5、伪指令
; ???????????????????????????????????????????????????????????????????????????
VM_PUSH_DR5: ;
mov ecx, dr5
push ecx
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_MOV_FSA_TO_B: ; DATA XREF: ????13CEo
pop edx
push dword ptr fs:[edx]
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_SP proc near
pop sp
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_SP endp
; ???????????????????????????????????????????????????????????????????????????
VM_POP_CR3:
pop edx
mov cr3, edx
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_IMULB_F proc near
pop dx
pop ax
imul dl
push ax
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_IMULB_F endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FNCLEX proc near ; DATA XREF: ????1602o
fnclex
jmp VMLoop_EP ; fetch Instruction Byte
VM_FNCLEX endp
; ???????????????????????????????????????????????????????????????????????????
VM_FADDQ: ; DATA XREF: ????137Eo
fadd qword ptr [esp]
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_MOV_B_TO_CSA: ; DATA XREF: ????1392o
pop ecx ; des?
pop dword ptr cs:[ecx] ; src?
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FINCSTP proc near ; DATA XREF: ????15B2o
; ????15D6o
fincstp
jmp VMLoop_EP ; fetch Instruction Byte
VM_FINCSTP endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOV_B_TO_ESA proc near ; DATA XREF: ????14B6o
pop edx
pop dword ptr es:[edx]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOV_B_TO_ESA endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_WAIT proc near ; DATA XREF: ????146Eo
wait
jmp VMLoop_EP ; fetch Instruction Byte
VM_WAIT endp
; ???????????????????????????????????????????????????????????????????????????
VM_PUSH_DR4: ; DATA XREF: ????1516o
mov edx, dr4
push edx
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_PUSH_DR3: ; DATA XREF: ????170Eo
mov eax, dr3
push eax
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_IMMB proc near ; DATA XREF: ????145Eo
movzx eax, byte ptr [esi]
add al, bl
sub al, 0C4h
lea esi, [esi+1]
not al
inc al
ror al, 5
inc al
ror al, 6
not al
add al, 85h
ror al, 1
add bl, al
cbw
cwde
push eax
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_IMMB endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVB_GSA_TO_B proc near ; DATA XREF: ????1592o
pop edx
mov al, gs:[edx]
push ax
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVB_GSA_TO_B endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_DIVW proc near ; DATA XREF: ????1562o
pop dx
pop ax
pop cx
div cx
push ax
push dx
jmp VMLoop_EP ; fetch Instruction Byte
VM_DIVW endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_ADDB proc near ; DATA XREF: ????16D6o
pop dx
add [esp+0], dl
jmp VMLoop_EP ; fetch Instruction Byte
VM_ADDB endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FST proc near ; DATA XREF: ????1652o
fst dword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FST endp
; ???????????????????????????????????????????????????????????????????????????
VM_FPREM1: ; DATA XREF: ????13BAo
fprem1 ; è?óàêy£¨IEEE£?£?í?FPREM£?μ?ê?ê1ó?IEEE±ê×?[486]
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_DR6 proc near ; DATA XREF: ????166Ao
mov ecx, dr6
push ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_DR6 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FLD1 proc near ; DATA XREF: ????168Ao
fld1
jmp VMLoop_EP ; fetch Instruction Byte
VM_FLD1 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOV_SSA_TO_B proc near ; DATA XREF: ????1416o
pop eax
push dword ptr ss:[eax]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOV_SSA_TO_B endp
; ???????????????????????????????????????????????????????????????????????????
VM_DIVW_QUOTIENT: ; DATA XREF: .text:VM_OP_TABLEo
pop ax
pop cx
div cl
push ax
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVW_FSA_TO_B proc near ; DATA XREF: ????15A2o
pop eax
push small word ptr fs:[eax]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVW_FSA_TO_B endp
; ???????????????????????????????????????????????????????????????????????????
