[
  {
    "path": "LICENSE",
    "content": "MIT License\n\nCopyright (c) 2020 NIMA\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
  },
  {
    "path": "README.md",
    "content": "# x86 Code Virtualizer (Code Obfuscator)\n\nOpen-source and lite application to obfuscate binary codes and makes challenge for reverse engineers to understand code.\n\n<a href=\"http://uupload.ir/\" target=\"_blank\"><img src=\"http://uupload.ir/files/o6bn_2020-09-03_012505.jpg\" border=\"0\" /></a>\n\n\nFeatures\n-------\n\nProtect and obfuscate sensitive area of code using virtual machine protection ( translation of byte-code to PCode and run them inside Virtual Machine )\n Project has been writen in Microsoft VC++ & little pure asm code and uses BeaEngine as disassembler engine. It's not enough secure to use in commercial projects so try to learn how it works and make it better.\n\nSupported x86 opcodes :\n\n\t\tMov,Call,Push,Pop,Jump,Inc,Add,Xor,Cmp,Shl,Shr,Not,Or,Sub,Conditional Jumps.\n\n\nContact\n-------\t\n\nEmail : nima.nikjoo@gmail.com\n\nTwitter : https://twitter.com/N_Nikjoo\n\nLinkedIn : https://www.linkedin.com/in/nimanikjoo/\n\n___________________\n\nPublished under MIT License\n"
  },
  {
    "path": "VM Project/BEAInclude/basic_types.h",
    "content": "/**\n * @file   basic_types.h\n * @author  <igor.gutnik@gmail.com>\n * @date   Thu Dec 24 19:31:22 2009\n * \n * @brief  Definitions of fixed-size integer types for various platforms\n *\n * This file is part of BeaEngine.\n *\n *    BeaEngine is free software: you can redistribute it and/or modify\n *    it under the terms of the GNU Lesser General Public License as published by\n *    the Free Software Foundation, either version 3 of the License, or\n *    (at your option) any later version.\n *\n *    BeaEngine is distributed in the hope that it will be useful,\n *    but WITHOUT ANY WARRANTY; without even the implied warranty of\n *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n *    GNU Lesser General Public License for more details.\n *\n *    You should have received a copy of the GNU Lesser General Public License\n *    along with BeaEngine.  If not, see <http://www.gnu.org/licenses/>. */\n\n#ifndef __BEA_BASIC_TYPES_HPP__\n#define __BEA_BASIC_TYPES_HPP__\n\n#include <stddef.h>\n\n#if defined(__GNUC__) || defined (__INTEL_COMPILER) || defined(__LCC__)\n#include <stdint.h>\n#endif\n\n#if defined(_MSC_VER)\n\t/*\n\t* Windows/Visual C++\n\t*/\n\ttypedef signed char            Int8;\n\ttypedef unsigned char          UInt8;\n\ttypedef signed short           Int16;\n\ttypedef unsigned short         UInt16;\n\ttypedef signed int             Int32;\n\ttypedef unsigned int           UInt32;\n\ttypedef signed __int64         Int64;\n\ttypedef unsigned __int64       UInt64;\n\t#if defined(_WIN64)\n\t\t#define BEA_PTR_IS_64_BIT 1\n\t\ttypedef signed __int64     IntPtr;\n\t\ttypedef unsigned __int64   UIntPtr;\n\t#else\n\t\ttypedef signed long        IntPtr;\n\t\ttypedef size_t             UIntPtr;\n\t#endif\n\t#define BEA_HAVE_INT64 1\n#elif defined(__GNUC__) || defined(__LCC__)\n\t/*\n\t* Unix/GCC\n\t*/\n\ttypedef signed char            Int8;\n\ttypedef unsigned char          UInt8;\n\ttypedef signed short           Int16;\n\ttypedef unsigned short         UInt16;\n\ttypedef signed int             Int32;\n\ttypedef unsigned int           UInt32;\n\ttypedef intptr_t               IntPtr;\n\ttypedef uintptr_t              UIntPtr;\n\t#if defined(__LP64__)\n\t\t#define BEA_PTR_IS_64_BIT 1\n\t\t#define BEA_LONG_IS_64_BIT 1\n\t\ttypedef signed long        Int64;\n\t\ttypedef unsigned long      UInt64;\n\t#else\n             #if defined (__INTEL_COMPILER) || defined (__ICC) || defined (_ICC)\n\t\ttypedef __int64           Int64;\n\t\ttypedef unsigned __int64  UInt64;\n             #else\n\t\ttypedef signed long long   Int64;\n\t\ttypedef unsigned long long UInt64;\n             #endif\n\t#endif\n\t#define BEA_HAVE_INT64 1\n#elif defined(__DECCXX)\n\t/*\n\t* Compaq C++\n\t*/\n\ttypedef signed char            Int8;\n\ttypedef unsigned char          UInt8;\n\ttypedef signed short           Int16;\n\ttypedef unsigned short         UInt16;\n\ttypedef signed int             Int32;\n\ttypedef unsigned int           UInt32;\n\ttypedef signed __int64         Int64;\n\ttypedef unsigned __int64       UInt64;\n\t#if defined(__VMS)\n\t\t#if defined(__32BITS)\n\t\t\ttypedef signed long    IntPtr;\n\t\t\ttypedef unsigned long  UIntPtr;\n\t\t#else\n\t\t\ttypedef Int64          IntPtr;\n\t\t\ttypedef UInt64         UIntPtr;\n\t\t\t#define BEA_PTR_IS_64_BIT 1\n\t\t#endif\n\t#else\n\t\ttypedef signed long        IntPtr;\n\t\ttypedef unsigned long      UIntPtr;\n\t\t#define BEA_PTR_IS_64_BIT 1\n\t\t#define BEA_LONG_IS_64_BIT 1\n\t#endif\n\t#define BEA_HAVE_INT64 1\n#elif defined(__HP_aCC)\n\t/*\n\t* HP Ansi C++\n\t*/\n\ttypedef signed char            Int8;\n\ttypedef unsigned char          UInt8;\n\ttypedef signed short           Int16;\n\ttypedef unsigned short         UInt16;\n\ttypedef signed int             Int32;\n\ttypedef unsigned int           UInt32;\n\ttypedef signed long            IntPtr;\n\ttypedef unsigned long          UIntPtr;\n\t#if defined(__LP64__)\n\t\t#define BEA_PTR_IS_64_BIT 1\n\t\t#define BEA_LONG_IS_64_BIT 1\n\t\ttypedef signed long        Int64;\n\t\ttypedef unsigned long      UInt64;\n\t#else\n\t\ttypedef signed long long   Int64;\n\t\ttypedef unsigned long long UInt64;\n\t#endif\n\t#define BEA_HAVE_INT64 1\n#elif defined(__SUNPRO_CC) || defined(__SUNPRO_C)\n\t/*\n\t* SUN Forte C++\n\t*/\n\ttypedef signed char            Int8;\n\ttypedef unsigned char          UInt8;\n\ttypedef signed short           Int16;\n\ttypedef unsigned short         UInt16;\n\ttypedef signed int             Int32;\n\ttypedef unsigned int           UInt32;\n\ttypedef signed long            IntPtr;\n\ttypedef unsigned long          UIntPtr;\n\t#if defined(__sparcv9)\n\t\t#define BEA_PTR_IS_64_BIT 1\n\t\t#define BEA_LONG_IS_64_BIT 1\n\t\ttypedef signed long        Int64;\n\t\ttypedef unsigned long      UInt64;\n\t#else\n\t\ttypedef signed long long   Int64;\n\t\ttypedef unsigned long long UInt64;\n\t#endif\n\t#define BEA_HAVE_INT64 1\n#elif defined(__IBMCPP__) \n\t/*\n\t* IBM XL C++\n\t*/\n\ttypedef signed char            Int8;\n\ttypedef unsigned char          UInt8;\n\ttypedef signed short           Int16;\n\ttypedef unsigned short         UInt16;\n\ttypedef signed int             Int32;\n\ttypedef unsigned int           UInt32;\n\ttypedef signed long            IntPtr;\n\ttypedef unsigned long          UIntPtr;\n\t#if defined(__64BIT__)\n\t\t#define BEA_PTR_IS_64_BIT 1\n\t\t#define BEA_LONG_IS_64_BIT 1\n\t\ttypedef signed long        Int64;\n\t\ttypedef unsigned long      UInt64;\n\t#else\n\t\ttypedef signed long long   Int64;\n\t\ttypedef unsigned long long UInt64;\n\t#endif\n\t#define BEA_HAVE_INT64 1\n#elif defined(__BORLANDC__)\n       /*\n\t* Borland C/C++\n\t*/\n\ttypedef signed char            Int8;\n\ttypedef unsigned char          UInt8;\n\ttypedef signed short           Int16;\n\ttypedef unsigned short         UInt16;\n\ttypedef signed int             Int32;\n\ttypedef unsigned int           UInt32;\n    typedef unsigned __int64       Int64;\n    typedef signed __int64         UInt64;\n\ttypedef unsigned long          UIntPtr;\n    #define BEA_HAVE_INT64 1\n#elif defined(__WATCOMC__)\n       /*\n\t* Watcom C/C++\n\t*/\n\ttypedef signed char            Int8;\n\ttypedef unsigned char          UInt8;\n\ttypedef signed short           Int16;\n\ttypedef unsigned short         UInt16;\n\ttypedef signed int             Int32;\n\ttypedef unsigned int           UInt32;\n    typedef unsigned __int64       Int64;\n    typedef signed __int64         UInt64;\n    #define BEA_HAVE_INT64 1\n\ttypedef size_t                 UIntPtr;\n#elif defined(__sgi) \n\t/*\n\t* MIPSpro C++\n\t*/\n\ttypedef signed char            Int8;\n\ttypedef unsigned char          UInt8;\n\ttypedef signed short           Int16;\n\ttypedef unsigned short         UInt16;\n\ttypedef signed int             Int32;\n\ttypedef unsigned int           UInt32;\n\ttypedef signed long            IntPtr;\n\ttypedef unsigned long          UIntPtr;\n\t#if _MIPS_SZLONG == 64\n\t\t#define BEA_PTR_IS_64_BIT 1\n\t\t#define BEA_LONG_IS_64_BIT 1\n\t\ttypedef signed long        Int64;\n\t\ttypedef unsigned long      UInt64;\n\t#else\n\t\ttypedef signed long long   Int64;\n\t\ttypedef unsigned long long UInt64;\n\t#endif\n\t#define BEA_HAVE_INT64 1\n#endif\n\n#if defined(_MSC_VER) || defined(__BORLANDC__)\n\t#define W64LIT(x) x##ui64\n#else\n\t#define W64LIT(x) x##ULL\n#endif \n\n\n#ifndef C_STATIC_ASSERT\n#define C_STATIC_ASSERT(tag_name, x)            \\\n       typedef int cache_static_assert_ ## tag_name[(x) * 2-1]\n#endif\n\nC_STATIC_ASSERT(sizeof_Int8 , (sizeof(Int8)  == 1));\nC_STATIC_ASSERT(sizeof_UInt8, (sizeof(UInt8) == 1));\n\nC_STATIC_ASSERT(sizeof_Int16 , (sizeof(Int16)  == 2));\nC_STATIC_ASSERT(sizeof_UInt16, (sizeof(UInt16) == 2));\n\nC_STATIC_ASSERT(sizeof_Int32 , (sizeof(Int32)  == 4));\nC_STATIC_ASSERT(sizeof_UInt32, (sizeof(UInt32) == 4));\n\nC_STATIC_ASSERT(sizeof_Int64 , (sizeof(Int64)  == 8));\nC_STATIC_ASSERT(sizeof_UInt64, (sizeof(UInt64) == 8));\n\n#endif \n"
  },
  {
    "path": "VM Project/BEAInclude/export.h",
    "content": "/**\n * @file   export.h\n * @author igor.gutnik@gmail.com\n * @date   Mon Sep 22 09:28:54 2008\n *\n * @brief  This file sets things up for C dynamic library function definitions and\n *         static inlined functions\n *\n * This file is part of BeaEngine.\n *\n *    BeaEngine is free software: you can redistribute it and/or modify\n *    it under the terms of the GNU Lesser General Public License as published by\n *    the Free Software Foundation, either version 3 of the License, or\n *    (at your option) any later version.\n *\n *    BeaEngine is distributed in the hope that it will be useful,\n *    but WITHOUT ANY WARRANTY; without even the implied warranty of\n *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n *    GNU Lesser General Public License for more details.\n *\n *    You should have received a copy of the GNU Lesser General Public License\n *    along with BeaEngine.  If not, see <http://www.gnu.org/licenses/>. */\n\n#ifndef __BEA_EXPORT_H__\n#define __BEA_EXPORT_H__\n\n\n/*  Set up for C function definitions, even when using C++ */\n\n#ifdef __cplusplus\n#define CPP_VISIBLE_BEGIN extern \"C\" {\n#define CPP_VISIBLE_END }\n#else\n#define CPP_VISIBLE_BEGIN\n#define CPP_VISIBLE_END\n#endif\n\n#if defined(_MSC_VER)\n#pragma warning( disable: 4251 )\n#endif\n\n/* Some compilers use a special export keyword */\n#ifndef bea__api_export__\n# if defined(__BEOS__)\n#  if defined(__GNUC__)\n#   define bea__api_export__\t\t__declspec(dllexport)\n#  else\n#   define bea__api_export__\t\t__declspec(export)\n#  endif\n# elif defined(_WIN32) || defined(_WIN64)\n#  ifdef __BORLANDC__\n#    define bea__api_export__   __declspec(dllexport)\n#    define bea__api_import__ \t__declspec(dllimport)\n#  elif defined(__WATCOMC__)\n#    define bea__api_export__\t__declspec(dllexport)\n#    define bea__api_import__\n#  else\n#   define bea__api_export__\t\t__declspec(dllexport)\n#   define bea__api_import__\t\t__declspec(dllimport)\n#  endif\n# elif defined(__OS2__)\n#  ifdef __WATCOMC__\n#    define bea__api_export__\t__declspec(dllexport)\n#    define bea__api_import__\n#  else\n#   define bea__api_export__\n#   define bea__api_import__\n#  endif\n# else\n#  if defined(_WIN32) && defined(__GNUC__) && __GNUC__ >= 4\n#   define bea__api_export__\t\t__attribubea__ ((visibility(\"default\")))\n#   define bea__api_import__\t\t__attribubea__ ((visibility(\"default\")))\n#  else\n#   define bea__api_export__\n#   define bea__api_import__\n#  endif\n# endif\n#endif\n\n/* Use C calling convention by default*/\n\n#ifndef __bea_callspec__\n#if defined(BEA_USE_STDCALL)\n    #if defined(__WIN32__) || defined(WIN32) || defined(_WIN32) || defined(_WIN64)\n        #if defined(__BORLANDC__) || defined(__WATCOMC__) || defined(_MSC_VER) || defined(__MINGW32__) || defined(__POCC__)\n            #define __bea_callspec__\t __stdcall\n        #else\n            #define __bea_callspec__\n        #endif\n    #else\n       #ifdef __OS2__\n          #define __bea_callspec__ _System\n       #else\n          #define __bea_callspec__\n       #endif\n    #endif\n#else\n    #define __bea_callspec__\n#endif\n#endif\n\n#ifdef __SYMBIAN32__\n#\tifndef EKA2\n#\t\tundef bea__api_export__\n#\t\tundef bea__api_import__\n#\t\tdefine bea__api_export__\n#\t\tdefine bea__api_import__\n#\telif !defined(__WINS__)\n#\t\tundef bea__api_export__\n#\t\tundef bea__api_import__\n#\t\tdefine bea__api_export__ __declspec(dllexport)\n#\t\tdefine bea__api_import__ __declspec(dllexport)\n#\tendif /* !EKA2 */\n#endif /* __SYMBIAN32__ */\n\n\n#if defined(__GNUC__) && (__GNUC__ > 2)\n#define BEA_EXPECT_CONDITIONAL(c)    (__builtin_expect((c), 1))\n#define BEA_UNEXPECT_CONDITIONAL(c)  (__builtin_expect((c), 0))\n#else\n#define BEA_EXPECT_CONDITIONAL(c)    (c)\n#define BEA_UNEXPECT_CONDITIONAL(c)  (c)\n#endif\n\n\n/* Set up compiler-specific options for inlining functions */\n#ifndef BEA_HAS_INLINE\n#if defined(__GNUC__) || defined(__POCC__) || defined(__WATCOMC__) || defined(__SUNPRO_C)\n#define BEA_HAS_INLINE\n#else\n/* Add any special compiler-specific cases here */\n#if defined(_MSC_VER) || defined(__BORLANDC__) ||\t\\\n  defined(__DMC__) || defined(__SC__) ||\t\t\\\n  defined(__WATCOMC__) || defined(__LCC__) ||\t\t\\\n  defined(__DECC) || defined(__EABI__)\n#ifndef __inline__\n#define __inline__\t__inline\n#endif\n#define BEA_HAS_INLINE\n#else\n#if !defined(__MRC__) && !defined(_SGI_SOURCE)\n#ifndef __inline__\n#define __inline__ inline\n#endif\n#define BEA_HAS_INLINE\n#endif /* Not a funky compiler */\n#endif /* Visual C++ */\n#endif /* GNU C */\n#endif /* CACHE_HAS_INLINE */\n\n/* If inlining isn't supported, remove \"__inline__\", turning static\n   inlined functions into static functions (resulting in code bloat\n   in all files which include the offending header files)\n*/\n#ifndef BEA_HAS_INLINE\n#define __inline__\n#endif\n\n/* fix a bug with gcc under windows */\n\n#if defined(__WIN32__) || defined(WIN32) || defined(_WIN32) || defined(_WIN64)\n\t#if defined(__MINGW32__)\n\t\t#define const__\t \n\t#else\n\t\t#define const__ const\n\t#endif\n#else\n\t\t#define const__ const\n#endif\n\n\n\n#endif\n"
  },
  {
    "path": "VM Project/BeaEngine.h",
    "content": "#pragma once\n/*  Header for BeaEngine 4.x    */\n#ifndef _BEA_ENGINE_\n#define _BEA_ENGINE_\n\n#include \"BEAInclude/export.h\"\n#include \"BEAInclude/basic_types.h\"\n\n#if !defined(BEA_ENGINE_STATIC)\n\t#if defined(BUILD_BEA_ENGINE_DLL)\n\t\t#define BEA_API bea__api_export__\n\t#else\n\t\t#define BEA_API bea__api_import__\n\t#endif\n#else\n\t#define BEA_API\n#endif\n\n\n#define INSTRUCT_LENGTH 64\n\n#pragma pack(1)\ntypedef struct {\n   UInt8 W_;\n   UInt8 R_;\n   UInt8 X_;\n   UInt8 B_;\n   UInt8 state;\n} REX_Struct  ;\n#pragma pack()\n\n#pragma pack(1)\ntypedef struct {\n   int Number;\n   int NbUndefined;\n   UInt8 LockPrefix;\n   UInt8 OperandSize;\n   UInt8 AddressSize;\n   UInt8 RepnePrefix;\n   UInt8 RepPrefix;\n   UInt8 FSPrefix;\n   UInt8 SSPrefix;\n   UInt8 GSPrefix;\n   UInt8 ESPrefix;\n   UInt8 CSPrefix;\n   UInt8 DSPrefix;\n   UInt8 BranchTaken;\n   UInt8 BranchNotTaken;\n   REX_Struct REX;\n} PREFIXINFO  ;\n#pragma pack()\n\n#pragma pack(1)\ntypedef struct {\n   UInt8 OF_;\n   UInt8 SF_;\n   UInt8 ZF_;\n   UInt8 AF_;\n   UInt8 PF_;\n   UInt8 CF_;\n   UInt8 TF_;\n   UInt8 IF_;\n   UInt8 DF_;\n   UInt8 NT_;\n   UInt8 RF_;\n   UInt8 alignment;\n} EFLStruct  ;\n#pragma pack()\n\n#pragma pack(4)\ntypedef struct {\n   Int32 BaseRegister;\n   Int32 IndexRegister;\n   Int32 Scale;\n   Int64 Displacement;\n} MEMORYTYPE ;\n#pragma pack()\n\n\n#pragma pack(1)\ntypedef struct  {\n   Int32 Category;\n   Int32 Opcode;\n   char Mnemonic[16];\n   Int32 BranchType;\n   EFLStruct Flags;\n   UInt64 AddrValue;\n   Int64 Immediat;\n   UInt32 ImplicitModifiedRegs;\n} INSTRTYPE;\n#pragma pack()\n\n#pragma pack(1)\ntypedef struct  {\n   char ArgMnemonic[32];\n   Int32 ArgType;\n   Int32 ArgSize;\n   Int32 ArgPosition;   \n   UInt32 AccessMode;\n   MEMORYTYPE Memory;\n   UInt32 SegmentReg;\n} ARGTYPE;\n#pragma pack()\n\n\n\n#pragma pack(1)\ntypedef struct _Disasm {\n   UIntPtr EIP;\n   UInt64 VirtualAddr;\n   UInt32 SecurityBlock;\n   char CompleteInstr[INSTRUCT_LENGTH];\n   UInt32 Archi;\n   UInt64 Options;\n   INSTRTYPE Instruction;\n   ARGTYPE Argument1;\n   ARGTYPE Argument2;\n   ARGTYPE Argument3;\n   PREFIXINFO Prefix;\n   UInt32 Reserved_[40];\n} DISASM, *PDISASM, *LPDISASM;\n#pragma pack()\n\n#define ESReg 1\n#define DSReg 2\n#define FSReg 3\n#define GSReg 4\n#define CSReg 5\n#define SSReg 6\n\n#define InvalidPrefix 4\n#define SuperfluousPrefix 2\n#define NotUsedPrefix 0\n#define MandatoryPrefix 8\n#define InUsePrefix 1\n\n#define LowPosition 0\n#define HighPosition 1\n\nenum INSTRUCTION_TYPE\n{\n  GENERAL_PURPOSE_INSTRUCTION   =    0x10000,\n  FPU_INSTRUCTION               =    0x20000,\n  MMX_INSTRUCTION               =    0x40000,\n  SSE_INSTRUCTION               =    0x80000,\n  SSE2_INSTRUCTION              =   0x100000,\n  SSE3_INSTRUCTION              =   0x200000,\n  SSSE3_INSTRUCTION             =   0x400000,\n  SSE41_INSTRUCTION             =   0x800000,\n  SSE42_INSTRUCTION             =  0x1000000,\n  SYSTEM_INSTRUCTION            =  0x2000000,\n  VM_INSTRUCTION                =  0x4000000,\n  UNDOCUMENTED_INSTRUCTION      =  0x8000000,\n  AMD_INSTRUCTION               = 0x10000000,\n  ILLEGAL_INSTRUCTION           = 0x20000000,\n  AES_INSTRUCTION               = 0x40000000,\n  CLMUL_INSTRUCTION             = (int)0x80000000,\n\n\n    DATA_TRANSFER = 0x1,\n    ARITHMETIC_INSTRUCTION,\n    LOGICAL_INSTRUCTION,\n    SHIFT_ROTATE,\n    BIT_UInt8,\n    CONTROL_TRANSFER,\n    STRING_INSTRUCTION,\n    InOutINSTRUCTION,\n    ENTER_LEAVE_INSTRUCTION,\n    FLAG_CONTROL_INSTRUCTION,\n    SEGMENT_REGISTER,\n    MISCELLANEOUS_INSTRUCTION,\n    COMPARISON_INSTRUCTION,\n    LOGARITHMIC_INSTRUCTION,\n    TRIGONOMETRIC_INSTRUCTION,\n    UNSUPPORTED_INSTRUCTION,\n    LOAD_CONSTANTS,\n    FPUCONTROL,\n    STATE_MANAGEMENT,\n    CONVERSION_INSTRUCTION,\n    SHUFFLE_UNPACK,\n    PACKED_SINGLE_PRECISION,\n    SIMD128bits,\n    SIMD64bits,\n    CACHEABILITY_CONTROL,\n    FP_INTEGER_CONVERSION,\n    SPECIALIZED_128bits,\n    SIMD_FP_PACKED,\n    SIMD_FP_HORIZONTAL ,\n    AGENT_SYNCHRONISATION,\n    PACKED_ALIGN_RIGHT  ,\n    PACKED_SIGN,\n    PACKED_BLENDING_INSTRUCTION,\n    PACKED_TEST,\n    PACKED_MINMAX,\n    HORIZONTAL_SEARCH,\n    PACKED_EQUALITY,\n    STREAMING_LOAD,\n    INSERTION_EXTRACTION,\n    DOT_PRODUCT,\n    SAD_INSTRUCTION,\n    ACCELERATOR_INSTRUCTION,    /* crc32, popcnt (sse4.2) */\n    ROUND_INSTRUCTION\n\n};\n\nenum EFLAGS_STATES\n{\n  TE_ = 1,\n  MO_ = 2,\n  RE_ = 4,\n  SE_ = 8,\n  UN_ = 0x10,\n  PR_ = 0x20\n};\n\nenum BRANCH_TYPE\n{\n  JO = 1,\n  JC,\n  JE,\n  JA,\n  JS,\n  JP,\n  JL,\n  JG,\n  JB,\n  JECXZ,\n  JmpType,\n  CallType,\n  RetType,\n  JNO = -1,\n  JNC = -2,\n  JNE = -3,\n  JNA = -4,\n  JNS = -5,\n  JNP = -6,\n  JNL = -7,\n  JNG = -8,\n  JNB = -9\n};\n\nenum ARGUMENTS_TYPE\n{\n  NO_ARGUMENT = 0x10000000,\n  REGISTER_TYPE = 0x20000000,\n  MEMORY_TYPE = 0x40000000,\n  CONSTANT_TYPE = (int)0x80000000,\n\n  MMX_REG = 0x10000,\n  GENERAL_REG = 0x20000,\n  FPU_REG = 0x40000,\n  SSE_REG = 0x80000,\n  CR_REG = 0x100000,\n  DR_REG = 0x200000,\n  SPECIAL_REG = 0x400000,\n  MEMORY_MANAGEMENT_REG = 0x800000,\n  SEGMENT_REG = 0x1000000,\n\n  RELATIVE_ = 0x4000000,\n  ABSOLUTE_ = 0x8000000,\n\n  READ = 0x1,\n  WRITE = 0x2,\n\n  REG0 = 0x1,\n  REG1 = 0x2,\n  REG2 = 0x4,\n  REG3 = 0x8,\n  REG4 = 0x10,\n  REG5 = 0x20,\n  REG6 = 0x40,\n  REG7 = 0x80,\n  REG8 = 0x100,\n  REG9 = 0x200,\n  REG10 = 0x400,\n  REG11 = 0x800,\n  REG12 = 0x1000,\n  REG13 = 0x2000,\n  REG14 = 0x4000,\n  REG15 = 0x8000\n};\n\nenum SPECIAL_INFO\n{\n  UNKNOWN_OPCODE = -1,\n  OUT_OF_BLOCK = 0,\n\n  /* === mask = 0xff */\n  NoTabulation      = 0x00000000,\n  Tabulation        = 0x00000001,\n\n  /* === mask = 0xff00 */\n  MasmSyntax        = 0x00000000,\n  GoAsmSyntax       = 0x00000100,\n  NasmSyntax        = 0x00000200,\n  ATSyntax          = 0x00000400,\n\n  /* === mask = 0xff0000 */\n  PrefixedNumeral   = 0x00010000,\n  SuffixedNumeral   = 0x00000000,\n\n  /* === mask = 0xff000000 */\n  ShowSegmentRegs   = 0x01000000\n};\n\n\n#ifdef __cplusplus\nextern \"C\"\n#endif\n\nint __bea_callspec__ Disasm (LPDISASM pDisAsm);\nBEA_API const__ char* __bea_callspec__ BeaEngineVersion (void);\nBEA_API const__ char* __bea_callspec__ BeaEngineRevision (void);\n#endif\n"
  },
  {
    "path": "VM Project/InstructionLogger.cpp",
    "content": "#include \"stdafx.h\"\r\n#include \"InstructionLogger.h\"\r\n\r\n\r\n// Just log all translated instructions ...\r\n\r\n\r\nCInstructionLogger::CInstructionLogger(CVMHandlerProcessor &HandlerProcessor):iVMHandler(HandlerProcessor)\r\n{\r\n\t\r\n\tLogCount=0;\r\n\tCareCount=0;\r\n\tpOriginalVATable=(PDWORD)malloc(TableMemorySize);\r\n\tpVMVATable=(PDWORD)malloc(TableMemorySize);\r\n\tpMemTable=(PDWORD)malloc(TableMemorySize);\r\n\tpCareTargetAddr=(PDWORD)malloc(TableMemorySize);\r\n\tpCareVMMem=(PDWORD)malloc(TableMemorySize);\r\n}\r\nCInstructionLogger::~CInstructionLogger(void)\r\n{\r\n}\r\nvoid CInstructionLogger::Clear()\r\n{\r\n\tCareCount=0;\r\n\tLogCount=0;\r\n\tZeroMemory(pOriginalVATable,TableMemorySize);\r\n\tZeroMemory(pVMVATable,TableMemorySize);\r\n\tZeroMemory(pMemTable,TableMemorySize);\r\n\tZeroMemory(pCareTargetAddr,TableMemorySize);\r\n\tZeroMemory(pCareVMMem,TableMemorySize);\r\n}\r\nvoid CInstructionLogger::AddToLog(DWORD OriginalVirtualAddr,DWORD VMAddr,LPBYTE MemByte)\r\n{\r\n\tpOriginalVATable[LogCount]=OriginalVirtualAddr;\r\n\tpVMVATable[LogCount]=VMAddr;\r\n\tpMemTable[LogCount]=(DWORD)MemByte;\r\n\tLogCount++;\r\n\r\n}\r\nvoid CInstructionLogger::AddToCare(LPBYTE MemVM,DWORD TargetVAddr)\r\n{\r\n\tpCareVMMem[CareCount]=(DWORD)MemVM;\r\n\tpCareTargetAddr[CareCount]=TargetVAddr;\r\n\tCareCount++;\r\n}\r\nLPBYTE CInstructionLogger::GetMemFromVA(DWORD VirtualAddr)\r\n{\r\n\tLPBYTE iResult=(LPBYTE)0xFFFFFFFF;\r\n\r\n\tfor (DWORD i=0;i<LogCount;i++)\r\n\t\tif (pOriginalVATable[i]==VirtualAddr)\r\n\t\t{\r\n\t\t\tiResult=(LPBYTE)pMemTable[i];\r\n\t\t\tbreak;\r\n\t\t}\r\n\r\n\r\n\t\treturn iResult;\r\n}\r\nvoid CInstructionLogger::FixCare()\r\n{\r\n\tLPBYTE iOpCode;\r\n\tDWORD OriginalVA;\r\n\tDWORD TargetVA;\r\n\tDWORD FoundVMVA;\r\n\tfor (DWORD i=0;i<CareCount;i++)\r\n\t{\r\n\t\tiOpCode=(LPBYTE)pCareVMMem[i];\r\n\t\tTargetVA=pCareTargetAddr[i];\r\n\r\n\t\tfor (DWORD j=0;j<LogCount;j++)\r\n\t\t\tif (pOriginalVATable[j]==TargetVA)\r\n\t\t\t{\r\n\t\t\t\tFoundVMVA=pVMVATable[j];\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\r\n\t\t\t\t*(LPDWORD(&iOpCode[1]))=FoundVMVA;\r\n\t\t\t\t\r\n\r\n\r\n\r\n\t}\r\n\r\n}"
  },
  {
    "path": "VM Project/InstructionLogger.h",
    "content": "#pragma once\r\n#include\"VMHandlerProcessor.h\"\r\n#include <vector>\r\n#define TableMemorySize 0x10000\r\nclass CInstructionLogger\r\n{\r\nprivate:\r\n\tCVMHandlerProcessor &iVMHandler;\r\npublic:\r\n\r\n\tDWORD LogCount;\r\n\tDWORD CareCount;\r\n\r\n\tLPDWORD pOriginalVATable;\r\n\tLPDWORD pVMVATable;\r\n\tLPDWORD pMemTable;\r\n\r\n\tLPDWORD pCareVMMem;\r\n\tLPDWORD pCareTargetAddr;\r\n\r\n\tvoid Clear();\r\n\tvoid AddToLog(DWORD OriginalVirtualAddr,DWORD VMAddr,LPBYTE MemByte);\r\n\tvoid AddToCare(LPBYTE MemVM,DWORD TargetVAddr);\r\n\tLPBYTE GetMemFromVA(DWORD VirtualAddr);\r\n\r\n\tCInstructionLogger(CVMHandlerProcessor &HandlerProcessor);\r\n\t~CInstructionLogger(void);\r\n\tvoid FixCare();\r\n};\r\n\r\n"
  },
  {
    "path": "VM Project/PEInjector.cpp",
