示例#1
0
        public VM_Executor(VM_Executor last, DWORD Position)
        {
            FirstMachine          = last.FirstMachine;
            LastMachine           = last;
            FileMemory            = last.FileMemory;
            BaseAddress_Variables = last.BaseAddress_Variables;
            BaseAddress_Assembly  = last.BaseAddress_Assembly;
            HeaderSize            = last.HeaderSize;
            Filename            = last.Filename;
            FileMemory.Position = Position;
            FirstMachine.MachineIndex++;


            Log.DirectPrint("=============================");
            Log.DirectPrint("Function Called");
            Log.DirectPrint("Machine = %i", FirstMachine.MachineIndex);
            Log.DirectPrint("=============================");
        }
示例#2
0
        public VM_Executor(string path)
        {
            Console.Clear();

            // The first Machine ever is this where the file get opend.
            FirstMachine = this;

            // The last Machine (on Call's)
            LastMachine = null;

            // Load the File into the Memory and Proceed.
            FileMemory = new MemoryBuffer(path);

            // magic check
            if (FileMemory.ReadInt32() == 0x947844)
            {
                // version check
                if (FileMemory.ReadByte() == 147)
                {
                    BaseAddress_Variables = FileMemory.ReadInt32();
                    BaseAddress_Assembly  = FileMemory.ReadInt32();
                    HeaderSize            = FileMemory.ReadInt32();
                    Filename = FileMemory.ReadString();

                    Log.Info("Executing", "File = %s  V = 0x%lx A = 0x%lx", Filename, BaseAddress_Variables, BaseAddress_Assembly + HeaderSize);

                    Log.DirectPrint("=============================");
                    Log.DirectPrint("Function Called");
                    Log.DirectPrint("Machine = %i", FirstMachine.MachineIndex);
                    Log.DirectPrint("=============================");


                    // set to 0 cause we dont have a header now!
                    FileMemory.Position = BaseAddress_Assembly - BaseAddress_Assembly + HeaderSize;
                    Execute();
                }
            }
        }
示例#3
0
        public void Execute()
        {
            _Executing = true;

            while (_Executing)
            {
                byte opcode = FileMemory.ReadByte();

                //Log.Info("Execute()", "0x%lx 0x%lx", FileMemory.Position, opcode);



                #region CALL
                if (opcode == 0xE8)
                {
                    DWORD PROCEDURE = FileMemory.ReadInt32();
                    Log.Info("CALL", "0x%lx", PROCEDURE + FileMemory.Position);

                    UpdateRegister();


                    LastMachine = this;

                    //save the positino of the file.
                    DWORD LastPosition = FileMemory.Position;

                    // Create a 'VM_Executor'
                    VM_Executor vme = new VM_Executor(this, PROCEDURE + FileMemory.Position);
                    vme.Execute();

                    // recover the position of the file
                    FileMemory.Position = LastPosition;
                }
                #endregion

                #region CALL DWORD PTR[...]
                else if (opcode == 0xFF)
                {
                    byte next = FileMemory.ReadByte();

                    // call dword ptr
                    if (next == 0x15)
                    {
                        DWORD READ_FROM = FileMemory.ReadInt32() - BaseAddress_Assembly + HeaderSize;
                        DWORD PROCEDURE = FileMemory.ReadInt32(READ_FROM) - BaseAddress_Assembly + HeaderSize;
                        UpdateRegister();

                        Log.Info("CALL", "[0x%lx] => 0x%lx", READ_FROM, PROCEDURE);


                        LastMachine = this;

                        //save the positino of the file.
                        DWORD LastPosition = FileMemory.Position;

                        // Create a 'VM_Executor'
                        VM_Executor vme = new VM_Executor(this, PROCEDURE);
                        vme.Execute();

                        // recover the position of the file
                        FileMemory.Position = LastPosition;
                    }
                }
                #endregion