VM_POP_DR6: ; DATA XREF: ????139Eo
pop ecx
mov dr6, ecx
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVW_ESA_TO_B proc near ; DATA XREF: ????1556o
pop eax
push small word ptr es:[eax]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVW_ESA_TO_B endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_FS proc near ; DATA XREF: ????13AAo
mov cx, fs
push cx
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_FS endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_IMUL_F proc near ; DATA XREF: ????169Eo
pop edx
pop eax
imul edx
push eax
push edx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_IMUL_F endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_CR1 proc near ; DATA XREF: ????155Eo
mov edx, cr1
push edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_CR1 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_CR6 proc near ; DATA XREF: ????16DEo
pop ecx
mov cr6, ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_CR6 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVW_B_TO_CSA proc near ; DATA XREF: ????1476o
pop edx
pop small word ptr cs:[edx]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVW_B_TO_CSA endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_DR2 proc near ; DATA XREF: ????13DAo
; ????15C6o
mov eax, dr2
push eax
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_DR2 endp
; ???????????????????????????????????????????????????????????????????????????
VM_NA_NB_AND: ; DATA XREF: ????163Ao
pop eax
not eax
not dword ptr [esp]
and [esp], eax
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FSUBR proc near ; DATA XREF: ????1552o
; ????15DEo
fsubr dword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FSUBR endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_DR1 proc near ; DATA XREF: ????1422o
pop ecx
mov dr1, ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_DR1 endp
; ???????????????????????????????????????????????????????????????????????????
VM_POP_FS: ; DATA XREF: ????170Ao
db 66h
pop fs
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_DR7 proc near ; DATA XREF: ????172Eo
pop eax
mov dr7, eax
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_DR7 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVW_A_TO_SS proc near ; DATA XREF: ????16CAo
pop ax
db 66h
mov ss, ax
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVW_A_TO_SS endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FSUBRQ proc near ; DATA XREF: ????1656o
fsubr qword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FSUBRQ endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_ESP proc near ; DATA XREF: ????144Ao
pop esp
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_ESP endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_NA_NB_ANDW_F proc near ; DATA XREF: ????14AAo
pop dx
pop cx
not dl
not cl
and dl, cl
push dx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_NA_NB_ANDW_F endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVB_B_TO_ESA proc near ; DATA XREF: ????140Eo
pop ecx
pop dx
mov es:[ecx], dl
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVB_B_TO_ESA endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVB_B_TO_A proc near ; DATA XREF: ????14EAo
pop eax
pop cx
mov [eax], cl
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVB_B_TO_A endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
; abs(st(0))=>st(0)
VM_FABS proc near ; DATA XREF: ????14D2o
; ????1696o
fabs
jmp VMLoop_EP ; fetch Instruction Byte
VM_FABS endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
; float sub int
VM_FISUB proc near ; DATA XREF: ????13D6o
fisub dword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FISUB endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FLDQ proc near ; DATA XREF: ????1606o
fld qword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FLDQ endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_IDIVW proc near ; DATA XREF: ????1436o
pop dx
pop ax
pop cx
idiv cx
push ax
push dx
jmp VMLoop_EP ; fetch Instruction Byte
VM_IDIVW endp
; ???????????????????????????????????????????????????????????????????????????
VM_PUSH_ES: ; DATA XREF: ????13E2o
db 66h
push es
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FDIV proc near ; DATA XREF: ????16FEo
fdiv dword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FDIV endp
; ???????????????????????????????????????????????????????????????????????????
VM_PUSH_DS: ; DATA XREF: ????1642o
db 66h
push ds
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FMUL proc near ; DATA XREF: ????13CAo
fmul dword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FMUL endp
; ???????????????????????????????????????????????????????????????????????????
VM_IMULW_F: ; DATA XREF: ????13A6o
pop dx
pop ax
imul dx
push ax
push dx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVW_B_TO_FSA proc near ; DATA XREF: ????16B2o
pop ecx
pop small word ptr fs:[ecx]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVW_B_TO_FSA endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FISTPQ proc near ; DATA XREF: ????1646o
fistp qword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FISTPQ endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_CR2 proc near ; DATA XREF: ????1512o
pop edx
mov cr2, edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_CR2 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_ADDW_F proc near ; DATA XREF: ????15FAo
pop ax
add [esp+0], ax
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_ADDW_F endp
; ???????????????????????????????????????????????????????????????????????????