    "content": "#include \"stdafx.h\"\r\n#include \"PEInjector.h\"\r\n\r\n// This Class Used to Read PE data and add some data to it\r\n// this data can stored as new section or any thing else\r\n\r\nCPEInjector::CPEInjector(void)\r\n{\r\n\tpPEBytes=0;\r\n\tpOverlay=0;\r\n\tOverlaySize=0;\r\n\tPEFileSize=0;\r\n\t\r\n}\r\n\r\n\r\nCPEInjector::~CPEInjector(void)\r\n{\r\n}\r\n\r\nvoid CPEInjector::LoadFile(LPWSTR iFile)\r\n{\r\n\tif (pPEBytes)\r\n\t\tdelete[] pPEBytes;\r\n\tif (pOverlay)\r\n\t\tdelete[] pOverlay;\r\n\tHANDLE hFile;\r\n\tDWORD tmp;\r\n\r\n\thFile=CreateFileW(iFile,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);\r\n\tPEFileSize=GetFileSize(hFile,0);\r\n\tpPEBytes=(LPBYTE)malloc(PEFileSize);\r\n\tReadFile(hFile,pPEBytes,PEFileSize,&tmp,0);\r\n\tCloseHandle(hFile);\r\n\r\n\tDOSHeader=(PIMAGE_DOS_HEADER)pPEBytes;\r\n\tNTHeader=(PIMAGE_NT_HEADERS)(pPEBytes + DOSHeader->e_lfanew);\r\n\tSectionHeader=(PIMAGE_SECTION_HEADER)((LPBYTE)&(NTHeader->OptionalHeader) + NTHeader->FileHeader.SizeOfOptionalHeader);\r\n\r\n\r\n}\r\nDWORD CPEInjector::GetNewSectionVA()\r\n{\r\n\tDWORD NewVA;\r\n\tNewVA=SectionHeader[NTHeader->FileHeader.NumberOfSections-1].VirtualAddress +  SectionHeader[NTHeader->FileHeader.NumberOfSections-1].Misc.VirtualSize;\r\n\tNewVA=AlignSize(NewVA,NTHeader->OptionalHeader.SectionAlignment);\r\n\tNewVA+=NTHeader->OptionalHeader.ImageBase;\r\n\treturn NewVA;\r\n\r\n}\r\nDWORD CPEInjector::GetNewSectionOffset()\r\n{\r\n\tDWORD NewOffset;\r\n\tNewOffset=SectionHeader[NTHeader->FileHeader.NumberOfSections-1].PointerToRawData +  SectionHeader[NTHeader->FileHeader.NumberOfSections-1].SizeOfRawData;\r\n\tNewOffset=AlignSize(NewOffset,NTHeader->OptionalHeader.FileAlignment);\r\n\t\r\n\treturn NewOffset;\r\n\r\n}\r\nvoid CPEInjector:: AddNewSection(LPBYTE SectionMem,size_t MemSize)\r\n{\r\n\tchar SectionName[8]=\".XVM\";\r\n\tDWORD NewRVA=GetNewSectionVA()-NTHeader->OptionalHeader.ImageBase;\r\n\tDWORD NewOffset=GetNewSectionOffset();\r\n\tDWORD NewSize=AlignSize(MemSize,NTHeader->OptionalHeader.SectionAlignment);\r\n\tDWORD i=NTHeader->FileHeader.NumberOfSections;\r\n\r\n\tSectionHeader[i].Characteristics=0xE00000A0;\r\n\tSectionHeader[i].Misc.VirtualSize=NewSize;\r\n\tSectionHeader[i].SizeOfRawData=NewSize;\r\n\tSectionHeader[i].VirtualAddress=NewRVA;\r\n\tSectionHeader[i].PointerToRawData=NewOffset;\r\n\tCopyMemory(SectionHeader[i].Name,SectionName,8);\r\n\r\n\tNTHeader->FileHeader.NumberOfSections++;\r\n\tNTHeader->OptionalHeader.SizeOfImage+=NewSize;\r\n\r\n\tNewSectionMem=SectionMem;\r\n\tNewSectionSize=MemSize;\r\n\r\n}\r\nvoid CPEInjector:: SaveFile(LPSTR destAddr)\r\n{\r\n\tHANDLE hFile;\r\n\tDWORD tmp;\r\n\thFile=CreateFileA(destAddr,GENERIC_WRITE,FILE_SHARE_READ,0,CREATE_ALWAYS,0,0);\r\n\tWriteFile(hFile,pPEBytes,PEFileSize,&tmp,0);\r\n\tWriteFile(hFile,NewSectionMem,NewSectionSize,&tmp,0);\r\n\tCloseHandle(hFile);\r\n}\r\nDWORD CPEInjector:: AlignSize(DWORD dwSize, DWORD dwAlign) \r\n{\r\n\treturn (dwSize + (dwAlign - ((dwSize % dwAlign) ? (dwSize % dwAlign) : dwAlign)));\r\n}\r\nDWORD CPEInjector::FindSectionNum(DWORD VA)\r\n{\r\n\tVA-=NTHeader->OptionalHeader.ImageBase;\r\n\r\n\tfor (int i=0;i<NTHeader->FileHeader.NumberOfSections;i++)\r\n\t{\r\n\t\tif (VA>=SectionHeader[i].VirtualAddress && VA<(SectionHeader[i].VirtualAddress + SectionHeader[i].Misc.VirtualSize))\r\n\t\t\treturn i;\r\n\t}\r\n\r\n\treturn -1;\r\n\r\n}\r\nDWORD CPEInjector::V2O(DWORD VA)\r\n{\r\n\t\r\n\tint i=FindSectionNum(VA);\r\n\tif (i!=-1)\r\n\t{\r\n\t\tVA-=NTHeader->OptionalHeader.ImageBase;\r\n\t\tVA-=SectionHeader[i].VirtualAddress;\r\n\t\tVA+=SectionHeader[i].PointerToRawData;\r\n\t\treturn VA;\r\n\t}\r\n\r\n\treturn -1;\r\n}"
  },
  {
    "path": "VM Project/PEInjector.h",
    "content": "#pragma once\r\n#include <iostream>\r\n#include <Windows.h>\r\n\r\nusing namespace std;\r\n\r\nclass CPEInjector\r\n{\r\npublic:\r\n\tLPWSTR strFileName;\r\n\tCPEInjector(void);\r\n\t~CPEInjector(void);\r\n\tvoid LoadFile(LPWSTR);\r\n\tDWORD GetNewSectionVA();\r\n\tDWORD GetNewSectionOffset();\r\n\tvoid AddNewSection(LPBYTE,size_t Size);\r\n\tDWORD AlignSize(DWORD,DWORD);\r\n\tvoid SaveFile(LPSTR);\r\n\tDWORD FindSectionNum(DWORD VA);\r\n\tDWORD V2O(DWORD VA);\r\n\tLPBYTE pPEBytes;\r\n\tsize_t PEFileSize;\r\n\tLPBYTE pOverlay;\r\n\tsize_t OverlaySize;\r\n\tLPBYTE NewSectionMem;\r\n\tsize_t NewSectionSize;\r\n\r\n\tPIMAGE_DOS_HEADER DOSHeader;\r\n\tPIMAGE_NT_HEADERS NTHeader;\r\n\tPIMAGE_SECTION_HEADER SectionHeader;\r\n\t\r\n\t\r\n};\r\n\r\n"
  },
  {
    "path": "VM Project/VM Project.cpp",
    "content": "\r\n// VM Project.cpp : Defines the class behaviors for the application.\r\n//\r\n\r\n#include \"stdafx.h\"\r\n#include \"VM Project.h\"\r\n#include \"VM ProjectDlg.h\"\r\n\r\n#ifdef _DEBUG\r\n#define new DEBUG_NEW\r\n#endif\r\n\r\n\r\n// CVMProjectApp\r\n\r\nBEGIN_MESSAGE_MAP(CVMProjectApp, CWinApp)\r\n\tON_COMMAND(ID_HELP, &CWinApp::OnHelp)\r\nEND_MESSAGE_MAP()\r\n\r\n\r\n// CVMProjectApp construction\r\n\r\nCVMProjectApp::CVMProjectApp()\r\n{\r\n\t// support Restart Manager\r\n\tm_dwRestartManagerSupportFlags = AFX_RESTART_MANAGER_SUPPORT_RESTART;\r\n\r\n\t// TODO: add construction code here,\r\n\t// Place all significant initialization in InitInstance\r\n}\r\n\r\n\r\n// The one and only CVMProjectApp object\r\n\r\nCVMProjectApp theApp;\r\n\r\n\r\n// CVMProjectApp initialization\r\n\r\nBOOL CVMProjectApp::InitInstance()\r\n{\r\n\t// InitCommonControlsEx() is required on Windows XP if an application\r\n\t// manifest specifies use of ComCtl32.dll version 6 or later to enable\r\n\t// visual styles.  Otherwise, any window creation will fail.\r\n\tINITCOMMONCONTROLSEX InitCtrls;\r\n\tInitCtrls.dwSize = sizeof(InitCtrls);\r\n\t// Set this to include all the common control classes you want to use\r\n\t// in your application.\r\n\tInitCtrls.dwICC = ICC_WIN95_CLASSES;\r\n\tInitCommonControlsEx(&InitCtrls);\r\n\r\n\tCWinApp::InitInstance();\r\n\r\n\r\n\t// Create the shell manager, in case the dialog contains\r\n\t// any shell tree view or shell list view controls.\r\n\tCShellManager *pShellManager = new CShellManager;\r\n\r\n\t// Activate \"Windows Native\" visual manager for enabling themes in MFC controls\r\n\tCMFCVisualManager::SetDefaultManager(RUNTIME_CLASS(CMFCVisualManagerWindows));\r\n\r\n\t// Standard initialization\r\n\t// If you are not using these features and wish to reduce the size\r\n\t// of your final executable, you should remove from the following\r\n\t// the specific initialization routines you do not need\r\n\t// Change the registry key under which our settings are stored\r\n\t// TODO: You should modify this string to be something appropriate\r\n\t// such as the name of your company or organization\r\n\tSetRegistryKey(_T(\"Local AppWizard-Generated Applications\"));\r\n\r\n\tCVMProjectDlg dlg;\r\n\tm_pMainWnd = &dlg;\r\n\tINT_PTR nResponse = dlg.DoModal();\r\n\tif (nResponse == IDOK)\r\n\t{\r\n\t\t// TODO: Place code here to handle when the dialog is\r\n\t\t//  dismissed with OK\r\n\t}\r\n\telse if (nResponse == IDCANCEL)\r\n\t{\r\n\t\t// TODO: Place code here to handle when the dialog is\r\n\t\t//  dismissed with Cancel\r\n\t}\r\n\telse if (nResponse == -1)\r\n\t{\r\n\t\tTRACE(traceAppMsg, 0, \"Warning: dialog creation failed, so application is terminating unexpectedly.\\n\");\r\n\t\tTRACE(traceAppMsg, 0, \"Warning: if you are using MFC controls on the dialog, you cannot #define _AFX_NO_MFC_CONTROLS_IN_DIALOGS.\\n\");\r\n\t}\r\n\r\n\t// Delete the shell manager created above.\r\n\tif (pShellManager != NULL)\r\n\t{\r\n\t\tdelete pShellManager;\r\n\t}\r\n\r\n\t// Since the dialog has been closed, return FALSE so that we exit the\r\n\t//  application, rather than start the application's message pump.\r\n\treturn FALSE;\r\n}\r\n\r\n"
  },
  {
    "path": "VM Project/VM Project.h",
    "content": "\r\n// VM Project.h : main header file for the PROJECT_NAME application\r\n//\r\n\r\n#pragma once\r\n\r\n#ifndef __AFXWIN_H__\r\n\t#error \"include 'stdafx.h' before including this file for PCH\"\r\n#endif\r\n\r\n#include \"resource.h\"\t\t// main symbols\r\n\r\n\r\n// CVMProjectApp:\r\n// See VM Project.cpp for the implementation of this class\r\n//\r\n\r\nclass CVMProjectApp : public CWinApp\r\n{\r\npublic:\r\n\tCVMProjectApp();\r\n\r\n// Overrides\r\npublic:\r\n\tvirtual BOOL InitInstance();\r\n\r\n// Implementation\r\n\r\n\tDECLARE_MESSAGE_MAP()\r\n};\r\n\r\nextern CVMProjectApp theApp;"
  },
  {
    "path": "VM Project/VM Project.vcxproj",
    "content": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project DefaultTargets=\"Build\" ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuild/2003\">\r\n  <ItemGroup Label=\"ProjectConfigurations\">\r\n    <ProjectConfiguration Include=\"Debug|Win32\">\r\n      <Configuration>Debug</Configuration>\r\n      <Platform>Win32</Platform>\r\n    </ProjectConfiguration>\r\n    <ProjectConfiguration Include=\"Release|Win32\">\r\n      <Configuration>Release</Configuration>\r\n      <Platform>Win32</Platform>\r\n    </ProjectConfiguration>\r\n  </ItemGroup>\r\n  <PropertyGroup Label=\"Globals\">\r\n    <ProjectGuid>{50DC5327-0CAD-4787-B236-F3B0127AA8A9}</ProjectGuid>\r\n    <RootNamespace>VMProject</RootNamespace>\r\n    <Keyword>MFCProj</Keyword>\r\n  </PropertyGroup>\r\n  <Import Project=\"$(VCTargetsPath)\\Microsoft.Cpp.Default.props\" />\r\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\" Label=\"Configuration\">\r\n    <ConfigurationType>Application</ConfigurationType>\r\n    <UseDebugLibraries>true</UseDebugLibraries>\r\n    <PlatformToolset>v110</PlatformToolset>\r\n    <CharacterSet>Unicode</CharacterSet>\r\n    <UseOfMfc>Static</UseOfMfc>\r\n  </PropertyGroup>\r\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\" Label=\"Configuration\">\r\n    <ConfigurationType>Application</ConfigurationType>\r\n    <UseDebugLibraries>false</UseDebugLibraries>\r\n    <PlatformToolset>v110</PlatformToolset>\r\n    <WholeProgramOptimization>true</WholeProgramOptimization>\r\n    <CharacterSet>Unicode</CharacterSet>\r\n    <UseOfMfc>Static</UseOfMfc>\r\n  </PropertyGroup>\r\n  <Import Project=\"$(VCTargetsPath)\\Microsoft.Cpp.props\" />\r\n  <ImportGroup Label=\"ExtensionSettings\">\r\n  </ImportGroup>\r\n  <ImportGroup Label=\"PropertySheets\" Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\">\r\n    <Import Project=\"$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props\" Condition=\"exists('$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props')\" Label=\"LocalAppDataPlatform\" />\r\n  </ImportGroup>\r\n  <ImportGroup Label=\"PropertySheets\" Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\">\r\n    <Import Project=\"$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props\" Condition=\"exists('$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props')\" Label=\"LocalAppDataPlatform\" />\r\n  </ImportGroup>\r\n  <PropertyGroup Label=\"UserMacros\" />\r\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\">\r\n    <LinkIncremental>true</LinkIncremental>\r\n  </PropertyGroup>\r\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\">\r\n    <LinkIncremental>false</LinkIncremental>\r\n  </PropertyGroup>\r\n  <ItemDefinitionGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\">\r\n    <ClCompile>\r\n      <PrecompiledHeader>Use</PrecompiledHeader>\r\n      <WarningLevel>Level3</WarningLevel>\r\n      <Optimization>Disabled</Optimization>\r\n      <PreprocessorDefinitions>WIN32;_WINDOWS;_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r\n      <SDLCheck>true</SDLCheck>\r\n      <CallingConvention>StdCall</CallingConvention>\r\n    </ClCompile>\r\n    <Link>\r\n      <SubSystem>Windows</SubSystem>\r\n      <GenerateDebugInformation>true</GenerateDebugInformation>\r\n      <RandomizedBaseAddress>false</RandomizedBaseAddress>\r\n      <FixedBaseAddress>true</FixedBaseAddress>\r\n      <AdditionalDependencies>BEAENGINE.lib</AdditionalDependencies>\r\n      <IgnoreSpecificDefaultLibraries>CRT.lib</IgnoreSpecificDefaultLibraries>\r\n    </Link>\r\n    <Midl>\r\n      <MkTypLibCompatible>false</MkTypLibCompatible>\r\n      <ValidateAllParameters>true</ValidateAllParameters>\r\n      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r\n    </Midl>\r\n    <ResourceCompile>\r\n      <Culture>0x0409</Culture>\r\n      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r\n      <AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r\n    </ResourceCompile>\r\n  </ItemDefinitionGroup>\r\n  <ItemDefinitionGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\">\r\n    <ClCompile>\r\n      <WarningLevel>Level3</WarningLevel>\r\n      <PrecompiledHeader>Use</PrecompiledHeader>\r\n      <Optimization>MaxSpeed</Optimization>\r\n      <FunctionLevelLinking>true</FunctionLevelLinking>\r\n      <IntrinsicFunctions>true</IntrinsicFunctions>\r\n      <PreprocessorDefinitions>WIN32;_WINDOWS;NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r\n      <SDLCheck>true</SDLCheck>\r\n      <CallingConvention>StdCall</CallingConvention>\r\n    </ClCompile>\r\n    <Link>\r\n      <SubSystem>Windows</SubSystem>\r\n      <GenerateDebugInformation>true</GenerateDebugInformation>\r\n      <EnableCOMDATFolding>true</EnableCOMDATFolding>\r\n      <OptimizeReferences>true</OptimizeReferences>\r\n      <AdditionalDependencies>BEAENGINE.lib</AdditionalDependencies>\r\n      <IgnoreSpecificDefaultLibraries>CRT.lib</IgnoreSpecificDefaultLibraries>\r\n      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>\r\n    </Link>\r\n    <Midl>\r\n      <MkTypLibCompatible>false</MkTypLibCompatible>\r\n      <ValidateAllParameters>true</ValidateAllParameters>\r\n      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r\n    </Midl>\r\n    <ResourceCompile>\r\n      <Culture>0x0409</Culture>\r\n      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r\n      <AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r\n    </ResourceCompile>\r\n  </ItemDefinitionGroup>\r\n  <ItemGroup>\r\n    <Text Include=\"ReadMe.txt\" />\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <ClInclude Include=\"BeaEngine.h\" />\r\n    <ClInclude Include=\"InstructionLogger.h\" />\r\n    <ClInclude Include=\"PEInjector.h\" />\r\n    <ClInclude Include=\"Resource.h\" />\r\n    <ClInclude Include=\"stdafx.h\" />\r\n    <ClInclude Include=\"targetver.h\" />\r\n    <ClInclude Include=\"VM Project.h\" />\r\n    <ClInclude Include=\"VM ProjectDlg.h\" />\r\n    <ClInclude Include=\"VMCompiler.h\" />\r\n    <ClInclude Include=\"VMHandlerProcessor.h\" />\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <ClCompile Include=\"InstructionLogger.cpp\" />\r\n    <ClCompile Include=\"PEInjector.cpp\" />\r\n    <ClCompile Include=\"stdafx.cpp\">\r\n      <PrecompiledHeader Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\">Create</PrecompiledHeader>\r\n      <PrecompiledHeader Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\">Create</PrecompiledHeader>\r\n    </ClCompile>\r\n    <ClCompile Include=\"VM Project.cpp\" />\r\n    <ClCompile Include=\"VM ProjectDlg.cpp\" />\r\n    <ClCompile Include=\"VMCompiler.cpp\" />\r\n    <ClCompile Include=\"VMHandlerProcessor.cpp\" />\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <ResourceCompile Include=\"VM Project.rc\" />\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <Image Include=\"res\\VM Project.ico\" />\r\n  </ItemGroup>\r\n  <Import Project=\"$(VCTargetsPath)\\Microsoft.Cpp.targets\" />\r\n  <ImportGroup Label=\"ExtensionTargets\">\r\n  </ImportGroup>\r\n  <ProjectExtensions>\r\n    <VisualStudio>\r\n      <UserProperties RESOURCE_FILE=\"VM Project.rc\" />\r\n    </VisualStudio>\r\n  </ProjectExtensions>\r\n</Project>"
  },
  {
    "path": "VM Project/VM Project.vcxproj.filters",
    "content": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuild/2003\">\r\n  <ItemGroup>\r\n    <Filter Include=\"Source Files\">\r\n      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>\r\n      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>\r\n    </Filter>\r\n    <Filter Include=\"Header Files\">\r\n      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>\r\n      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>\r\n    </Filter>\r\n    <Filter Include=\"Resource Files\">\r\n      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>\r\n      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>\r\n    </Filter>\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <Text Include=\"ReadMe.txt\" />\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <ClInclude Include=\"VM Project.h\">\r\n      <Filter>Header Files</Filter>\r\n    </ClInclude>\r\n    <ClInclude Include=\"VM ProjectDlg.h\">\r\n      <Filter>Header Files</Filter>\r\n    </ClInclude>\r\n    <ClInclude Include=\"stdafx.h\">\r\n      <Filter>Header Files</Filter>\r\n    </ClInclude>\r\n    <ClInclude Include=\"targetver.h\">\r\n      <Filter>Header Files</Filter>\r\n    </ClInclude>\r\n    <ClInclude Include=\"Resource.h\">\r\n      <Filter>Header Files</Filter>\r\n    </ClInclude>\r\n    <ClInclude Include=\"PEInjector.h\">\r\n      <Filter>Header Files</Filter>\r\n    </ClInclude>\r\n    <ClInclude Include=\"VMHandlerProcessor.h\">\r\n      <Filter>Header Files</Filter>\r\n    </ClInclude>\r\n    <ClInclude Include=\"VMCompiler.h\">\r\n      <Filter>Header Files</Filter>\r\n    </ClInclude>\r\n    <ClInclude Include=\"BeaEngine.h\">\r\n      <Filter>Header Files</Filter>\r\n    </ClInclude>\r\n    <ClInclude Include=\"InstructionLogger.h\">\r\n      <Filter>Header Files</Filter>\r\n    </ClInclude>\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <ClCompile Include=\"VM Project.cpp\">\r\n      <Filter>Source Files</Filter>\r\n    </ClCompile>\r\n    <ClCompile Include=\"VM ProjectDlg.cpp\">\r\n      <Filter>Source Files</Filter>\r\n    </ClCompile>\r\n    <ClCompile Include=\"stdafx.cpp\">\r\n      <Filter>Source Files</Filter>\r\n    </ClCompile>\r\n    <ClCompile Include=\"PEInjector.cpp\">\r\n      <Filter>Source Files</Filter>\r\n    </ClCompile>\r\n    <ClCompile Include=\"VMHandlerProcessor.cpp\">\r\n      <Filter>Source Files</Filter>\r\n    </ClCompile>\r\n    <ClCompile Include=\"VMCompiler.cpp\">\r\n      <Filter>Source Files</Filter>\r\n    </ClCompile>\r\n    <ClCompile Include=\"InstructionLogger.cpp\">\r\n      <Filter>Source Files</Filter>\r\n    </ClCompile>\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <ResourceCompile Include=\"VM Project.rc\">\r\n      <Filter>Resource Files</Filter>\r\n    </ResourceCompile>\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <Image Include=\"res\\VM Project.ico\">\r\n      <Filter>Resource Files</Filter>\r\n    </Image>\r\n  </ItemGroup>\r\n</Project>"
  },
  {
    "path": "VM Project/VM Project.vcxproj.user",
    "content": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuild/2003\">\r\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\">\r\n    <LocalDebuggerDebuggerType>NativeOnly</LocalDebuggerDebuggerType>\r\n  </PropertyGroup>\r\n</Project>"
  },
  {
    "path": "VM Project/VM ProjectDlg.cpp",
    "content": "\r\n// VM ProjectDlg.cpp : implementation file\r\n//\r\n\r\n#include \"stdafx.h\"\r\n#include \"VM Project.h\"\r\n#include \"VM ProjectDlg.h\"\r\n#include \"afxdialogex.h\"\r\n#include \"PEInjector.h\"\r\n#include \"VMHandlerProcessor.h\"\r\n#include \"BeaEngine.h\"\r\n#include \"VMCompiler.h\"\r\n\r\nCPEInjector InjectionEngine;\r\nCVMHandlerProcessor VMHProcessor;\r\nCVMCompiler iVMCompiler(VMHProcessor);\r\n#ifdef _DEBUG\r\n#define new DEBUG_NEW\r\n#endif\r\n\r\n\r\n// CVMProjectDlg dialog\r\n\r\n\r\n\r\nCVMProjectDlg::CVMProjectDlg(CWnd* pParent /*=NULL*/)\r\n\t: CDialogEx(CVMProjectDlg::IDD, pParent)\r\n\t, txtLog(_T(\"\"))\r\n\t, strVAStart(_T(\"\"))\r\n\t, strVAEnd(_T(\"\"))\r\n{\r\n\tm_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);\r\n}\r\n\r\nvoid CVMProjectDlg::DoDataExchange(CDataExchange* pDX)\r\n{\r\n\tCDialogEx::DoDataExchange(pDX);\r\n\tDDX_Text(pDX, IDC_Log, txtLog);\r\n\tDDX_Text(pDX, IDC_VAStart, strVAStart);\r\n\tDDX_Text(pDX, IDC_VAeND, strVAEnd);\r\n}\r\n\r\nBEGIN_MESSAGE_MAP(CVMProjectDlg, CDialogEx)\r\n\tON_WM_PAINT()\r\n\tON_WM_QUERYDRAGICON()\r\n\tON_BN_CLICKED(IDC_SelectFile, &CVMProjectDlg::OnBnClickedSelectfile)\r\n\tON_BN_CLICKED(IDC_DoVirtualize, &CVMProjectDlg::OnBnClickedDovirtualize)\r\n\tON_BN_CLICKED(IDC_Exit, &CVMProjectDlg::OnBnClickedExit)\r\nEND_MESSAGE_MAP()\r\n\r\n\r\n// CVMProjectDlg message handlers\r\n\r\nBOOL CVMProjectDlg::OnInitDialog()\r\n{\r\n\tCDialogEx::OnInitDialog();\r\n\r\n\t// Set the icon for this dialog.  The framework does this automatically\r\n\t//  when the application's main window is not a dialog\r\n\tSetIcon(m_hIcon, TRUE);\t\t\t// Set big icon\r\n\tSetIcon(m_hIcon, FALSE);\t\t// Set small icon\r\n\r\n\t// TODO: Add extra initialization here\r\n\r\n\tstrVAStart=\"0x\";\r\n\tstrVAEnd=\"0x\";\r\n\tUpdateData(false);\r\n\r\n\treturn TRUE;  // return TRUE  unless you set the focus to a control\r\n}\r\n\r\n// If you add a minimize button to your dialog, you will need the code below\r\n//  to draw the icon.  For MFC applications using the document/view model,\r\n//  this is automatically done for you by the framework.\r\n\r\nvoid CVMProjectDlg::OnPaint()\r\n{\r\n\tif (IsIconic())\r\n\t{\r\n\t\tCPaintDC dc(this); // device context for painting\r\n\r\n\t\tSendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);\r\n\r\n\t\t// Center icon in client rectangle\r\n\t\tint cxIcon = GetSystemMetrics(SM_CXICON);\r\n\t\tint cyIcon = GetSystemMetrics(SM_CYICON);\r\n\t\tCRect rect;\r\n\t\tGetClientRect(&rect);\r\n\t\tint x = (rect.Width() - cxIcon + 1) / 2;\r\n\t\tint y = (rect.Height() - cyIcon + 1) / 2;\r\n\r\n\t\t// Draw the icon\r\n\t\tdc.DrawIcon(x, y, m_hIcon);\r\n\t}\r\n\telse\r\n\t{\r\n\t\tCDialogEx::OnPaint();\r\n\t}\r\n}\r\n\r\n// The system calls this function to obtain the cursor to display while the user drags\r\n//  the minimized window.\r\nHCURSOR CVMProjectDlg::OnQueryDragIcon()\r\n{\r\n\treturn static_cast<HCURSOR>(m_hIcon);\r\n}\r\n\r\n\r\n\r\nvoid CVMProjectDlg::OnBnClickedSelectfile()\r\n{\r\n    // Select Standard PE File and read some information from it ....\r\n\t// Read OEP , NumberOfSections and Section Names\r\n\tUpdateData(true);\r\n\tOPENFILENAMEW op;\r\n\tCFileDialog* ofd = new CFileDialog(TRUE, NULL, NULL, OFN_FILEMUSTEXIST| OFN_HIDEREADONLY , _T(\"Executable Files (*.exe)|*.exe|Dynamic-Link Libraries (*.dll)|*.dll|All Files (*.*)|*.*||\"), NULL, 0);\r\n\t\r\n\tif(ofd->DoModal() == IDOK)\r\n\t{\r\n\t\top = ofd->GetOFN();\r\n\t\tInjectionEngine.strFileName=op.lpstrFile;\r\n\t\tInjectionEngine.LoadFile(op.lpstrFile);\r\n\t\ttxtLog=\"\";\r\n\t\tAddLog(\"OEP: \",false);\r\n\t\tAddLog(InjectionEngine.NTHeader->OptionalHeader.ImageBase + InjectionEngine.NTHeader->OptionalHeader.AddressOfEntryPoint,true);\r\n\t\tAddLog(\"Number Of Section: \",false);\r\n\t\tAddLog(InjectionEngine.NTHeader->FileHeader.NumberOfSections,true);\r\n\t\tfor (int i=0;i<InjectionEngine.NTHeader->FileHeader.NumberOfSections;i++)\r\n\t\t{\r\n\t\t\tAddLog(\"------->\",false);\r\n\t\t\tAddLog((LPSTR)InjectionEngine.SectionHeader[i].Name,true);\r\n\t\t}\r\n\r\n\t\t\r\n\t}\r\n}\r\n\r\n\r\nvoid CVMProjectDlg::AddLog(LPWSTR iLine,bool GoNextLine)\r\n{\r\n    // Add text log to memo object\r\n\ttxtLog+=(iLine);\r\n\tif (GoNextLine)\r\n\ttxtLog+=(L\"\\r\\n\");\r\n\tUpdateData(0);\r\n}\r\nvoid CVMProjectDlg::AddLog(LPSTR iLine,bool GoNextLine)\r\n{\r\n    // Add text log to memo object\r\n\ttxtLog+=(iLine);\r\n\tif (GoNextLine)\r\n\ttxtLog+=(\"\\r\\n\");\r\n\tUpdateData(0);\r\n}\r\nvoid CVMProjectDlg::AddLog(DWORD iNUM,bool GoNextLine)\r\n{\r\n    // Add text log to memo object\r\n\tchar iLine[12];\r\n\twsprintfA(iLine,\"%08X\",iNUM);\r\n\t//CharUpperA(iLine);\r\n\ttxtLog+=(iLine);\r\n\tif (GoNextLine)\r\n\ttxtLog+=(\"\\r\\n\");\r\n\tUpdateData(0);\r\n}\r\n\r\nvoid CVMProjectDlg::OnBnClickedDovirtualize()\r\n{\r\n    // Start of Virtualization Routine\r\n\tif (InjectionEngine.strFileName == LPWSTR (NULL) )\r\n\t{\r\n\t\tMessageBoxA(0,\"Can't Open Target File.\",\"Error\", MB_OK && MB_ICONERROR);\r\n\t\treturn;\r\n\t}\r\n    \r\n\t// New Section information (.VM Section)\r\n\tconst DWORD SectionSize=0x10000; \r\n\tBYTE tmpBytes[16];\r\n\tLPBYTE NewSection=(LPBYTE)VirtualAlloc(0,SectionSize,0x3000,0x40);\r\n\tZeroMemory(NewSection,SectionSize);\r\n\tDWORD NewSectionVA=InjectionEngine.GetNewSectionVA();\r\n\tDWORD iCaveVA=NewSectionVA;\r\n\tLPBYTE iCaveMem=NewSection;\r\n\r\n\t// Add new empty section to file\r\n\tInjectionEngine.AddNewSection(NewSection,SectionSize);\r\n\r\n\t\r\n\tUpdateData(true);\r\n\tDWORD VAStart=wcstol(strVAStart.GetBuffer(), NULL, 16);\r\n\tDWORD VAEnd=wcstol(strVAEnd.GetBuffer(), NULL, 16);;\r\n\tDWORD iVA=VAStart;\r\n\tLPBYTE iCode=InjectionEngine.pPEBytes + InjectionEngine.V2O(iVA);\r\n\tDISASM iDiASM;\r\n\tint iSize;\r\n\tZeroMemory(&iDiASM,sizeof(DISASM));\r\n\tiDiASM.VirtualAddr=iVA;\r\n\tiDiASM.EIP=(uintptr_t)iCode;\r\n\r\n\t// Get Virtual Addresses \r\n\tiVMCompiler.VAStart=VAStart;\r\n\tiVMCompiler.VAEnd=VAEnd;\r\n\tiVMCompiler.VMOpcodeBase=NewSectionVA;\r\n\t\r\n\twhile (iVA<VAEnd)\r\n\t{\r\n\t    // Convert Asm instructions to New Byte Codes (Compiling)\r\n\t\tiSize=Disasm(&iDiASM);\r\n\t\tiVMCompiler.CompileNow(iVA,(LPBYTE)(iDiASM.EIP),iSize,iDiASM);\r\n\r\n\r\n\t\tiVA+=iSize;\r\n\t\tiDiASM.VirtualAddr+=iSize;\r\n\t\tiDiASM.EIP+=iSize;\r\n\t\t\r\n\t}\r\n\t\r\n\ttmpBytes[0]=0x68;\r\n\t*(LPDWORD(tmpBytes+1))=iVA;\r\n\tiVMCompiler.CompileNow(iVA,tmpBytes,5,iDiASM);\r\n\t\r\n    // Finish Compiling...