_064
第000085条:[0x0040B550]->0x0040B89D||[0x0040BC8B]->0xb8:VM_OP_064
第000086条:[0x0040B530]->0x0040B89D||[0x0040BC8C]->0x56:VM_OP_064
第000087条:[0x0040B5C0]->0x0040B89D||[0x0040BC8D]->0xfe:VM_OP_064
第000088条:[0x0040B500]->0x0040B89D||[0x0040BC8E]->0xa4:VM_OP_064
第000089条:[0x0040B5F0]->0x0040B89D||[0x0040BC8F]->0x3e:VM_OP_064
第000090条:[0x0040B520]->0x0040B89D||[0x0040BC90]->0xe4:VM_OP_064
第000091条:[0x0040B5D0]->0x0040B89D||[0x0040BC91]->0x88:VM_OP_064
第000092条:[0x0040B510]->0x0040B89D||[0x0040BC92]->0x63:VM_OP_064
第000093条:[0x0040B400]->0x0040B9E9||[0x0040BC93]->0x59:VM_OP_000
第000094条:[0x0040B468]->0x0040B9CB||[0x0040BC94]->0x20:VM_OP_026
第000095条:[0x0040B540]->0x0040B89D||[0x0040BC95]->0xba:VM_OP_064
第000096条:[0x0040B610]->0x0040104E||[0x0040BC96]->0x9b:VM_OP_061
第000097条:[0x0040B4F4]->0x0040104E||[0x0040BC9B]->0xba:VM_OP_061
第000098条:[0x0040B610]->0x0040104E||[0x0040BCA0]->0xd0:VM_OP_061
第000099条:[0x0040B468]->0x0040B9CB||[0x0040BCA5]->0x84:VM_OP_026
第000100条:[0x0040B4D4]->0x0040109B||[0x0040BCA6]->0xdc:VM_OP_053
请问数字指令是你还没有识别出的指令么?你可以识别出哪些指令呢?
btw:如果想写vmp viewer的话,完全没必要动用IDA,有的地方虚拟执行一下好了。你要是能把vmp的指令繁化成汇编指令,那就算是unpacker了。
|
能力值:
( LV12,RANK:250 )
|
-
-
7 楼
 是,我无法自动识别,自己跟踪也没识别出几个,所以只是个recorder。
我想最终做成一个tracer(不知有没有可能),后面我想如果可能的话,把每条指令的输入参数和输出结果都记录下来。是有点笨,不过是我现在能想到的跟踪调试vmprotect的方法了。
还有什么办法,请诸位高手指个方向。或许我下一步应该把重点放在每一个指令的识别上?
|
能力值:
![]()
(RANK:330 )
|
-
-
8 楼
你可以重点研究跳转部分,如果碰上容易爆破的程序。
如果只是tracer的话patch一下就好了,动用到IDA这个块头太过火了。
|
能力值:
( LV12,RANK:250 )
|
-
-
9 楼
好,多谢。
patch是什么方法?应该怎么弄?还有前面你提到的虚拟执行应该如何做呢?
|
能力值:
( LV2,RANK:10 )
|
-
-
10 楼
关键代码如果被VM了怎么爆破啊?对虚拟机还是不懂
|
能力值:
( LV12,RANK:250 )
|
-
-
11 楼
patch是指注入吗?
|
能力值:
( LV13,RANK:410 )
|
-
-
12 楼
patch=补丁
|
能力值:
( LV2,RANK:10 )
|
-
-
13 楼
是啊,关键代码如果被VM了怎么爆破啊?对虚拟机还是不懂
|
能力值:
( LV9,RANK:1210 )
|
-
-
14 楼
直接改pcode
|
能力值:
( LV12,RANK:250 )
|
-
-
15 楼
|
能力值:
![]()
(RANK:330 )
|
-
-
16 楼
我下载了,论坛可能出了点问题
|
|
|
|