VM_NA_NB_ANDW: ; DATA XREF: ????138Ao
pop cx
pop dx
not cl
not dl
and cl, dl
push cx
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_ES proc near ; DATA XREF: ????1396o
pop cx
db 66h
mov es, cx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_ES endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_CR3 proc near ; DATA XREF: ????161Eo
mov edx, cr3
push edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_CR3 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_CR0 proc near ; DATA XREF: ????158Eo
pop ecx
mov cr0, ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_CR0 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_DR1 proc near ; DATA XREF: ????157Ao
mov ecx, dr1
push ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_DR1 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_CR7 proc near ; DATA XREF: ????13EEo
; ????1682o
mov eax, cr7
push eax
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_CR7 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POPW_CONTEXT proc near ; DATA XREF: ????165Eo
VM_CONTEXT = edi
lodsb
add al, bl
inc al
not al
add al, 1Bh
xor al, 0A8h
add bl, al
pop small word ptr [VM_CONTEXT+eax*4]
jmp VMLoop_EP ; fetch Instruction Byte
VM_POPW_CONTEXT endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_SHRB_F proc near ; DATA XREF: ????1546o
pop ax
pop cx
shr al, cl
push ax
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_SHRB_F endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_SHRB proc near ; DATA XREF: ????148Ao
pop dx
pop cx
shr dl, cl
push dx
jmp VMLoop_EP ; fetch Instruction Byte
VM_SHRB endp
; ???????????????????????????????????????????????????????????????????????????
VM_NA_B_ANDW_F: ; DATA XREF: ????1402o
not dword ptr [esp]
pop dx
and [esp], dx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FSIN proc near ; DATA XREF: ????138Eo
fsin
jmp VMLoop_EP ; fetch Instruction Byte
VM_FSIN endp
; ???????????????????????????????????????????????????????????????????????????
VM_FLDLN2: ; DATA XREF: ????13F2o
fldln2
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_SHLW_F proc near ; DATA XREF: ????143Eo
; ????14EEo
pop ax
pop cx
shl ax, cl
push ax
ushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_SHLW_F endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVB_B_TO_SSA proc near ; DATA XREF: ????1446o
pop eax
pop dx
mov ss:[eax], dl
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVB_B_TO_SSA endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_CX proc near ; DATA XREF: ????1582o
pop cx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_CX endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FCOS proc near ; DATA XREF: ????13B2o
fcos
jmp VMLoop_EP ; fetch Instruction Byte
VM_FCOS endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_CR4 proc near ; DATA XREF: ????174Ao
mov edx, cr4
push edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_CR4 endp
; ???????????????????????????????????????????????????????????????????????????
VM_PUSHW: ; DATA XREF: ????14DAo
lodsb
add al, bl
sub al, 0C4h
not al
inc al
ror al, 5
inc al
ror al, 6
not al
add al, 85h
ror al, 1
add bl, al
push ax
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_MOV_ESA_TO_B: ; DATA XREF: ????14E6o
pop ecx
push dword ptr es:[ecx]
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
; load src to FPU CW(control word)
VM_FLDCW proc near ; DATA XREF: ????1706o
fldcw word ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FLDCW endp
; ???????????????????????????????????????????????????????????????????????????
VM_FLDLG2: ; DATA XREF: ????14D6o
fldlg2 ; load log2 to st0
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_DR0 proc near ; DATA XREF: ????16C6o
pop ecx
mov dr0, ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_DR0 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVW_B_TO_ESA proc near ; DATA XREF: ????143Ao
pop eax
pop small word ptr es:[eax]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVW_B_TO_ESA endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
; Initilize FPU without checking out FP exception
VM_FNINIT proc near ; DATA XREF: ????14F2o
fninit
jmp VMLoop_EP ; fetch Instruction Byte
VM_FNINIT endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_SHR_F proc near ; DATA XREF: ????16A2o
pop edx
pop cx
shr edx, cl
push edx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_SHR_F endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_ESP proc near ; DATA XREF: ????141Ao
push esp
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_ESP endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVB_B_TO_FSA proc near ; DATA XREF: ????160Eo
pop ecx
pop dx
mov fs:[ecx], dl
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVB_B_TO_FSA endp
; ???????????????????????????????????????????????????????????????????????????