                #region PUSH REGISTER
                else if (opcode == 0x50 ||
                         opcode == 0x51 ||
                         opcode == 0x52 ||
                         opcode == 0x53 ||
                         opcode == 0x54 ||
                         opcode == 0x55 ||
                         opcode == 0x56 ||
                         opcode == 0x57)
                {
                    UpdateRegister();
                    Log.Info("PUSH", "%s", Utils.RegisterToString(Utils.ByteToRegister(opcode, 0x50)));
                }
                #endregion

                #region MOV

                // MOV REGISTER, VARIABLE
                else if (opcode == 0xB8 |  // EAX
                         opcode == 0xB9 || // ECX
                         opcode == 0xBA || // EDX
                         opcode == 0xBB || // EBX
                         opcode == 0xBC || // ESP
                         opcode == 0xBD || // EBP
                         opcode == 0xBE || // ESI
                         opcode == 0xBF)   // EDI
                {
                    DWORD VALUE = FileMemory.ReadInt32();
                    UpdateRegister();
                    SetRegisterValue(Utils.ByteToRegister(opcode, 0xB8), VALUE);

                    Log.Info("MOV", "%s, 0x%lx", Utils.RegisterToString(Utils.ByteToRegister(opcode, 0xB8)), VALUE);
                }
                else if (opcode == 0x8B || opcode == 0xA1)
                {
                    if (opcode == 0xA1)
                    {
                        DWORD READ_FROM = FileMemory.ReadInt32() - BaseAddress_Assembly;
                        DWORD PROCEDURE = FileMemory.ReadInt32(READ_FROM);

                        UpdateRegister();

                        Log.Info("MOV", "EAX, [0x%lx] => 0x%lx", READ_FROM, PROCEDURE);

                        SetRegisterValue(x32Register.EAX, PROCEDURE);
                        break;
                    }


                    int next = FileMemory.ReadByte();
                    UpdateRegister();

                    //todo
                    switch (next)
                    {
                    // EAX
                    case 0x80:     // eax eax
                    case 0x81:     // eax ecx
                    case 0x82:     // eax edx
                    case 0x83:     // eax ebx
                    case 0x84:     // eax esp => next should be 24 then
                    case 0x85:     // eax ebp
                    case 0x86:     // eax esi
                    case 0x87:     // eax edi

                    // ECX
                    case 0x88:     // ecx eax
                    case 0x89:     // ecx ecx
                    case 0x8A:     // ecx edx
                    case 0x8B:     // ecx ebx
                    case 0x8C:     // ecx esp => next should be 24 then
                    case 0x8D:     // ecx ebp
                    case 0x8E:     // ecx esi
                    case 0x8F:     // ecx edi



                    // EDX
                    case 0x90:     // edx eax
                    case 0x91:     // edx ecx
                    case 0x92:     // edx edx
                    case 0x93:     // edx ebx
                    case 0x94:     // edx esp => next should be 24 then
                    case 0x95:     // edx ebp
                    case 0x96:     // edx esi
                    case 0x97:     // edx edi

                    // EBX
                    case 0x98:     // ebx eax
                    case 0x99:     // ebx ecx
                    case 0x9A:     // ebx edx
                    case 0x9B:     // ebx ebx
                    case 0x9C:     // ebx esp => next should be 24 then
                    case 0x9D:     // ebx ebp
                    case 0x9E:     // ebx esi
                    case 0x9F:     // ebx edi


                    // ESP
                    case 0xA0:     // esp eax
                    case 0xA1:     // esp ecx
                    case 0xA2:     // esp edx
                    case 0xA3:     // esp ebx
                    case 0xA4:     // esp esp => next should be 24 then
                    case 0xA5:     // esp ebp
                    case 0xA6:     // esp esi
                    case 0xA7:     // esp edi

                    // EBP
                    case 0xA8:     // ebp eax
                    case 0xA9:     // ebp ecx
                    case 0xAA:     // ebp edx
                    case 0xAB:     // ebp ebx
                    case 0xAC:     // ebp esp => next should be 24 then
                    case 0xAD:     // ebp ebp
                    case 0xAE:     // ebp esi
                    case 0xAF:     // ebp edi