\r\n\ttmpBytes[0]=0xC3;\r\n\tiVMCompiler.CompileNow(iVA,tmpBytes,1,iDiASM);\r\n\r\n\r\n\r\n\r\n\r\n\tiVMCompiler.Finalize();\r\n\t// init VM Handlers for Generated VM Opcodes\r\n\tCopyMemory(iCaveMem,iVMCompiler.OpcodeTable,iVMCompiler.UsedSize);\r\n\tiCaveMem+=iVMCompiler.UsedSize;\r\n\tiCaveVA+=iVMCompiler.UsedSize;\r\n\t// Finish Building...\r\n\tiSize=VMHProcessor.BuildVMEngine(iCaveVA,iCaveMem);\r\n\tiCaveMem+=iSize;\r\n\tiCaveVA+=iSize;\r\n\t\r\n\t\r\n\tFillMemory(InjectionEngine.pPEBytes + InjectionEngine.V2O(VAStart),iVA-VAStart,0x90);\r\n\t\r\n\t{\r\n\t    // Add VM Codes & Handlers to PE\r\n\t\tLPBYTE iByte=InjectionEngine.V2O(VAStart) +  InjectionEngine.pPEBytes;\r\n\t\tLPDWORD iDWORD=LPDWORD(iByte+1);\r\n\r\n\t\tiByte[0]=0x68;\r\n\t\t*iDWORD=iVMCompiler.VMOpcodeBase;\r\n\r\n\t\tiByte+=5;\r\n\t\tiDWORD=LPDWORD(iByte+1);\r\n\t\tiByte[0]=0xE9;\r\n\t\t*iDWORD=(VMHProcessor.dwVMEntryAddress-VAStart-10);\r\n\t\t\r\n\t}\r\n\r\n\t\r\n\r\n\t\r\n\r\n\t\r\n\r\n\r\n\r\n    // Save Final File...\r\n\tInjectionEngine.SaveFile(\"C:\\\\Obfuscated.exe\");\r\n\r\n\t\r\n\r\n}\r\n\r\n\r\nvoid CVMProjectDlg::OnBnClickedExit()\r\n{\r\n\tExitProcess (0);\r\n\t// TODO: Add your control notification handler code here\r\n}\r\n"
  },
  {
    "path": "VM Project/VM ProjectDlg.h",
    "content": "\r\n// VM ProjectDlg.h : header file\r\n//\r\n\r\n#pragma once\r\n\r\n\r\n// CVMProjectDlg dialog\r\nclass CVMProjectDlg : public CDialogEx\r\n{\r\n// Construction\r\npublic:\r\n\tCVMProjectDlg(CWnd* pParent = NULL);\t// standard constructor\r\n\r\n// Dialog Data\r\n\tenum { IDD = IDD_VMPROJECT_DIALOG };\r\n\r\n\tprotected:\r\n\tvirtual void DoDataExchange(CDataExchange* pDX);\t// DDX/DDV support\r\n\r\n\r\n// Implementation\r\nprotected:\r\n\tHICON m_hIcon;\r\n\r\n\t// Generated message map functions\r\n\tvirtual BOOL OnInitDialog();\r\n\tafx_msg void OnPaint();\r\n\tafx_msg HCURSOR OnQueryDragIcon();\r\n\tDECLARE_MESSAGE_MAP()\r\npublic:\r\n\tafx_msg void OnBnClickedSelectfile();\r\n\tCString txtLog;\r\n\tvoid AddLog(LPWSTR,bool);\r\n\tvoid AddLog(LPSTR,bool);\r\n\tvoid AddLog(DWORD,bool);\r\n\tafx_msg void OnBnClickedDovirtualize();\r\n\tCString strVAStart;\r\n\tCString strVAEnd;\r\n\tafx_msg void OnBnClickedButton1();\r\n\tafx_msg void OnBnClickedExit();\r\n};\r\n"
  },
  {
    "path": "VM Project/VMCompiler.cpp",
    "content": "#include \"stdafx.h\"\r\n#include \"VMCompiler.h\"\r\n#include \"InstructionLogger.h\"\r\n\r\n\r\n// This Class will Translate input opcode to VM opcode\r\n\r\nCInstructionLogger *InstructionLog;\r\n\r\nCVMCompiler::CVMCompiler(CVMHandlerProcessor &HandlerProcessor):iVMHandler(HandlerProcessor)\r\n{\r\n\tInstructionLog=new CInstructionLogger(HandlerProcessor);\r\n\tAddressTableCount=0;\r\n\tUsedSize=0;\r\n\tOpcodeTable=(LPBYTE)malloc(0x1000);\r\n\tZeroMemory(OpcodeTable,0x1000);\r\n\t\r\n}\r\n\r\n\r\nCVMCompiler::~CVMCompiler(void)\r\n{\r\n}\r\n\r\n\r\nvoid CVMCompiler::CompileNow(DWORD Addr,LPBYTE Opcode,DWORD iSize,DISASM &iDiASM)\r\n{\r\n    // Get Address and byte Code then Generate VM Opcode...\r\n\tInstructionLog->AddToLog(Addr,VMOpcodeBase+UsedSize,&OpcodeTable[UsedSize]);\r\n\r\n\r\n\t//------0:CALL Imm\r\n\t//------1: x86\r\n\tbool bHandled=false;\r\n\tAddressTable[AddressTableCount][0]=Addr;\r\n\tAddressTable[AddressTableCount][1]=UsedSize;\r\n\r\n\tLPBYTE iOpcode=&OpcodeTable[UsedSize];\r\n\tDWORD iVMOpcode=VMOpcodeBase+UsedSize;\r\n\tDWORD tmp;\r\n\tDWORD T1=0;\r\n\tDWORD T2=0;\r\n\tswitch (Opcode[0])\r\n\t{\r\n\tcase 0xE8:\r\n\t\tiOpcode[0]=iVMHandler.GetHandlerIndex(VM_CALL);\r\n\t\ttmp=*(LPDWORD(&Opcode[1])) + Addr + 5;\r\n\t\t*(LPDWORD(&iOpcode[1]))=tmp;\r\n\t\tUsedSize+=5;\r\n\t\tbreak;\r\n\t\r\n\tcase 0x72: \r\n\tcase 0x73: \r\n\tcase 0x74: \r\n\tcase 0x75: \r\n\tcase 0x76: \r\n\tcase 0x77:\r\n\tcase 0x7C: \r\n\tcase 0x7D: \r\n\tcase 0x7E: \r\n\tcase 0x7F: \r\n\tcase 0xEB:\r\n\t\tT1=iDiASM.Instruction.AddrValue;\r\n\t\tProcess_JCC(Opcode,T1);\r\n\t\tbreak;\r\n\t\r\n\t\t\r\n\t\r\n\tcase 0x68:\r\n\t\ttmp=*(LPDWORD(&Opcode[1]));\r\n\t\tCompile_PUSH_Imm32(tmp);\r\n\t\tbreak;\r\n\tcase 0x6A:\r\n\t\ttmp=*(LPDWORD(&Opcode[1]));\r\n\t\ttmp&=0xFF;\r\n\t\t__asm\r\n\t\t{\r\n\t\t\tpush eax\r\n\t\t\t\tmov eax,tmp\r\n\t\t\t\tmovsx eax,al\r\n\t\t\t\tmov tmp,eax\r\n\t\t\tpop eax\r\n\t\t}\r\n\t\tCompile_PUSH_Imm32(tmp);\r\n\t\t\r\n\t\tbreak;\r\n\r\n\r\n\tcase 0x50:\r\n\tcase 0x51:\r\n\tcase 0x52:\r\n\tcase 0x53:\r\n\tcase 0x54:\r\n\tcase 0x55:\r\n\tcase 0x56:\r\n\tcase 0x57:\r\n\t\tProcessPUSHR32(Opcode[0]);\r\n\t\tbreak;\r\n\tcase 0x58:\r\n\tcase 0x59:\r\n\tcase 0x5A:\r\n\tcase 0x5B:\r\n\tcase 0x5C:\r\n\tcase 0x5D:\r\n\tcase 0x5E:\r\n\tcase 0x5F:\r\n\t\tProcessPOPR32(Opcode[0]);\r\n\t\tbreak;\r\n\t//------------------------------\r\n\tdefault:\r\n\t\tif ((Opcode[0]==0xF && (Opcode[1]==0x82 || Opcode[1]==0x83 || Opcode[1]==0x84 || Opcode[1]==0x85 || Opcode[1]==0x86 || Opcode[1]==0x87|| Opcode[1]==0x8C || Opcode[1]==0x8D ||Opcode[1]==0x8E || Opcode[1]==0x8F)) || Opcode[0]==0xE9)\r\n\t\t{\r\n\t\t\t\r\n\t\t\tT1=iDiASM.Instruction.AddrValue;\r\n\t\t\tProcess_JCC(Opcode,T1);\r\n\r\n\t\t}\r\n\t\telse if ((Opcode[0]==0x89 || Opcode[0]==0x8B) && Opcode[1]>=0xC0 && Opcode[1]<=0xFF ) \r\n\t\t{\r\n\t\t\tProcessMOVR32R32(Opcode);\r\n\t\t}\r\n\t\telse if ((Opcode[0]==0x81 || Opcode[0]==0x83) && Opcode[1]>=0xC0 && Opcode[1]<0xC8 ) \r\n\t\t{\r\n\t\t\tProcessADDR32_Imm(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]>=0x40 && Opcode[0]<0x50)\r\n\t\t{\r\n\t\t\tProcessINC_DECR32(Opcode);\r\n\t\t}\r\n\t\telse if ((Opcode[0]==0x81 || Opcode[0]==0x83) && Opcode[1]>=0xE8 && Opcode[1]<0xF0 ) \r\n\t\t{\r\n\t\t\tProcessSUBR32_Imm(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x89 &&Opcode[1]>=0x40 && Opcode[1]<0x80 ) \r\n\t\t{\r\n\t\t\tProcessMOV_MemR32Imm8_R32(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x89 &&Opcode[1]>=0x40 && Opcode[1]<0xC0 ) \r\n\t\t{\r\n\t\t\tProcessMOV_MemR32Imm32_R32(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0xC7 &&Opcode[1]>=0x80 && Opcode[1]<0x88 ) \r\n\t\t{\r\n\t\t\tProcessMOV_MemR32Imm32_Imm32(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x8B &&Opcode[1]>=0x80 && Opcode[1]<0xC0 ) \r\n\t\t{\r\n\t\t\tProcessMOV_R32_MemR32Imm32(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x8B &&Opcode[1]>=0x40 && Opcode[1]<0x80 ) \r\n\t\t{\r\n\t\t\tProcessMOV_R32_MemR32Imm8(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x8D && Opcode[1]>=0x80 && Opcode[1]<0xC0 ) \r\n\t\t{\r\n\t\t\tProcessLEA_R32_MemR32Imm32(Opcode);\r\n\t\t}\r\n\t\telse if ((Opcode[0]==0x33 || Opcode[0]==0x31) && Opcode[1]>=0xC0 && Opcode[1]<=0xFF )\r\n\t\t{\r\n\t\t\tProcessXORR32_R32(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]>=0xB8 && Opcode[0]<=0xBF) \r\n\t\t{\r\n\t\t\tProcessMOVR32_Imm(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0xA1 || ((Opcode[0]==0x8B) && (Opcode[1]==0xD || Opcode[1]==0x15 || Opcode[1]==0x1D ||  Opcode[1]==0x25 || Opcode[1]==0x2D || Opcode[1]==0x35 || Opcode[1]==0x3D ))) \r\n\t\t{\r\n\t\t\tProcessMOVR32_MemImm(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0xA3 || ((Opcode[0]==0x89) && (Opcode[1]==0xD || Opcode[1]==0x15 || Opcode[1]==0x1D ||  Opcode[1]==0x25 || Opcode[1]==0x2D || Opcode[1]==0x35 || Opcode[1]==0x3D ))) \r\n\t\t{\r\n\t\t\tProcessMOVMemImm_R32(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x25 || ((Opcode[0]==0x81) && Opcode[1]>=0xE0 && Opcode[1]<0xE8  )) \r\n\t\t{\r\n\t\t\tProcessANDR32_Imm(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0xD || ((Opcode[0]==0x83 || Opcode[0]==0x81) && Opcode[1]>=0xC8 && Opcode[1]<0xD0 )) \r\n\t\t{\r\n\t\t\tProcessORR32_Imm(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x3D || ((Opcode[0]==0x83 || Opcode[0]==0x81) && Opcode[1]>=0xF8 && Opcode[1]<=0xFF )) \r\n\t\t{\r\n\t\t\tProcessCMPR32_Imm(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0xC1  && Opcode[1]>=0xE0 && Opcode[1]<0xE8  ) \r\n\t\t{\r\n\t\t\tProcessSHLR32_Imm(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0xC1  && Opcode[1]>=0xE8 && Opcode[1]<0xF0  ) \r\n\t\t{\r\n\t\t\tProcessSHRR32_Imm(Opcode);\r\n\t\t}\r\n\t\telse if (Opcode[0]==0xF7 && Opcode[1]>=0xD0 && Opcode[1]<0xD8) \r\n\t\t{\r\n\t\t\tProcessNOTR32(Opcode);\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\tiOpcode[0]=iVMHandler.GetHandlerIndex(VM_X86);\r\n\t\t\tiOpcode[1]=iSize;\r\n\t\t\tCopyMemory(&iOpcode[2],Opcode,iSize);\r\n\t\t\tUsedSize+=iSize+2;\r\n\t\t}\r\n\t\tbreak;\r\n\t}\r\n\t\r\n\t\r\n\t\r\n}\r\n\r\n\r\nvoid CVMCompiler::Finalize()\r\n{\r\n\tInstructionLog->FixCare();\r\n}\r\n\r\n\r\nvoid CVMCompiler::Compile_PUSH_Imm32(DWORD Imm)\r\n{\r\n     // Generate VM Opcode of \"Push\"\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_PUSHImmDW);\r\n\t*(LPDWORD(&OpcodeTable[UsedSize+1]))=Imm;\r\n\tUsedSize+=5;\r\n\r\n}\r\nvoid CVMCompiler::Compile_PUSH_R32(unsigned int RegisterOffset)\r\n{\r\n     // Generate VM Opcode of \"Push Register\"\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_PUSHR32);\r\n\tOpcodeTable[UsedSize+1]=RegisterOffset;\r\n\tUsedSize+=2;\r\n\r\n}\r\nvoid CVMCompiler::Compile_POP_R32(unsigned int RegisterOffset)\r\n{\r\n     // Generate VM Opcode of \"POP\"\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_POPR32);\r\n\tOpcodeTable[UsedSize+1]=RegisterOffset;\r\n\tUsedSize+=2;\r\n}\r\nvoid CVMCompiler::Compile_AND_32()\r\n{\r\n     // Generate VM Opcode of \"AND\"\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_AND32);\r\n\tUsedSize++;\r\n}\r\nvoid CVMCompiler::Compile_NOT_32()\r\n{\r\n     // Generate VM Opcode of \"NOT\"\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_NOT32);\r\n\tUsedSize++;\r\n}\r\nvoid CVMCompiler::Compile_SHL_32()\r\n{\r\n     // Generate VM Opcode of \"SHL\"\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_SHL32);\r\n\tUsedSize++;\r\n}\r\nvoid CVMCompiler::Compile_SHR_32()\r\n{\r\n     // Generate VM Opcode of \"SHR\"\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_SHR32);\r\n\tUsedSize++;\r\n}\r\nvoid CVMCompiler::Compile_JCCIn()\r\n{\r\n     // Generate VM Opcode of \"JCC\"\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_JCCIn);\r\n\tUsedSize++;\r\n}\r\nvoid CVMCompiler::Compile_ADD_32()\r\n{\r\n     // Generate VM Opcode of \"ADD\"\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_ADD32);\r\n\tUsedSize++;\r\n}\r\nvoid CVMCompiler::Compile_OR_32()\r\n{\r\n     // Generate VM Opcode of \"OR\"\r\n\tCompile_NOT_32();\r\n\tCompile_POP_R32(0x24);\r\n\tCompile_NOT_32();\r\n\tCompile_AND_32();\r\n\tCompile_POP_R32(0x28);\r\n\tCompile_NOT_32();\r\n\tCompile_POP_R32(0x24);\r\n\tCompile_PUSH_R32(0x24);\r\n\tCompile_PUSH_R32(0x24);\r\n\tCompile_AND_32();\r\n\r\n\r\n}\r\nvoid CVMCompiler::Compile_CMP_32()\r\n{\r\n     // Generate VM Opcode of \"CMP\"\r\n\tCompile_SUB_32();\r\n\tCompile_POP_R32(0x24);\r\n\tCompile_POP_R32(0x28);\r\n\tCompile_PUSH_R32(0x24);\r\n}\r\nvoid CVMCompiler::Compile_SUB_32()\r\n{\r\n     // Generate VM Opcode of \"SUB\"\r\n\tCompile_NOT_32();\r\n\tCompile_PUSH_Imm32(1);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x24);\r\n\tCompile_ADD_32();\r\n}\r\nvoid CVMCompiler::Compile_NOTBit()\r\n{\r\n     // Generate VM Opcode of \"NOT\" Bit\r\n\tCompile_PUSH_Imm32(1);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x28);\r\n\tCompile_PUSH_Imm32(1);\r\n\tCompile_AND_32();\r\n\tCompile_POP_R32(0x28);\r\n\r\n}\r\nvoid CVMCompiler::Compile_GetDWORDDS()\r\n{\r\n     // Generate VM Opcode of \"GetDWORDS\" (all type of opcodes that get DWORD data)\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_GetDWORDDS);\r\n\tUsedSize++;\r\n}\r\nvoid