VM_FDIVQ: ; DATA XREF: ????14CEo
fdiv qword ptr [esp]
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_NA_B_ANDW proc near ; DATA XREF: ????1686o
not dword ptr [esp+0]
pop ax
and [esp+0], ax
jmp VMLoop_EP ; fetch Instruction Byte
VM_NA_B_ANDW endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FSUBQ proc near ; DATA XREF: ????175Eo
fsub qword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FSUBQ endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_RETF proc far ; DATA XREF: ????1596o
pop eax
popa
popf
retf
VM_RETF endp ; sp = 28h
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_SHLD_F proc near ; DATA XREF: ????141Eo
; ????16EEo
pop eax
pop edx
pop cx
shld eax, edx, cl
push eax
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_SHLD_F endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_CR2 proc near ; DATA XREF: ????1466o
mov eax, cr2
push eax
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_CR2 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FPATAN proc near ; DATA XREF: ????1616o
fpatan
jmp VMLoop_EP ; fetch Instruction Byte
VM_FPATAN endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FSTP proc near ; DATA XREF: ????1662o
fstp dword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FSTP endp
; ???????????????????????????????????????????????????????????????????????????
VM_ADD: ; DATA XREF: ????15EAo
pop edx
add [esp], edx
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVW_GSA_TO_B proc near ; DATA XREF: ????14AEo
pop edx
push small word ptr gs:[edx]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVW_GSA_TO_B endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_SS proc near ; DATA XREF: ????173Ao
mov ax, ss
push ax
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_SS endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_DR7 proc near ; DATA XREF: ????15F2o
mov ecx, dr7
push ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_DR7 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_CR0 proc near ; DATA XREF: ????15CAo
mov edx, cr0
push edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_CR0 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POPW_CONTEXTBH proc near ; DATA XREF: ????151Eo
movzx eax, byte ptr [esi]
add al, bl
xor al, 0B9h
inc al
not al
ror al, 6
add al, 0F2h
add bl, al
lea esi, [esi+1]
pop cx
mov [edi+eax*4+1], cl
jmp VMLoop_EP ; fetch Instruction Byte
VM_POPW_CONTEXTBH endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVW_A_TO_B proc near ; DATA XREF: ????162Eo
pop ecx
push small word ptr [ecx]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVW_A_TO_B endp
; ???????????????????????????????????????????????????????????????????????????
VM_FSTPT: ; DATA XREF: ????14DEo
fstp tbyte ptr [esp]
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
; (2^x)-1
VM_F2XM1 proc near ; DATA XREF: ????14CAo
f2xm1
jmp VMLoop_EP ; fetch Instruction Byte
VM_F2XM1 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOV_GSA_TO_B proc near ; DATA XREF: ????15B6o
pop eax
push dword ptr gs:[eax]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOV_GSA_TO_B endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_IDIV proc near ; DATA XREF: ????15FEo
pop edx
pop eax
pop ecx
idiv ecx
push eax
push edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_IDIV endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_ECX proc near ; DATA XREF: ????1442o
pop ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_ECX endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FADD proc near ; DATA XREF: ????1462o
fadd dword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FADD endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVZXB_FSA_TO_B proc near ; DATA XREF: ????14A2o
pop ecx
movzx dx, byte ptr fs:[ecx]
push dx
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVZXB_FSA_TO_B endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FSTQ proc near ; DATA XREF: ????167Ao
fst qword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FSTQ endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FTST proc near ; DATA XREF: ????16BAo
ftst
jmp VMLoop_EP ; fetch Instruction Byte
VM_FTST endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_CR4 proc near ; DATA XREF: ????1626o
pop edx
mov cr4, edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_CR4 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_CR1 proc near ; DATA XREF: ????155Ao
pop eax
mov cr1, eax
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_CR1 endp
; ???????????????????????????????????????????????????????????????????????????
VM_POP_DS: ; DATA XREF: ????14BAo
db 66h
pop ds
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FNSTCWW proc near ; DATA XREF: ????160Ao
fnstcw word ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FNSTCWW endp
; ???????????????????????????????????????????????????????????????????????????
VM_SHR: ; DATA XREF: ????14C6o
pop eax
pop cx
shr eax, cl
push eax
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_DIV proc near ; DATA XREF: ????16F6o
pop edx
pop eax
pop ecx
div ecx
push eax
push edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_DIV endp
; ???????????????????????????????????????????????????????????????????????????