                    // ESI
                    case 0xB0:     // esi eax
                    case 0xB1:     // esi ecx
                    case 0xB2:     // esi edx
                    case 0xB3:     // esi ebx
                    case 0xB4:     // esi esp => next should be 24 then
                    case 0xB5:     // esi ebp
                    case 0xB6:     // esi esi
                    case 0xB7:     // esi edi

                    // EDI
                    case 0xB8:     // edi eax
                    case 0xB9:     // edi ecx
                    case 0xBA:     // edi edx
                    case 0xBB:     // edi ebx
                    case 0xBC:     // edi esp => next should be 24 then
                    case 0xBD:     // edi ebp
                    case 0xBE:     // edi esi
                    case 0xBF:     // edi edi
                    {
                        int         s              = next - 0xC0;
                        x32Register firstRegister  = (x32Register)(s / 8);
                        x32Register secondRegister = (x32Register)((int)(s - ((byte)firstRegister * 8)));
                        DWORD       VARIABLE;

                        if (next == 0x84 || next == 0x8C ||
                            next == 0x94 || next == 0x9C ||
                            next == 0xA4 || next == 0xAC ||
                            next == 0xB4 || next == 0xBC)
                        {
                            int next2 = FileMemory.ReadByte();
                            if (next2 == 0x24)
                            {
                                VARIABLE = FileMemory.ReadInt32();
                                UpdateRegister();
                                SetRegisterValue(firstRegister, GetRegisterValueByEnum(secondRegister));
                                Log.Info("MOV", "%s, [%s+0x%lx]", Utils.RegisterToString(firstRegister), Utils.RegisterToString(secondRegister), VARIABLE);
                                return;
                            }
                        }
                        VARIABLE = FileMemory.ReadInt32();
                        UpdateRegister();
                        SetRegisterValue(firstRegister, GetRegisterValueByEnum(secondRegister));
                        Log.Info("MOV", "%s, [%s+0x%lx]", Utils.RegisterToString(firstRegister), Utils.RegisterToString(secondRegister), VARIABLE);
                        break;
                    }


                    // MOV REGISTER, [VARIABLE]
                    case 0x0D:
                    case 0x15:
                    case 0x1D:
                    case 0x25:
                    case 0x2D:
                    case 0x35:
                    case 0x3D:
                    {
                        DWORD READ_FROM = FileMemory.ReadInt32() - BaseAddress_Assembly + HeaderSize;
                        DWORD PROCEDURE = FileMemory.ReadInt32(READ_FROM);

                        UpdateRegister();
                        Log.Info("MOV", "EAX, [0x%lx] => 0x%lx", READ_FROM, PROCEDURE);

                        SetRegisterValue(x32Register.ECX, PROCEDURE);
                        break;
                    }


                    // MOV REGISTER, REGISTER
                    // EAX
                    case 0xC0:
                    case 0xC1:
                    case 0xC2:
                    case 0xC3:
                    case 0xC4:
                    case 0xC5:
                    case 0xC6:
                    case 0xC7:

                    // ECX
                    case 0xC8:
                    case 0xC9:
                    case 0xCA:
                    case 0xCB:
                    case 0xCC:
                    case 0xCD:
                    case 0xCE:
                    case 0xCF:

                    // EDX
                    case 0xD0:
                    case 0xD1:
                    case 0xD2:
                    case 0xD3:
                    case 0xD4:
                    case 0xD5:
                    case 0xD6:
                    case 0xD7:

                    // EBX
                    case 0xD8:
                    case 0xD9:
                    case 0xDA:
                    case 0xDB:
                    case 0xDC:
                    case 0xDD:
                    case 0xDE:
                    case 0xDF:


                    // ESP
                    case 0xE0:
                    case 0xE1:
                    case 0xE2:
                    case 0xE3:
                    case 0xE4:
                    case 0xE5:
                    case 0xE6:
                    case 0xE7:

                    // EBP
                    case 0xE8:
                    case 0xE9:
                    case 0xEA:
                    case 0xEB:
                    case 0xEC:
                    case 0xED:
                    case 0xEE:
                    case 0xEF:

                    // ESI
                    case 0xF0:
                    case 0xF1:
                    case 0xF2:
                    case 0xF3:
                    case 0xF4:
                    case 0xF5:
                    case 0xF6:
                    case 0xF7:

                    // EDI
                    case 0xF8:
                    case 0xF9:
                    case 0xFA:
                    case 0xFB:
                    case 0xFC:
                    case 0xFD:
                    case 0xFE:
                    case 0xFF:
                    {
                        int s = next - 0xC0;
                        UpdateRegister();
                        x32Register firstRegister  = (x32Register)(s / 8);
                        x32Register secondRegister = (x32Register)((int)(s - ((byte)firstRegister * 8)));
                        SetRegisterValue(firstRegister, GetRegisterValueByEnum(secondRegister));
                        Log.Info("MOV", "%s, %s", Utils.RegisterToString(firstRegister), Utils.RegisterToString(secondRegister));
                        break;
                    }
                    }
                }
                #endregion

                #region PUSH VALUE
                else if (opcode == 0x6A)
                {
                    byte VALUE = FileMemory.ReadByte();
                    UpdateRegister();

                    Log.Info("PUSH", "0x%lx", VALUE);
                }
                #endregion

                #region PUSH VARIABLE
                else if (opcode == 0x68)
                {
                    DWORD VALUE = FileMemory.ReadInt32();
                    UpdateRegister();
                    Log.Info("PUSH", "0x%lx", VALUE);
                }
                #endregion

                #region POP REGISTER
                else if (opcode == 0x58 ||
                         opcode == 0x59 ||
                         opcode == 0x5A ||
                         opcode == 0x5B ||
                         opcode == 0x5C ||
                         opcode == 0x5D ||
                         opcode == 0x5E ||
                         opcode == 0x5F)
                {
                    UpdateRegister();
                    Log.Info("POP", "%s", Utils.RegisterToString(Utils.ByteToRegister(opcode, 0x58)));
                }
                #endregion

                #region RETURN
                else if (opcode == 0xC3)
                {
                    UpdateRegister();
                    Log.Info("RETN", "");

                    if (LastMachine == null)
                    {
                        Log.Info("Virtual Machine", "The Virtual Machine ended the current File.");
                        _Executing = false;
                        return;
                    }
                    else
                    {
                        Log.DirectPrint("=============================");
                        Log.DirectPrint("Returning to the Last Virtual Machine.");
                        Log.DirectPrint("Machine = %i", FirstMachine.MachineIndex);
                        Log.DirectPrint("=============================");

                        FirstMachine.MachineIndex--;
                        _Executing             = false;
                        LastMachine._Executing = true;
                        return;
                    }
                }
                #endregion

                #region RETURN VALUE
                else if (opcode == 0xC2)
                {
                    Int16 VALUE = FileMemory.ReadInt16();
                    UpdateRegister();

                    Log.Info("RETN", "0x%lx", VALUE);

                    if (LastMachine == null)
                    {
                        Log.Info("Virtual Machine", "The Virtual Machine ended the current File.");
                        _Executing = false;
                        return;
                    }
                    else
                    {
                        Log.DirectPrint("=============================");
                        Log.DirectPrint("Returning to the Last Virtual Machine.");
                        Log.DirectPrint("Machine = %i", FirstMachine.MachineIndex);
                        Log.DirectPrint("=============================");

                        FirstMachine.MachineIndex--;
                        _Executing             = false;
                        LastMachine._Executing = true;
                        return;
                    }
                }
                #endregion

                #region INT3
                else if (opcode == 0xCC)
                {
                    UpdateRegister();

                    Log.Info("INT3", "");

                    _Executing = false;
                }
                #endregion

                else
                {
                    Log.Error("Virtual Machine", "0x%lx is a Unknown Byte at 0x%lx!", opcode, FileMemory.Position);
                    _Executing = false;
                    return;
                }
            }
        }
示例#4
0
 private void Button_RTest(object sender, VirtualScreen e)
 {
     vme = new VM_Executor(@"E:\VisualStudios\VM\VM\bin\Debug\basic_test.compiled");
     //auto run. :)
 }