CVMCompiler::Compile_SetDWORDDS()\r\n{\r\n     // Generate VM Opcode of \"GetDWORDS\" (all type of opcodes that set DWORD data)\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_SetDWORDDS);\r\n\tUsedSize++;\r\n}\r\n\r\nvoid CVMCompiler::Process_JCC(LPBYTE Opcode,DWORD Dest)\r\n{\r\n     // Generate VM Opcode of \"JCC\"\r\n\tDWORD *dwNext;\r\n\tif (Dest>=VAStart && Dest<VAEnd)\r\n\t{\r\n\t\t\tInstructionLog->AddToCare((LPBYTE)(OpcodeTable+UsedSize),Dest);\r\n\t\t\tCompile_PUSH_Imm32(Dest);\r\n\t\t\tdwNext=(LPDWORD)&OpcodeTable[UsedSize+1];\r\n\t\t\tCompile_PUSH_Imm32(0);\r\n\t\t\r\n\t\tif (Opcode[0]==0xEB || Opcode[0]==0xE9) \r\n\t\t{\r\n\t\t\tCompile_PUSH_Imm32(1);\r\n\t\t\tCompile_JCCIn();\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x77 || Opcode[0]==0x76 || (Opcode[0]==0xF && (Opcode[1]==0x87 || Opcode[1]==0x86))) \r\n\t\t{\r\n\t\t\t\r\n\r\n\t\t\tCompile_PUSH_R32(0x20);\r\n\t\t\tCompile_PUSH_Imm32(1);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_NOTBit();\r\n\r\n\t\t\tCompile_PUSH_R32(0x20);\r\n\t\t\tCompile_PUSH_Imm32(0x40);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_PUSH_R32(6);\r\n\t\t\tCompile_SHR_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_NOTBit();\r\n\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\r\n\t\t\tif (Opcode[0]==0x76 || (Opcode[0]==0xF && Opcode[1]==0x86))\r\n\t\t\t\tCompile_NOTBit();\r\n\r\n\t\t\tCompile_JCCIn();\r\n\r\n\t\t\t*dwNext=VMOpcodeBase+UsedSize;\r\n\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x75 || Opcode[0]==0x74 || (Opcode[0]==0xF && (Opcode[1]==0x84 ||Opcode[1]==0x85 )) ) \r\n\t\t{\r\n\t\t\r\n\r\n\t\t\tCompile_PUSH_R32(0x20);\r\n\t\t\tCompile_PUSH_Imm32(0x40);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_PUSH_Imm32(6);\r\n\t\t\tCompile_SHR_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\t\r\n\t\t\tif (Opcode[0]==0x75 || (Opcode[0]==0xF && Opcode[1]==0x85)) //NOT\r\n\t\t\t\tCompile_NOTBit();\r\n\r\n\t\t\tCompile_JCCIn();\r\n\r\n\r\n\t\t\t*dwNext=VMOpcodeBase+UsedSize;\r\n\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x72 || Opcode[0]==0x73 || (Opcode[0]==0xF && (Opcode[1]==0x82 ||Opcode[1]==0x83 )) ) \r\n\t\t{\r\n\t\t\tCompile_PUSH_R32(0x20);\r\n\t\t\tCompile_PUSH_Imm32(1);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\t\r\n\t\t\tif (Opcode[0]==0x73 || (Opcode[0]==0xF && Opcode[1]==0x83)) \r\n\t\t\t\tCompile_NOTBit();\r\n\r\n\t\t\tCompile_JCCIn();\r\n\r\n\r\n\t\t\t*dwNext=VMOpcodeBase+UsedSize;\r\n\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x7E || Opcode[0]==0x7F || (Opcode[0]==0xF && (Opcode[1]==0x8E ||Opcode[1]==0x8F )) ) \r\n\t\t{\r\n\t\t\tCompile_PUSH_R32(0x20);\r\n\t\t\tCompile_PUSH_Imm32(0x40);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_PUSH_Imm32(6);\r\n\t\t\tCompile_SHR_32();\r\n\t\t\tCompile_POP_R32(0x24); \r\n\t\t\tCompile_NOTBit();\r\n\r\n\t\t\tCompile_PUSH_R32(0x20);\r\n\t\t\tCompile_PUSH_Imm32(0x800);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_PUSH_Imm32(11);\r\n\t\t\tCompile_SHR_32();\r\n\t\t\tCompile_POP_R32(0x24); \r\n\r\n\t\t\tCompile_PUSH_R32(0x20);\r\n\t\t\tCompile_PUSH_Imm32(0x80);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_PUSH_Imm32(7);\r\n\t\t\tCompile_SHR_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\r\n\t\t\tCompile_CMP_32();\r\n\t\t\tCompile_PUSH_Imm32(0x40);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_PUSH_Imm32(6);\r\n\t\t\tCompile_SHR_32();\r\n\t\t\tCompile_POP_R32(0x24); \r\n\t\t\t\r\n\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\r\n\r\n\r\n\t\t\t\r\n\t\t\tif (Opcode[0]==0x7E || (Opcode[0]==0xF && Opcode[1]==0x8E))\r\n\t\t\t\tCompile_NOTBit();\r\n\r\n\t\t\tCompile_JCCIn();\r\n\r\n\r\n\t\t\t*dwNext=VMOpcodeBase+UsedSize;\r\n\r\n\t\t}\r\n\t\telse if (Opcode[0]==0x7C || Opcode[0]==0x7D || (Opcode[0]==0xF && (Opcode[1]==0x8C ||Opcode[1]==0x8D )) ) \r\n\t\t{\r\n\r\n\t\t\tCompile_PUSH_R32(0x20);\r\n\t\t\tCompile_PUSH_Imm32(0x800);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_PUSH_Imm32(11);\r\n\t\t\tCompile_SHR_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\r\n\t\t\tCompile_PUSH_R32(0x20);\r\n\t\t\tCompile_PUSH_Imm32(0x80);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_PUSH_Imm32(7);\r\n\t\t\tCompile_SHR_32();\r\n\t\t\tCompile_POP_R32(0x24); \r\n\r\n\t\t\tCompile_CMP_32();\r\n\t\t\tCompile_PUSH_Imm32(0x40);\r\n\t\t\tCompile_AND_32();\r\n\t\t\tCompile_POP_R32(0x24);\r\n\t\t\tCompile_PUSH_Imm32(6);\r\n\t\t\tCompile_SHR_32();\r\n\t\t\tCompile_POP_R32(0x24); \r\n\t\t\t\r\n\r\n\r\n\t\t\tif (Opcode[0]==0x7C || (Opcode[0]==0xF && Opcode[1]==0x8C))\r\n\t\t\t\tCompile_NOTBit();\r\n\r\n\t\t\tCompile_JCCIn();\r\n\r\n\r\n\t\t\t*dwNext=VMOpcodeBase+UsedSize;\r\n\r\n\r\n\t\t}\r\n\r\n\t}\r\n\telse\r\n\t{\r\n\t\t\r\n\t\r\n\t}\r\n\r\n\r\n}\r\nvoid CVMCompiler::ProcessPUSHR32(BYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"Push Register\"\r\n\tif (iOpcode!=0x54)\r\n\t\tCompile_PUSH_R32(0x1C - (iOpcode-0x50)*4);\r\n\telse\r\n\t{\r\n\t\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_PUSHESP);\r\n\t\tUsedSize++;\r\n\t\tCompile_PUSH_Imm32(4);\r\n\t\tCompile_ADD_32();\r\n\t\tCompile_POP_R32(0x30);\r\n\t\t\r\n\r\n\t}\r\n\r\n}\r\nvoid CVMCompiler::ProcessPOPR32(BYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"POP Register\"\r\n\tif (iOpcode!=0x5C)\r\n\t\tCompile_POP_R32(0x1C - (iOpcode-0x58)*4);\r\n\telse\r\n\t{\r\n\t\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_POPESP);\r\n\t\tUsedSize++;\r\n\r\n\t}\r\n\r\n}\r\nvoid CVMCompiler::ProcessMOVR32R32(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"Mov Register/Register\"\r\n\tint rDEST;\r\n\tint rSRC;\r\n\tif (iOpcode[0]==0x89)\r\n\t{\r\n\t\trDEST=(iOpcode[1]-0xC0)%8;\r\n\t\trSRC=(iOpcode[1]-0xC0)/8;\r\n\t}\r\n\telse\r\n\t{\r\n\t\trSRC=(iOpcode[1]-0xC0)%8;\r\n\t\trDEST=(iOpcode[1]-0xC0)/8;\r\n\r\n\t}\r\n\r\n\t\r\n\r\n\tProcessPUSHR32(0x50+rSRC);\r\n\tProcessPOPR32(0x58+rDEST);\r\n}\r\nvoid CVMCompiler::ProcessADDR32_Imm(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"Add Register/Register\"\t\r\n\tif (iOpcode[0]!=0x81 && iOpcode[0]!=0x83)\r\n\t\treturn ;\r\n\tDWORD dwImm=*(LPDWORD)(&iOpcode[2]);\r\n\r\n\tif (iOpcode[0]==0x83)\r\n\t{\r\n\t\t__asm \r\n\t\t{\r\n\t\t\tpush eax\r\n\t\t\t\tmov eax,dwImm\r\n\t\t\t\tmovsx eax,al\r\n\t\t\t\tmov dwImm,eax\r\n\t\t\tpop eax\r\n\r\n\t\t}\r\n\r\n\t}\r\n\r\n\tint rDEST=iOpcode[1]-0xC0;\r\n\r\n\tProcessPUSHR32(0x50 + rDEST);\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x20);\r\n\tProcessPOPR32(0x58+rDEST);\r\n\r\n\r\n\r\n}\r\nvoid CVMCompiler::ProcessSUBR32_Imm(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"SUB\"\t\r\n\tif (iOpcode[0]!=0x81 && iOpcode[0]!=0x83)\r\n\t\treturn ;\r\n\tlong dwImm=*(LPLONG)(&iOpcode[2]);\r\n\t\r\n\tif (iOpcode[0]==0x83)\r\n\t{\r\n\t\t__asm \r\n\t\t{\r\n\t\t\tpush eax\r\n\t\t\t\tmov eax,dwImm\r\n\t\t\t\tmovsx eax,al\r\n\t\t\t\tmov dwImm,eax\r\n\t\t\tpop eax\r\n\r\n\t\t}\r\n\r\n\t}\r\n\tdwImm=dwImm*-1;\r\n\tint rDEST=iOpcode[1]-0xE8;\r\n\r\n\tProcessPUSHR32(0x50 + rDEST);\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x20);\r\n\tProcessPOPR32(0x58+rDEST);\r\n\r\n\r\n\r\n\r\n}\r\nvoid CVMCompiler::ProcessMOV_MemR32Imm8_R32(LPBYTE iOpcode)\r\n{\r\n\t\r\n     // Generate VM Opcode of \"Mov Register/Memory\"\r\n\tDWORD dwImm;\r\n\tint rSRC;\r\n\tint rDEST;\r\n\tif ((iOpcode[1]-0x44)%8==4)\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[2]);\r\n\t\t__asm\r\n\t\t{\r\n\t\t\tpush eax\r\n\t\t\t\tmov eax,dwImm\r\n\t\t\t\tmovsx eax,al\r\n\t\t\t\tmov dwImm,eax\r\n\t\t\tpop eax\r\n\r\n\t\t}\r\n\t\trSRC=(iOpcode[1]-0x40)/8;\r\n\t\trDEST=(iOpcode[1]-0x40)%8;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[3]);\r\n\t\t__asm\r\n\t\t{\r\n\t\t\tpush eax\r\n\t\t\t\tmov eax,dwImm\r\n\t\t\t\tmovsx eax,al\r\n\t\t\t\tmov dwImm,eax\r\n\t\t\tpop eax\r\n\r\n\t\t}\r\n\t\trSRC=(iOpcode[1]-0x44)/8;;\r\n\r\n\t\tif (iOpcode[2]>=0x20 && iOpcode[2]<0x28)\r\n\t\t\trDEST=0x20;\r\n\t\telse if (iOpcode[2]>=0x60 && iOpcode[2]<0x68)\r\n\t\t\trDEST=0x60;\r\n\t\telse if (iOpcode[2]>=0xE0 && iOpcode[2]<0xE8)\r\n\t\t\trDEST=0xE0;\r\n\r\n\t\trDEST=(iOpcode[2]-rDEST)%8;\r\n\t}\r\n\tProcessPUSHR32(0x50 + rDEST);\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x30);\r\n\tProcessPUSHR32(0x50 + rSRC);\r\n\tif (rSRC==4)//SRC ESP\r\n\t{\r\n\t\tCompile_PUSH_Imm32(4);\r\n\t\tCompile_ADD_32();\r\n\t\tCompile_POP_R32(0x30);\r\n\t}\r\n\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_SetDWORDDS);\r\n\tUsedSize++;\r\n\t\r\n}\r\nvoid CVMCompiler::ProcessMOV_MemR32Imm32_R32(LPBYTE iOpcode)\r\n{\r\n\t\r\n     // Generate VM Opcode of \"Mov Memory/Register\"\r\n\tDWORD dwImm;\r\n\tint rSRC;\r\n\tint rDEST;\r\n\tif ((iOpcode[1]-0x80)%8!=4)\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[2]);\r\n\r\n\t\trSRC=(iOpcode[1]-0x80)/8;\r\n\t\trDEST=(iOpcode[1]-0x80)%8;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[3]);\r\n\t\trSRC=(iOpcode[1]-0x84)/8;\r\n\r\n\t\tif (iOpcode[2]>=0x20 && iOpcode[2]<0x28)\r\n\t\t\trDEST=0x20;\r\n\t\telse if (iOpcode[2]>=0x60 && iOpcode[2]<0x68)\r\n\t\t\trDEST=0x60;\r\n\t\telse if (iOpcode[2]>=0xE0 && iOpcode[2]<0xE8)\r\n\t\t\trDEST=0xE0;\r\n\r\n\t\trDEST=(iOpcode[2]-rDEST)%8;\r\n\t}\r\n\tProcessPUSHR32(0x50 + rDEST);\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x30);\r\n\tProcessPUSHR32(0x50 + rSRC);\r\n\tif (rSRC==4)//SRC ESP\r\n\t{\r\n\t\tCompile_PUSH_Imm32(4);\r\n\t\tCompile_ADD_32();\r\n\t\tCompile_POP_R32(0x30);\r\n\t}\r\n\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_SetDWORDDS);\r\n\tUsedSize++;\r\n\t\r\n}\r\nvoid CVMCompiler::ProcessMOV_MemR32Imm32_Imm32(LPBYTE iOpcode)\r\n{\r\n\t\r\n     // Generate VM Opcode of \"Mov Memory/Memory\"\r\n\tDWORD dwSRCImm;\r\n\tDWORD dwDestImm;\r\n\r\n\tint rDEST;\r\n\tif ((iOpcode[1]-0x80)%8!=4)\r\n\t{\r\n\t\tdwDestImm=*(LPDWORD)(&iOpcode[2]);\r\n\t\tdwSRCImm=*(LPDWORD)(&iOpcode[6]);\r\n\r\n\t\trDEST=(iOpcode[1]-0x80)%8;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwDestImm=*(LPDWORD)(&iOpcode[3]);\r\n\t\tdwSRCImm=*(LPDWORD)(&iOpcode[7]);\r\n\t\t\r\n\r\n\t\tif (iOpcode[2]>=0x20 && iOpcode[2]<0x28)\r\n\t\t\trDEST=0x20;\r\n\t\telse if (iOpcode[2]>=0x60 && iOpcode[2]<0x68)\r\n\t\t\trDEST=0x60;\r\n\t\telse if (iOpcode[2]>=0xE0 && iOpcode[2]<0xE8)\r\n\t\t\trDEST=0xE0;\r\n\r\n\t\trDEST=(iOpcode[2]-rDEST)%8;\r\n\t}\r\n\tProcessPUSHR32(0x50 + rDEST);\r\n\tCompile_PUSH_Imm32(dwDestImm);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x30);\r\n\tCompile_PUSH_Imm32(dwSRCImm);\r\n\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_SetDWORDDS);\r\n\tUsedSize++;\r\n\t\r\n}\r\nvoid CVMCompiler::ProcessMOV_R32_MemR32Imm32(LPBYTE iOpcode)\r\n{\r\n\t\r\n     // Generate VM Opcode of \"Mov Mem32/Register32\"\r\n\tDWORD dwImm;\r\n\tint rSRC;\r\n\tint rDEST;\r\n\tif ((iOpcode[1]-0x80)%8!=4)\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[2]);\r\n\r\n\t\trDEST=(iOpcode[1]-0x80)/8;\r\n\t\trSRC=(iOpcode[1]-0x80)%8;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[3]);\r\n\t\trDEST=(iOpcode[1]-0x84)/8;\r\n\r\n\t\tif (iOpcode[2]>=0x20 && iOpcode[2]<0x28)\r\n\t\t\trSRC=0x20;\r\n\t\telse if (iOpcode[2]>=0x60 && iOpcode[2]<0x68)\r\n\t\t\trSRC=0x60;\r\n\t\telse if (iOpcode[2]>=0xE0 && iOpcode[2]<0xE8)\r\n\t\t\trSRC=0xE0;\r\n\r\n\t\trSRC=(iOpcode[2]-rSRC)%8;\r\n\t}\r\n\tProcessPUSHR32(0x50 + rSRC);\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x30);\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_GetDWORDDS);\r\n\tUsedSize++;\r\n\tProcessPOPR32(0x58+rDEST);\r\n\t\r\n}\r\nvoid CVMCompiler::ProcessMOV_R32_MemR32Imm8(LPBYTE iOpcode)\r\n{\r\n\t\r\n     // Generate VM Opcode of \"Memory / DWORD Memory\"\r\n\tDWORD dwImm;\r\n\tint rSRC;\r\n\tint rDEST;\r\n\tif ((iOpcode[1]-0x40)%8!=4)\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[2]);\r\n\r\n\t\trDEST=(iOpcode[1]-0x40)/8;\r\n\t\trSRC=(iOpcode[1]-0x40)%8;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[3]);\r\n\t\trDEST=(iOpcode[1]-0x44)/8;\r\n\r\n\t\tif (iOpcode[2]>=0x20 && iOpcode[2]<0x28)\r\n\t\t\trSRC=0x20;\r\n\t\telse if (iOpcode[2]>=0x60 && iOpcode[2]<0x68)\r\n\t\t\trSRC=0x60;\r\n\t\telse if (iOpcode[2]>=0xE0 && iOpcode[2]<0xE8)\r\n\t\t\trSRC=0xE0;\r\n\r\n\t\trSRC=(iOpcode[2]-rSRC)%8;\r\n\t}\r\n\t__asm\r\n\t{\r\n\t\tpush eax\r\n\t\t\tmov eax,dwImm\r\n\t\t\tmovsx eax,al\r\n\t\t\tmov dwImm,eax\r\n\t\tpop eax\r\n\r\n\t}\r\n\tProcessPUSHR32(0x50 + rSRC);\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x30);\r\n\tOpcodeTable[UsedSize]=iVMHandler.GetHandlerIndex(VM_GetDWORDDS);\r\n\tUsedSize++;\r\n\tProcessPOPR32(0x58+rDEST);\r\n\t\r\n}\r\nvoid CVMCompiler::ProcessLEA_R32_MemR32Imm32(LPBYTE iOpcode)\r\n{\r\n\t\r\n     // Generate VM Opcode of \"Mov Mem/16 bit Register\"\r\n\tDWORD dwImm;\r\n\tint rSRC;\r\n\tint rDEST;\r\n\tif ((iOpcode[1]-0x80)%8!