VM_FILDQ: ; DATA XREF: ????13C6o
; ????145Ao
fild qword ptr [esp]
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_MOVB_CSA_TO_B: ; DATA XREF: ????1542o
pop ecx
mov al, cs:[ecx]
push ax
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_MOV_B_TO_SSA: ; DATA XREF: ????1576o
pop edx
pop dword ptr ss:[edx]
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_FLD: ; DATA XREF: ????1426o
; ????1756o
fld dword ptr [esp]
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_MOVB_B_TO_GSA: ; DATA XREF: ????1716o
pop ecx
pop dx
mov gs:[ecx], dl
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_DR5 proc near ; DATA XREF: ????154Ao
pop edx
mov dr5, edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_DR5 endp
; ???????????????????????????????????????????????????????????????????????????
VM_MOV_B_TO_FSA: ; DATA XREF: ????1712o
pop edx
pop dword ptr fs:[edx]
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_PUSHW_CONTEXT: ; DATA XREF: ????139Ao
lodsb
add al, bl
inc al
not al
add al, 1Bh
xor al, 0A8h
add bl, al
push small word ptr [edi+eax*4]
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_MULB_F: ; DATA XREF: ????1456o
; ????176Eo
pop dx
pop ax
mul dl
push ax
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_MULW_F: ; DATA XREF: ????1382o
pop dx
pop ax
mul dx
push ax
push dx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_MOVW_B_TO_SSA: ; DATA XREF: ????151Ao
pop ecx
pop small word ptr ss:[ecx]
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FCHS proc near ; DATA XREF: ????1676o
fchs
jmp VMLoop_EP ; fetch Instruction Byte
VM_FCHS endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FCOMPQ proc near ; DATA XREF: ????1692o
fcomp qword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FCOMPQ endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSHW_CONTEXTBH proc near ; DATA XREF: ????150Ao
lodsb
add al, bl
xor al, 0B9h
inc al
not al
ror al, 6
add al, 0F2h
add bl, al
mov al, [edi+eax*4+1]
push ax
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSHW_CONTEXTBH endp
; ???????????????????????????????????????????????????????????????????????????
VM_ADD_F: ; DATA XREF: ????1772o
pop edx
add [esp], edx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_SHLB_F proc near ; DATA XREF: ????14FAo
pop dx
pop cx
shl dl, cl
push dx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_SHLB_F endp
; ???????????????????????????????????????????????????????????????????????????
VM_FRNDINT: ; DATA XREF: ????13FEo
frndint ; st(0) <- INT( st(0) ); depends on RC flag
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FYL2X proc near ; DATA XREF: ????1536o
fyl2x
jmp VMLoop_EP ; fetch Instruction Byte
VM_FYL2X endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MUL_F proc near ; DATA XREF: ????1566o
pop edx
pop eax
mul edx
push eax
push edx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_MUL_F endp
; ???????????????????????????????????????????????????????????????????????????
VM_PUSH_IMMW: ; DATA XREF: ????13DEo
lodsw
add ax, bx
xor ax, 6609h
not ax
ror ax, 8
dec ax
add bx, ax
cwde
push eax
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_NA_NB_AND_F: ; DATA XREF: ????1526o
pop ecx
not ecx
not dword ptr [esp]
and [esp], ecx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_RETN: ; DATA XREF: ????1406o
pop eax
popa
popf
retn
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
; save status word to dest
VM_FNSTSWW proc near ; DATA XREF: ????16BEo
fnstsw ax
push ax
jmp VMLoop_EP ; fetch Instruction Byte
VM_FNSTSWW endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_CR5 proc near ; DATA XREF: ????174Eo
mov edx, cr5
push edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_CR5 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
; st(0) <- ?(ie, pi)
VM_FLDPI proc near ; DATA XREF: ????16AAo
fldpi
jmp VMLoop_EP ; fetch Instruction Byte
VM_FLDPI endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_IMM proc near ; DATA XREF: ????1726o
mov eax, [esi]
add eax, ebx
add eax, 23D30F4Fh ; <suspicious>
rol eax, 1Fh
inc eax
add esi, 4
rol eax, 0Bh
sub eax, 8E5C6C84h
add ebx, eax
push eax
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_IMM endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSHW_CONTEXTBL proc near ; DATA XREF: ????158Ao
lodsb
add al, bl
xor al, 0B9h
inc al
not al
ror al, 6
add al, 0F2h
add bl, al
mov al, [edi+eax*4]
push ax
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSHW_CONTEXTBL endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_CR7 proc near ; DATA XREF: ????14B2o
pop edx
mov cr7, edx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_CR7 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FMULQ proc near ; DATA XREF: ????171Eo
fmul qword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FMULQ endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOV_CSA_TO_B proc near ; DATA XREF: ????147Eo
pop ecx
push dword ptr cs:[ecx]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOV_CSA_TO_B endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOV_B_TO_GSA proc near ; DATA XREF: ????1472o
pop eax
pop dword ptr gs:[eax]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOV_B_TO_GSA endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_CR5 proc near ; DATA XREF: ????153Ao
pop eax
mov cr5, eax
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_CR5 endp
; ???????????????????????????????????????????????????????????????????????????
VM_ADDB_F: ; DATA XREF: ????13AEo
; ????13C2o
pop cx
add [esp], cl
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_CONTEXT proc near ; DATA XREF: ????1502o
lodsb
add al, bl
xor al, 4Ah
ror al, 4
sub al, 0B7h
rol al, 6
add bl, al
push dword ptr [edi+eax*4]
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_CONTEXT endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVB_B_TO_CSA proc near ; DATA XREF: ????13A2o
pop ecx
pop ax
mov cs:[ecx], al
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVB_B_TO_CSA endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_SHRW_F proc near ; DATA XREF: ????173Eo
pop ax
pop cx
shr ax, cl
push ax
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_SHRW_F endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FCOMP proc near ; DATA XREF: ????15A6o
fcomp dword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FCOMP endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_DR2 proc near ; DATA XREF: ????13FAo
pop ecx
mov dr2, ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_DR2 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSH_CR6 proc near ; DATA XREF: ????13EAo
mov ecx, cr6
push ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSH_CR6 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FDECSTP proc near ; DATA XREF: ????1432o
fdecstp
jmp VMLoop_EP ; fetch Instruction Byte
VM_FDECSTP endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_SHRD_F proc near ; DATA XREF: ????1522o
pop eax
pop edx
pop cx
shrd eax, edx, cl
push eax
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_SHRD_F endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FLDT proc near ; DATA XREF: ????1762o
fld tbyte ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FLDT endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FLDZ proc near ; DATA XREF: ????14FEo
fldz
jmp VMLoop_EP ; fetch Instruction Byte
VM_FLDZ endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_IDIVW_QUOTIENT proc near ; DATA XREF: ????15CEo
pop ax
pop cx
idiv cl
push ax
jmp VMLoop_EP ; fetch Instruction Byte
VM_IDIVW_QUOTIENT endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVW_B_TO_A proc near ; DATA XREF: ????15E2o
pop edx
pop small word ptr [edx]
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVW_B_TO_A endp
; ???????????????????????????????????????????????????????????????????????????
VM_MOVW_CSA_TO_B: ; DATA XREF: ????13E6o
pop eax
push small word ptr cs:[eax]
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
VM_PUSH_CS: ; DATA XREF: ????149Ao
db 66h
push cs
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FPTAN proc near ; DATA XREF: ????1482o
fptan
jmp VMLoop_EP ; fetch Instruction Byte
VM_FPTAN endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FISUBW proc near ; DATA XREF: ????16A6o
fisub word ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FISUBW endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_SHRW proc near ; DATA XREF: ????15AEo
pop ax
pop cx
shr ax, cl
push ax
jmp VMLoop_EP ; fetch Instruction Byte
VM_SHRW endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_PUSHW_IMMW proc near ; DATA XREF: ????153Eo
lodsw
add ax, bx
xor ax, 6609h
not ax
ror ax, 8
dec ax
add bx, ax
push ax
jmp VMLoop_EP ; fetch Instruction Byte
VM_PUSHW_IMMW endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FSUB proc near ; DATA XREF: ????1492o
fsub dword ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FSUB endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_SHL_F proc near ; DATA XREF: ????168Eo
pop edx
pop cx
shl edx, cl
push edx
pushfw
jmp VMLoop_EP ; fetch Instruction Byte
VM_SHL_F endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVZXB_ESA_TO_B proc near ; DATA XREF: ????1622o
pop eax
movzx dx, byte ptr es:[eax]
push dx
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVZXB_ESA_TO_B endp
; ???????????????????????????????????????????????????????????????????????????