=4)\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[2]);\r\n\r\n\t\trDEST=(iOpcode[1]-0x80)/8;\r\n\t\trSRC=(iOpcode[1]-0x80)%8;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[3]);\r\n\t\trDEST=(iOpcode[1]-0x84)/8;\r\n\r\n\t\tif (iOpcode[2]>=0x20 && iOpcode[2]<0x28)\r\n\t\t\trSRC=0x20;\r\n\t\telse if (iOpcode[2]>=0x60 && iOpcode[2]<0x68)\r\n\t\t\trSRC=0x60;\r\n\t\telse if (iOpcode[2]>=0xE0 && iOpcode[2]<0xE8)\r\n\t\t\trSRC=0xE0;\r\n\r\n\t\trSRC=(iOpcode[2]-rSRC)%8;\r\n\t}\r\n\tProcessPUSHR32(0x50 + rSRC);\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x30);\r\n\tProcessPOPR32(0x58 + rDEST);\r\n\t\r\n}\r\nvoid CVMCompiler::ProcessXORR32_R32(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"XOR\"\r\n\tif (iOpcode[0]!=0x33 && iOpcode[0]!=0x31 )\r\n\t\treturn;\r\n\r\n\tint rSRC=(iOpcode[1]-0xC0)/8;\r\n\tint rDEST=(iOpcode[1]-0xC0)%8;\r\n\r\n\tProcessPUSHR32(0x50+rSRC);\r\n\tProcessPUSHR32(0x50+rDEST);\r\n\tCompile_NOT_32();\r\n\tCompile_AND_32();\r\n\tCompile_POP_R32(0x30);\r\n\r\n\tProcessPUSHR32(0x50+rDEST);\r\n\tProcessPUSHR32(0x50+rSRC);\r\n\tCompile_NOT_32();\r\n\tCompile_AND_32();\r\n\tCompile_POP_R32(0x30);\r\n\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x30);\r\n\r\n\tProcessPOPR32(0x58 + rDEST);\r\n\r\n}\r\nvoid CVMCompiler::ProcessMOVR32_Imm(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"Mov Register16/Register16\" (16 means 16 bit)\r\n\tif (iOpcode[0]<0xB8 || iOpcode[0]>0xBF)\r\n\t\treturn;\r\n\r\n\tDWORD dwImm=*(LPDWORD)(&iOpcode[1]);\r\n\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tProcessPOPR32(0x58 + iOpcode[0] - 0xB8);\r\n}\r\nvoid CVMCompiler::ProcessMOVR32_MemImm(LPBYTE iOpcode)\r\n{\r\n\t// Generate VM Opcode of \"Mov Register16/memory16\" (16 means 16 bit)\r\n\tDWORD dwImm;\r\n\tint rDEST;\r\n\tif (iOpcode[0]==0xA1)\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[1]);\r\n\t\trDEST=0;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[2]);\r\n\t\trDEST=(iOpcode[1]-0xD)/8 + 1;\r\n\t}\r\n\t\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_GetDWORDDS();\r\n\tProcessPOPR32(0x58 + rDEST);\r\n\r\n\r\n\r\n}\r\nvoid CVMCompiler::ProcessMOVMemImm_R32(LPBYTE iOpcode)\r\n{\r\n\tDWORD dwImm;\r\n\tint rSRC;\r\n\tif (iOpcode[0]==0xA3)\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[1]);\r\n\t\trSRC=0;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[2]);\r\n\t\trSRC=(iOpcode[1]-0xD)/8 + 1;\r\n\t}\r\n\t\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tProcessPUSHR32(0x50+rSRC);\r\n\tCompile_SetDWORDDS();\r\n\t\r\n}\r\nvoid CVMCompiler::ProcessANDR32_Imm(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"AND Register\"\r\n\tDWORD dwImm;\r\n\tint rDEST;\r\n\tif (iOpcode[0]==0x25)\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[1]);\r\n\t\trDEST=0;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[2]);\r\n\t\trDEST=(iOpcode[1]-0xE0);\r\n\t}\r\n\t\r\n\tProcessPUSHR32(0x50 + rDEST);\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_AND_32();\r\n\tCompile_POP_R32(0x30);\r\n\tProcessPOPR32(0x58 + rDEST);\r\n\t\r\n}\r\nvoid CVMCompiler::ProcessORR32_Imm(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"OR Register/memory\"\r\n\tDWORD dwImm;\r\n\tint rDEST;\r\n\tif (iOpcode[0]==0xD)\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[1]);\r\n\t\trDEST=0;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[2]);\r\n\t\tif (iOpcode[0]==0x83) \r\n\t\t{\r\n\t\t\t__asm\r\n\t\t\t{\r\n\t\t\t\tpush eax\r\n\t\t\t\t\tmov eax,dwImm\r\n\t\t\t\t\tmovsx eax,al\r\n\t\t\t\t\tmov dwImm,eax\r\n\t\t\t\tpop eax\r\n\r\n\t\t\t}\r\n\r\n\t\t}\r\n\t\trDEST=(iOpcode[1]-0xC8);\r\n\t}\r\n\t\r\n\tProcessPUSHR32(0x50 + rDEST);\r\n\tCompile_NOT_32();\r\n\tCompile_PUSH_Imm32(dwImm^0xFFFFFFFF);\r\n\tCompile_AND_32();\r\n\tCompile_POP_R32(0x30);\r\n\tCompile_NOT_32();\r\n\tCompile_PUSH_Imm32(0xFFFFFFFF);\r\n\tCompile_AND_32();\r\n\tCompile_POP_R32(0x20); \r\n\tProcessPOPR32(0x58 + rDEST);\r\n\t\r\n}\r\nvoid CVMCompiler::ProcessSHLR32_Imm(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"SHL Register - memory\"\r\n\tint rDEST=iOpcode[1]-0xE0;\r\n\tDWORD dwImm;\r\n\t__asm\r\n\t{\r\n\t\tpush eax\r\n\t\t\tmov eax,iOpcode\r\n\t\t\tmovzx eax,byte ptr ds:[eax+2]\r\n\t\t\tmov dwImm,eax\r\n\t\tpop eax\r\n\t}\r\n\r\n\tProcessPUSHR32(0x50 + rDEST);\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_SHL_32();\r\n\tCompile_POP_R32(0x30);\r\n\tProcessPOPR32(0x58 + rDEST);\r\n\r\n}\r\nvoid CVMCompiler::ProcessSHRR32_Imm(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"SHR Register  -   memory\"\r\n\tint rDEST=iOpcode[1]-0xE8;\r\n\tDWORD dwImm;\r\n\t__asm\r\n\t{\r\n\t\tpush eax\r\n\t\t\tmov eax,iOpcode\r\n\t\t\tmovzx eax,byte ptr ds:[eax+2]\r\n\t\t\tmov dwImm,eax\r\n\t\tpop eax\r\n\t}\r\n\r\n\tProcessPUSHR32(0x50 + rDEST);\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_SHR_32();\r\n\tCompile_POP_R32(0x30);\r\n\tProcessPOPR32(0x58 + rDEST);\r\n\r\n}\r\nvoid CVMCompiler::ProcessNOTR32(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"NOT Register\"\r\n\tint rDEST=iOpcode[1]-0xD0;\r\n\tProcessPUSHR32(0x50+rDEST);\r\n\tCompile_NOT_32();\r\n\tProcessPOPR32(0x58+rDEST);\r\n\r\n}\r\nvoid CVMCompiler::ProcessINC_DECR32(LPBYTE iOpcode)\r\n{\r\n\t// Generate VM Opcode of \"DEC Register\"\r\n\tint rDEST;\r\n\tint dwAdd;\r\n\r\n\tif (iOpcode[0]<0x48)\r\n\t{\r\n\t\tdwAdd=1;\r\n\t\trDEST=iOpcode[0]-0x40;\r\n\t}\r\n\telse\r\n\t{\r\n\t\tdwAdd=0xFFFFFFFF;\r\n\t\trDEST=iOpcode[0]-0x48;\r\n\t}\r\n\r\n\tProcessPUSHR32(0x50+rDEST);\r\n\tCompile_PUSH_Imm32(dwAdd);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x20);\r\n\tProcessPOPR32(0x58+rDEST);\r\n\r\n}\r\nvoid CVMCompiler::ProcessCMPR32_Imm(LPBYTE iOpcode)\r\n{\r\n     // Generate VM Opcode of \"CMP Register - Memory\"\t\r\n\tif (iOpcode[0]!=0x81 && iOpcode[0]!=0x83 && iOpcode[0]!=0x3D)\r\n\t\treturn ;\r\n\tDWORD dwImm;\r\n\tint rDEST=0;\r\n\tif (iOpcode[0]!=0x3D)\r\n\t{\r\n\r\n\t\trDEST=iOpcode[1]-0xF8;\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[2]);\r\n\r\n\t\tif (iOpcode[0]==0x83) \r\n\t\t{\r\n\t\t\t__asm \r\n\t\t\t{\r\n\t\t\t\tpush eax\r\n\t\t\t\t\tmov eax,dwImm\r\n\t\t\t\t\tmovsx eax,al\r\n\t\t\t\t\tmov dwImm,eax\r\n\t\t\t\tpop eax\r\n\r\n\t\t\t}\r\n\t\t}\r\n\r\n\t}\r\n\telse\r\n\t\tdwImm=*(LPDWORD)(&iOpcode[1]);\r\n\t\r\n\t\r\n    // Finalize ...\r\n\tProcessPUSHR32(0x50 + rDEST);\r\n\tCompile_NOT_32();\r\n\tCompile_PUSH_Imm32(dwImm);\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x30);\r\n\tCompile_PUSH_R32(0x30);\r\n\tCompile_PUSH_Imm32(0x815);\r\n\tCompile_AND_32();\r\n\tCompile_POP_R32(0x34);\r\n\tCompile_POP_R32(0x38);\r\n\tCompile_NOT_32();\r\n\tCompile_POP_R32(0x34);\r\n\tCompile_PUSH_R32(0x34);\r\n\tCompile_PUSH_R32(0x34);\r\n\tCompile_AND_32();\r\n\tCompile_PUSH_Imm32(0x815);\r\n\tCompile_NOT_32();\r\n\tCompile_AND_32();\r\n\tCompile_POP_R32(0x30);\r\n\tCompile_PUSH_R32(0x38);\r\n\r\n\tCompile_ADD_32();\r\n\tCompile_POP_R32(0x20);\r\n\tCompile_POP_R32(0x20);\r\n\tCompile_POP_R32(0x30);\r\n\r\n\r\n\r\n\r\n\r\n\r\n}"
  },
  {
    "path": "VM Project/VMCompiler.h",
    "content": "#pragma once\r\n#include \"VMHandlerProcessor.h\"\r\n#include \"BeaEngine.h\"\r\nclass CVMCompiler\r\n{\r\nprivate:\r\n\tCVMHandlerProcessor &iVMHandler;\r\npublic:\r\n\tDWORD VAStart;\r\n\tDWORD VAEnd;\r\n\tDWORD VMOpcodeBase;\r\n\tLPBYTE OpcodeTable;\r\n\tDWORD UsedSize;\r\n\tDWORD AddressTable[1000][2];\r\n\tDWORD AddressTableCount;\r\n\tvoid Finalize();\r\n\tvoid CompileNow(DWORD,LPBYTE,DWORD,DISASM&);\r\n\r\n\r\n\t//------------------------------\r\n\t\r\n\tvoid Compile_PUSH_R32(unsigned int RegisterOffset);\r\n\tvoid Compile_POP_R32(unsigned int RegisterOffset);\r\n\tvoid Compile_PUSH_Imm32(DWORD Imm);\r\n\tvoid Compile_AND_32();\r\n\tvoid Compile_NOT_32();\r\n\tvoid Compile_JCCIn();\r\n\tvoid Compile_SHR_32();\r\n\tvoid Compile_SHL_32();\r\n\tvoid Compile_ADD_32();\r\n\tvoid Compile_OR_32();\r\n\tvoid Compile_CMP_32();\r\n\tvoid Compile_SUB_32();\r\n\tvoid Compile_GetDWORDDS();\r\n\tvoid Compile_SetDWORDDS();\r\n\tvoid Compile_NOTBit();\r\n\r\n\r\n\tvoid Process_JCC(LPBYTE Opcode,DWORD Dest);\r\n\tvoid ProcessPUSHR32(BYTE iOpcode);\r\n\tvoid ProcessPOPR32(BYTE iOpcode);\r\n\tvoid ProcessMOVR32R32(LPBYTE iOpcode);\r\n\tvoid ProcessADDR32_Imm(LPBYTE iOpcode);\r\n\tvoid ProcessSUBR32_Imm(LPBYTE iOpcode);\r\n\tvoid ProcessMOV_MemR32Imm8_R32(LPBYTE iOpcode);\r\n\tvoid ProcessMOV_MemR32Imm32_R32(LPBYTE iOpcode);\r\n\tvoid ProcessMOVR32_Imm(LPBYTE iOpcode);\r\n\tvoid ProcessMOVR32_MemImm(LPBYTE iOpcode);\r\n\tvoid ProcessMOVMemImm_R32(LPBYTE iOpcode);\r\n\tvoid ProcessMOV_MemR32Imm32_Imm32(LPBYTE iOpcode);\r\n\tvoid ProcessMOV_R32_MemR32Imm32(LPBYTE iOpcode);\r\n\tvoid ProcessMOV_R32_MemR32Imm8(LPBYTE iOpcode);\r\n\tvoid ProcessLEA_R32_MemR32Imm32(LPBYTE iOpcode);\r\n\tvoid ProcessXORR32_R32(LPBYTE iOpcode);\r\n\tvoid ProcessANDR32_Imm(LPBYTE iOpcode);\r\n\tvoid ProcessORR32_Imm(LPBYTE iOpcode);\r\n\tvoid ProcessSHLR32_Imm(LPBYTE iOpcode);\r\n\tvoid ProcessSHRR32_Imm(LPBYTE iOpcode);\r\n\tvoid ProcessCMPR32_Imm(LPBYTE iOpcode);\r\n\tvoid ProcessNOTR32(LPBYTE iOpcode);\r\n\tvoid ProcessINC_DECR32(LPBYTE iOpcode);\r\n\r\n\r\n\r\n\t//-------------------------------\r\n\r\n\tCVMCompiler(CVMHandlerProcessor &HandlerProcessor);\r\n\t~CVMCompiler(void);\r\n};\r\n\r\n"
  },
  {
    "path": "VM Project/VMHandlerProcessor.cpp",
    "content": "#include \"stdafx.h\"\r\n#include \"VMHandlerProcessor.h\"\r\n\r\n\r\nCVMHandlerProcessor::CVMHandlerProcessor(void)\r\n{\r\n\tHandlerCount=0;\r\n\r\n}\r\n\r\n\r\nCVMHandlerProcessor::~CVMHandlerProcessor(void)\r\n{\r\n}\r\nunsigned CVMHandlerProcessor::GetHandlerIndex(VMHandlerCodes iType)\r\n{\r\n    // Main VM Handler \r\n\tunsigned int Result=0xFFFFFFFF;\r\n\r\n\tfor (unsigned int i=0;i<HandlerCount;i++)\r\n\t\tif (HandlerTable[i]==iType)\r\n\t\t\tResult=i;\r\n\t\r\n\tif (Result==0xFFFFFFFF)\r\n\t{\r\n\t\tDWORD iHandlerAddr=0;\r\n\t\tswitch (iType)\r\n\t\t{\r\n\t\tcase VM_Start:\r\n\t\t\t__asm push VMH_Start\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\r\n\t\tcase VM_Exit:\r\n\t\t\t__asm push VMH_Exit\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\t\t\r\n\t\tcase VM_X86:\r\n\t\t\t__asm push VMH_X86\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_PUSHImmDW:\r\n\t\t\t__asm push VMH_PUSHImmDWORD\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_JCCIn:\r\n\t\t\t__asm push VMH_JCCIn;\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_CALL:\r\n\t\t\t__asm push VMH_CALL\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_PUSHR32:\r\n\t\t\t__asm push VMH_PUSHR32\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_POPR32:\r\n\t\t\t__asm push VMH_POPR32\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_AND32:\r\n\t\t\t__asm push VMH_AND32\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_NOT32:\r\n\t\t\t__asm push VMH_NOT32\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_SHR32:\r\n\t\t\t__asm push VMH_SHR32;\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_SHL32:\r\n\t\t\t__asm push VMH_SHL32;\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_ADD32:\r\n\t\t\t__asm push VMH_ADD32;\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_PUSHESP:\r\n\t\t\t__asm push VMH_PUSHESP;\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_POPESP:\r\n\t\t\t__asm push VMH_POPESP;\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_GetDWORDDS:\r\n\t\t\t__asm push VMH_GetDWORDDS;\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\t\tcase VM_SetDWORDDS:\r\n\t\t\t__asm push VMH_SetDWORDDS;\r\n\t\t\t__asm pop iHandlerAddr;\r\n\t\t\tbreak;\r\n\r\n\t\t};\r\n\t\tHandlerCurrentTable[HandlerCount]=GetMainAddress((LPBYTE)iHandlerAddr);\r\n\t\tHandlerTable[HandlerCount]=iType;\r\n\t\tResult=HandlerCount;\r\n\t\tHandlerCount++;\r\n\r\n\t}\r\n\r\n\treturn Result;\r\n\r\n}\r\n\r\n\r\nDWORD CVMHandlerProcessor::BuildVMEngine(DWORD VBase,LPBYTE MemBase)\r\n{\r\n     // Add VM Opcodes and build related vm handlers...