VM_POP_DR4: ; DATA XREF: ????159Ao
; ????1732o
pop edx
mov dr4, edx
jmp VMLoop_EP ; fetch Instruction Byte
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_ADDW proc near ; DATA XREF: ????1752o
pop cx
add [esp+0], cx
jmp VMLoop_EP ; fetch Instruction Byte
VM_ADDW endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_CONTEXT proc near ; DATA XREF: ????171Ao
mov al, [esi]
add al, bl
xor al, 4Ah
ror al, 4
sub al, 0B7h
rol al, 6
add bl, al
pop dword ptr [edi+eax*4]
inc esi
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_CONTEXT endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_MOVZXB_SSA_TO_B proc near ; DATA XREF: ????140Ao
pop eax
movzx dx, byte ptr ss:[eax]
push dx
jmp VMLoop_EP ; fetch Instruction Byte
VM_MOVZXB_SSA_TO_B endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POPW_CONTEXTBL proc near ; DATA XREF: ????1612o
lodsb
add al, bl
xor al, 0B9h
inc al
not al
ror al, 6
add al, 0F2h
add bl, al
pop cx
mov [edi+eax*4], cl
jmp VMLoop_EP ; fetch Instruction Byte
VM_POPW_CONTEXTBL endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_POP_DR3 proc near ; DATA XREF: ????15F6o
pop ecx
mov dr3, ecx
jmp VMLoop_EP ; fetch Instruction Byte
VM_POP_DR3 endp
; ??????????????? S U B R O U T I N E ???????????????????????????????????????
VM_FISTPW proc near
fistp word ptr [esp+0]
jmp VMLoop_EP ; fetch Instruction Byte
VM_FISTPW endp
; ???????????????????????????????????????????????????????????????????????????
VM_FSQRT:
fsqrt
jmp VMLoop_EP ; fetch Instruction Byte
; ???????????????????????????????????????????????????????????????????????????
对应的伪指令块如下:
VMInsBuff_03 db 1Dh ; VM_POP_CONTEXT
db 0E1h ; á
db 32h ; 2 ; VM_POP_CONTEXT
db 79h ; y
db 3Dh ; = ; VM_POP_CONTEXT
db 0C4h ; ?
db 49h ; I ; VM_POP_CONTEXT
db 92h ; ’
db 5Ch ; \ ; VM_POP_CONTEXT
db 26h ; &
db 69h ; i ; VM_POP_CONTEXT
db 6Dh ; m
db 7Fh ; ; VM_POP_CONTEXT
db 8
db 93h ; “ ; VM_POP_CONTEXT
db 0DDh ; Y
db 0A2h ; ¢ ; VM_POP_CONTEXT
db 0EBh ; ?
db 92h ; ’ ; VM_POP_ECX
db 8 ; VM_PUSH_IMM
dd 8A186535h
db 0Bh ; VM_PUSHW
db 6
db 0Bh ; VM_POPW_CONTEXT
db 0
db 19h ; VM_PUSH_IMM
dd 5C9E6D93h
db 63h ; c ; VM_ADD
db 98h ; ? ; VM_POP_CONTEXT
db 0A2h ; ¢
db 86h ; ? ; VM_PUSH_ESP
db 7Dh ; } ; VM_POP_CONTEXT
db 0C7h ; ?
db 12h ; VM_PUSH_IMM
dd 0FA3FCC82h
db 0A9h ; ? ; VM_OP_114
dw 0DAC5h
db 0DEh ; T ; VM_PUSH_SP
db 25h ; % ; VM_POP_CX
db 4Dh ; M ; VM_PUSH_ESP
db 0A4h ; ¤ ; VM_MOV_SSA_TO_B
db 0D5h ; ? ; VM_POPW_CONTEXT
db 0D2h ; ò
db 55h ; U ; VM_POP_CONTEXT
db 59h ; Y
db 0F1h ; ? ; VM_PUSH_IMM
dd 0AC9EC40Ah
db 85h ; … ; VM_ADD
db 7Fh ; ; VM_PUSH_CONTEXT
db 84h
db 85h ; … ; VM_ADD
db 40h ; @ ; VM_PUSH_IMM
dd 0BDC0F22Dh
db 11h ; VM_PUSH_REG
db 5Bh ; [
db 28h ; ( ; VM_SHRB_F
db 72h ; r ; VM_POP_CONTEXT
db 7Bh ; {
db 64h ; d ; VM_PUSH_ESP
db 0A6h ; | ; VM_MOVZXB_SSA_TO_B
db 0AEh ; ? ; VM_POPW_CONTEXT
db 0A7h ; §
db 0C0h ; à ; VM_PUSH_IMM
dd 8BC56656h
db 59h ; Y ; VM_ADD
db 6Eh ; n ; VM_PUSH_ESP
db 0DEh ; T ; VM_PUSH_IMMB
db 28h ; (
db 55h ; U ; VM_ADD
db 49h ; I ; VM_MOV_SSA_TO_B
db 0EBh ; ? ; VM_PUSH_ESP
db 0A1h ; ? ; VM_MOV_SSA_TO_B
db 63h ; c ; VM_POP_CONTEXT
db 2Ch ; ,
db 0EDh ; í ; VM_PUSH_IMMB
db 27h ; '
db 65h ; e ; VM_ADD
db 6 ; VM_MOV_B_TO_A
db 0C7h ; ? ; VM_PUSHW_IMMW
dw 123Bh
db 6Ch ; l ; VM_PUSH_IMM
dd 82EB9F59h
db 0DCh ; ü ; VM_POP_IMMWL
db 0D5h ; ?
db 21h ; ! ; VM_POPW_CONTEXT
db 16h
db 0E6h ; ? ; VM_PUSHW_IMMW
dw 0DAAAh
db 9Fh ; ? ; VM_NA_B_ANDW
db 6 ; VM_PUSH_CONTEXT
db 90h ; ?
db 21h ; ! ; VM_MOVW_B_TO_A
db 2 ; VM_PUSH_CONTEXT
db 0Ch
db 9Bh ; ? ; VM_PUSH_CONTEXT
db 66h ; f
db 2Fh ; / ; VM_PUSH_CONTEXT
db 79h ; y
db 0C9h ; é ; VM_PUSH_CONTEXT
db 0D4h ; ?
db 5Eh ; ^ ; VM_PUSH_CONTEXT
db 0E9h ; é
db 0F1h ; ? ; VM_PUSH_CONTEXT
db 0BCh ; ?
db 85h ; … ; VM_PUSH_CONTEXT
db 0CDh ; í
db 17h ; VM_PUSH_CONTEXT
db 1Fh
db 0A8h ; ¨ ; VM_PUSH_CONTEXT
db 2Dh ; -
db 43h ; C ; VM_PUSH_CONTEXT
db 48h ; H
db 85h ; … ; VM_RETN
7、多个伪指令块记录范例如下:
第0139次跳转,跳转到:0x10021F0F(VMInsBuff_14)
第0140次跳转,跳转到:0x10021622(VMInsBuff_20)
第0141次跳转,跳转到:0x1002186A(VMInsBuff_21)
第0142次跳转,跳转到:0x10022A11(VMInsBuff_22)
第0143次跳转,跳转到:0x1002202E(VMInsBuff_23)
第0144次跳转,跳转到:0x10021622(VMInsBuff_20)
第0145次跳转,跳转到:0x1002186A(VMInsBuff_21)
第0146次跳转,跳转到:0x10022A11(VMInsBuff_22)
第0147次跳转,跳转到:0x1002202E(VMInsBuff_23)
第0148次跳转,跳转到:0x10021622(VMInsBuff_20)
第0149次跳转,跳转到:0x1002186A(VMInsBuff_21)
第0150次跳转,跳转到:0x10022A11(VMInsBuff_22)
第0151次跳转,跳转到:0x1002202E(VMInsBuff_23)
第0152次跳转,跳转到:0x10021622(VMInsBuff_20)
第0153次跳转,跳转到:0x1002186A(VMInsBuff_21)
第0154次跳转,跳转到:0x10022A11(VMInsBuff_22)
第0155次跳转,跳转到:0x1002202E(VMInsBuff_23)
。。。。。。。。。
如上伪指令块执行记录,其中VMInsBuff_20到VMInsBuff_23循环执行
,其它还有错误吗?