\r\n\tDWORD UsedSize=0;\r\n\tDWORD tmp;\r\n\tDWORD iVA=VBase;\r\n\tLPBYTE iMem=MemBase;\r\n\r\n\tLPDWORD HandlerTable=(LPDWORD)iMem;\r\n\tdwVMHandlerTableAddress=iVA;\r\n\r\n\tiVA+=HandlerCount*4;\r\n\tiMem+=HandlerCount*4;\r\n\r\n\t\r\n\tfor (unsigned int i=0;i<HandlerCount;i++)\r\n\t{\r\n\t\tHandlerTable[i]=iVA;\r\n\t\tCopyMemory(iMem,(LPBYTE)HandlerCurrentTable[i],GetHandlerSize(LPBYTE(HandlerCurrentTable[i])));\r\n\t\tiVA+=GetHandlerSize(LPBYTE(HandlerCurrentTable[i]));\r\n\t\tiMem+=GetHandlerSize(LPBYTE(HandlerCurrentTable[i]));\r\n\t\tUsedSize+=4;\r\n\t\tUsedSize+=GetHandlerSize(LPBYTE(HandlerCurrentTable[i]));\r\n\t}\r\n\r\n\t\r\n\tdwVMEntryAddress=iVA;\r\n\t__asm push VMH_Start\r\n\t__asm pop tmp\r\n\ttmp=GetMainAddress((LPBYTE)tmp);\r\n\tCopyMemory(iMem,(LPVOID)tmp,GetHandlerSize((LPBYTE)tmp));\r\n\tiVA+=GetHandlerSize((LPBYTE)tmp);\r\n\tiMem+=GetHandlerSize((LPBYTE)tmp);\r\n\tUsedSize+=GetHandlerSize((LPBYTE)tmp);\r\n\r\n\t__asm push VMH_Dispatcher\r\n\t__asm pop tmp\r\n\ttmp=GetMainAddress((LPBYTE)tmp);\r\n\tCopyMemory(iMem,(LPVOID)tmp,GetHandlerSize((LPBYTE)tmp));\r\n\tUsedSize+=GetHandlerSize((LPBYTE)tmp);\r\n\t\r\n\t{\r\n\t\tLPBYTE Base=iMem;\r\n\t\tif (Base[0]==0xE9)\r\n\t\t\tBase=(Base+*((LPDWORD)(Base+1))+5);\r\n\t\twhile (*((LPDWORD)Base)!=0x12345678)\r\n\t\t\tBase++;\r\n\t\t*((LPDWORD)Base)=dwVMHandlerTableAddress;\r\n\r\n\t}\r\n\tiVA+=GetHandlerSize((LPBYTE)tmp);\r\n\tiMem+=GetHandlerSize((LPBYTE)tmp);\r\n\t\r\n\t\r\n\r\n\treturn UsedSize;\r\n\r\n\r\n}\r\n\r\nDWORD CVMHandlerProcessor::GetHandlerSize(LPBYTE HandlerMem)\r\n{\r\n\tLPBYTE Current=HandlerMem;\r\n\tif (Current[0]==0xE9)\r\n\t{\r\n\t\tCurrent=(Current+*((LPDWORD)(Current+1))+5);\r\n\t\tHandlerMem=Current;\r\n\t}\r\n\twhile (Current[0]!=0x68 || *(LPDWORD(&Current[1]))!=0xDEADC0DE)\r\n\t\tCurrent++;\r\n\r\n\treturn Current-HandlerMem;\r\n}\r\n\r\nDWORD CVMHandlerProcessor::GetMainAddress(LPBYTE Current)\r\n{\r\n\tif (Current[0]==0xE9)\r\n\t\tCurrent=(Current+*((LPDWORD)(Current+1))+5);\r\n\treturn (DWORD)Current;\r\n}\r\n\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_Start()\r\n{\r\n     // Start of VM init...\r\n\t__asm\r\n\t{\r\n\t\tLEA ESP,[ESP-0x11C]\r\n\t\tPUSHFD\r\n\t\tPUSHAD\r\n\t\tMOV EBP,ESP\r\n\t\tADD EBP,0x140\r\n\t\tMOV EDI,ESP\r\n\t\tSUB ESP,0x20\r\n\t\tMOV ESI,DWORD PTR SS:[EBP]\r\n\t\tADD EBP,4\r\n\r\n\t\t//---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n}\r\n\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_Exit()\r\n{\r\n     // Exit from VM Handler and continue normal execution...\r\n\t__asm\r\n\t{\r\n\t\tNOP\r\n\t\tNOP\r\n\r\n\r\n\t\t//---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n}\r\n\r\nvoid __declspec(naked)CVMHandlerProcessor::VMH_X86()\r\n{\r\n     // VM Handler of \"Call Register\" Opcode\r\n\t__asm\r\n\t{\r\n\t\t//-----------Write CallBack\r\n\t\tCALL HERE0\r\nHERE0:\r\n\t\tPOP EAX\r\n\t\tADD EAX,0x8B\r\n\t\tPOP DWORD PTR DS:[EAX]\r\n\t\t//-------Restore VM Context\r\n\t\tPUSH ESI\r\n\t\tPUSH EDI\r\n\t\t\r\n\t\t\r\n\t\tCALL HERE1\r\n\t\t//------------------\r\n\r\nHERE1:\r\n\t\tPOP EDI\r\n\t\tADD EDI,0x48\r\n\t\t//------------\r\n\t\tPUSHAD\r\n\t\tMOV EAX,0x90909090\r\n\t\tMOV ECX,4\r\n\t\tREP STOS DWORD PTR ES:[EDI]\r\n\t\tPOPAD\r\n\t\t//-------------------------\r\n\r\n\t\tMOVZX ECX,BYTE PTR DS:[ESI]\r\n\t\tADD ESI,1\r\n\t\tREP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]\r\n\t\tPOP EDI\r\n\t\tPOP ESI\r\n\t\tCALL HERE2\r\nHERE2:\r\n\t\tPOP EBX\r\n\t\tADD EBX,0x37\r\n\t\tMOVZX ECX,[ESI]\r\n\t\tADD ESI,ECX\r\n\t\tINC ESI\r\n\t\tMOV [EBX],ESI\r\n\r\n\r\n\t\tMOV EAX,[EDI+0x1C]\r\n\t\tMOV EBX,[EDI+0x10]\r\n\t\tMOV ECX,[EDI+0x18]\r\n\t\tMOV EDX,[EDI+0x14]\r\n\t\tMOV ESP,EBP\r\n\t\tMOV EBP,[EDI+0x08]\r\n\t\tMOV ESI,[EDI+0x04]\r\n\t\tPUSH [EDI+0x20]\r\n\t\tPOPFD\r\n\t\tMOV EDI,[EDI+0x0]\r\n\t\t//---------------------------x86 Cave\r\n\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\t//-----------------------Reset the VM\r\n\t\tPUSH 0X1111111\r\n\t\tLEA ESP,[ESP-0x11C]\r\n\t\tPUSHFD\r\n\t\tPUSHAD\r\n\t\tMOV EBP,ESP\r\n\t\tADD EBP,0x140\r\n\t\tMOV EDI,ESP\r\n\t\tSUB ESP,0x20\r\n\t\tMOV ESI,DWORD PTR SS:[EBP]\r\n\t\tADD EBP,4\r\n\t\t\r\n\r\n\t\t//---------------\r\n\t\tPUSH 0x11112222\r\n\t\tRET\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n}\r\n\r\n\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_CALL()\r\n{\r\n     // VM Handler of all \"CALL Address\" Opcode\r\n\t__asm\r\n\t{\r\n\t\t\r\n\t\t__asm\r\n\t{\r\n\t\t//-----------Write CallBack\r\n\t\tCALL HERE0\r\nHERE0:\r\n\t\tPOP EAX\r\n\t\tADD EAX,0x6F\r\n\t\tPOP DWORD PTR DS:[EAX]\r\n\t\t//-------Restore VM Context\r\n\t\t\r\n\t\t\r\n\t\tCALL HERE1\r\n\t\t//------------------\r\n\r\nHERE1:\r\n\t\tPOP EBX\r\n\t\tADD EBX,0x3B\r\n\t\t//-------------------------\r\n\t\tMOV BYTE PTR DS:[EBX],0xE8\r\n\t\tMOV ECX,[ESI]\r\n\t\tSUB ECX,EBX\r\n\t\tSUB ECX,0x5\r\n\t\tMOV DWORD PTR DS:[EBX+1],ECX\r\n\t\tCALL HERE2\r\nHERE2:\r\n\t\tPOP EBX\r\n\t\tADD EBX,0x29\r\n\t\tADD ESI,4\r\n\t\tMOV [EBX],ESI\r\n\r\n\r\n\t\tMOV EAX,[EDI+0x1C]\r\n\t\tMOV EBX,[EDI+0x10]\r\n\t\tMOV ECX,[EDI+0x18]\r\n\t\tMOV EDX,[EDI+0x14]\r\n\t\tMOV ESP,EBP\r\n\t\tMOV EBP,[EDI+0x08]\r\n\t\tMOV ESI,[EDI+0x04]\r\n\t\tPUSH [EDI+0x20]\r\n\t\tPOPFD\r\n\t\tMOV EDI,[EDI+0x0]\r\n\t\t//---------------------------x86 Cave\r\n\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\tNOP\r\n\t\t//-----------------------Reset the VM\r\n\t\tPUSH 0X1111111\r\n\t\tLEA ESP,[ESP-0x11C]\r\n\t\tPUSHFD\r\n\t\tPUSHAD\r\n\t\tMOV EBP,ESP\r\n\t\tADD EBP,0x140\r\n\t\tMOV EDI,ESP\r\n\t\tSUB ESP,0x20\r\n\t\tMOV ESI,DWORD PTR SS:[EBP]\r\n\t\tADD EBP,4\r\n\t\t\r\n\r\n\t\t//---------------\r\n\t\tPUSH 0x11112222\r\n\t\tRET\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\t\t//---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n}\r\n\r\n\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_Dispatcher()\r\n{\r\n     // VM Dispatcher , this code reset vm context and go next vm handler\r\n\t \r\n\t__asm\r\n\t{\r\nEntry:\t\t\r\n\t\tLEA EAX,[EDI+0x40]\r\n\t\tCMP EBP,EAX\r\n\t\tJa DoDispatch\r\n\t\t//---------------MOVE VM_Context\r\n\t\tPUSH ESI\r\n\t\tMOV ESI,EDI\r\n\t\tLEA EDI,[EBP-0x100]\r\n\t\tMOV ECX,0x100\r\n\t\tCLD\r\n\t\tREP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]\r\n\t\tPOP ESI\r\n\t\tLEA EDI,[EBP-0x100]\r\n\r\nDoDispatch:\r\n\t\tMOVZX EAX,BYTE PTR DS:[ESI]\r\n\t\tINC ESI\r\n\t\tCALL DWORD PTR DS:[EAX*4+0x12345678]\r\n\t\tJMP Entry\r\n\r\n\r\n\t    //---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_PUSHImmDWORD()\r\n{\r\n     // VM Handler of \"Push DWORD Data\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tMOV EAX, DWORD PTR DS:[ESI]\r\n\t\tADD ESI,4\r\n\t\tSUB EBP,4\r\n\t\tMOV [EBP],EAX\r\n\t\tRET\r\n\t    //---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_JCCIn()\r\n{\r\n     // VM Handler of \"JCC\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tMOVZX EAX,BYTE PTR DS:[EBP]\r\n\t\tADD EBP,4\r\n\t\tMOV ESI,[EBP+4*EAX]\r\n\t\tADD EBP,8\r\n\t\tRET\r\n\t    //---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_PUSHR32()\r\n{\r\n     // VM Handler of \"Push Register/Address\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tMOVZX EAX,BYTE PTR DS:[ESI]\r\n\t\tADD ESI,1\r\n\t\tADD EAX,EDI\r\n\t\tMOV EAX,[EAX]\r\n\t\tSUB EBP,4\r\n\t\tMOV [EBP],EAX\r\n\t\tRET\r\n\t    //---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_POPR32()\r\n{\r\n     // VM Handler of \"POP Regsiter/Address\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tMOVZX EAX,BYTE PTR DS:[ESI]\r\n\t\tADD ESI,1\r\n\t\tMOV EDX,[EBP]\r\n\t\tADD EBP,4\r\n\t\tMOV [EAX+EDI],EDX\r\n\t\tRET\r\n\t    //---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_AND32()\r\n{\r\n     // VM Handler of \"AND\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tMOV EAX,[EBP]\r\n\t\tAND DWORD PTR DS:[EBP+4],EAX\r\n\t\tPUSHFD\r\n\t\tPOP DWORD PTR DS:[EBP]\r\n\t\tRET\r\n\t    //---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_NOT32()\r\n{\r\n     // VM Handler of \"NOT\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tNOT DWORD PTR DS:[EBP]\r\n\t\tRET\r\n\t    //---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_SHR32()\r\n{\r\n     // VM Handler of \"SHR\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tMOV EAX,[EBP+4]\r\n\t\tMOVZX ECX,[EBP]\r\n\t\tSHR EAX,CL\r\n\t\tMOV [EBP+4],EAX\r\n\t\tPUSHFD\r\n\t\tPOP DWORD PTR DS:[EBP]\r\n\t\tRET\r\n\t    //---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_SHL32()\r\n{\r\n     // VM Handler of \"SHL\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tMOV EAX,[EBP+4]\r\n\t\tMOVZX ECX,[EBP]\r\n\t\tSHL EAX,CL\r\n\t\tMOV [EBP+4],EAX\r\n\t\tPUSHFD\r\n\t\tPOP DWORD PTR DS:[EBP]\r\n\t\tRET\r\n\t    //---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_ADD32()\r\n{\r\n     // VM Handler of \"ADD\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tMOV EAX,[EBP]\r\n\t\tADD [EBP+4],EAX\r\n\t\tPUSHFD\r\n\t\tPOP DWORD PTR DS:[EBP]\r\n\t\tRET\r\n\t    //---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_PUSHESP()\r\n{\r\n     // VM Handler of \"Push esp\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tSUB EBP,4\r\n\t\tMOV [EBP],EBP\r\n\t\tRET\r\n\r\n\t\t//---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_POPESP()\r\n{\r\n     // VM Handler of \"Pop esp\" Opcode\r\n\t__asm\r\n\t{\r\n\t\tMOV EBP,[EBP]\r\n\t\tRET\r\n\r\n\t\t//---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_GetDWORDDS()\r\n{\r\n     // VM Handler of Any Opcode that get DWORD Data\r\n\t__asm\r\n\t{\r\n\t\tMOV EAX,[EBP]\r\n\t\tMOV EAX,DWORD PTR DS:[EAX]\r\n\t\tMOV [EBP],EAX\r\n\t\tRET\r\n\r\n\t\t//---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n}\r\nvoid __declspec(naked) CVMHandlerProcessor::VMH_SetDWORDDS()\r\n{\r\n     // VM Handler of Any Opcode that set DWORD Data\r\n\t__asm\r\n\t{\r\n\t\tMOV EAX,[EBP]\r\n\t\tMOV ECX,[EBP+4]\r\n\t\tADD EBP,8\r\n\t\tMOV DWORD PTR DS:[ECX],EAX\r\n\t\tRET\r\n\r\n\t\t//---------------\r\n\t\tPUSH 0xDEADC0DE\r\n\t}\r\n\r\n}\r\n\r\n"
  },
  {
    "path": "VM Project/VMHandlerProcessor.h",
    "content": "#pragma once\r\n\r\nenum VMHandlerCodes{VM_X86,VM_CALL,VM_Exit,VM_Start,VM_PUSHImmDW,VM_JCCIn,VM_PUSHR32,VM_POPR32,VM_AND32,VM_NOT32,VM_SHR32,VM_SHL32,VM_ADD32,VM_PUSHESP,VM_POPESP,VM_SetDWORDDS,VM_GetDWORDDS};\r\n\r\nclass CVMHandlerProcessor\r\n{\r\nprivate:\r\n\tDWORD HandlerTable[256];\r\n\tDWORD HandlerCurrentTable[256];\r\n\tDWORD HandlerCount;\r\n\tDWORD GetHandlerSize(LPBYTE);\r\n\tDWORD dwVMHandlerTableAddress;\r\n\tDWORD GetMainAddress(LPBYTE);\r\npublic:\r\n\tDWORD dwVMEntryAddress;\r\n\t\r\n\tCVMHandlerProcessor(void);\r\n\t~CVMHandlerProcessor(void);\r\n\tunsigned int GetHandlerIndex(VMHandlerCodes);\r\n\tDWORD BuildVMEngine(DWORD,LPBYTE);\r\n\r\n\t//-------VM Handlers\r\n\tvoid VMH_X86();\r\n\tvoid VMH_CALL();\r\n\tvoid VMH_Exit();\r\n\tvoid VMH_PUSHImmDWORD();\r\n\tvoid VMH_JCCIn();\r\n\tvoid VMH_Start();\r\n\tvoid VMH_Dispatcher();\r\n\tvoid VMH_PUSHR32();\r\n\tvoid VMH_POPR32();\r\n\tvoid VMH_AND32();\r\n\tvoid VMH_NOT32();\r\n\tvoid VMH_SHR32();\r\n\tvoid VMH_SHL32();\r\n\tvoid VMH_ADD32();\r\n\tvoid VMH_PUSHESP();\r\n\tvoid VMH_POPESP();\r\n\tvoid VMH_SetDWORDDS();\r\n\tvoid VMH_GetDWORDDS();\r\n};\r\n\r\n"
  },
  {
    "path": "VM Project/stdafx.cpp",
    "content": "\r\n// stdafx.cpp : source file that includes just the standard includes\r\n// VM Project.pch will be the pre-compiled header\r\n// stdafx.obj will contain the pre-compiled type information\r\n\r\n#include \"stdafx.h\"\r\n\r\n\r\n"
  },
  {
    "path": "VM Project/stdafx.h",
    "content": "\r\n// stdafx.h : include file for standard system include files,\r\n// or project specific include files that are used frequently,\r\n// but are changed infrequently\r\n\r\n#pragma once\r\n\r\n#ifndef VC_EXTRALEAN\r\n#define VC_EXTRALEAN            // Exclude rarely-used stuff from Windows headers\r\n#endif\r\n\r\n#include \"targetver.h\"\r\n\r\n#define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS      // some CString constructors will be explicit\r\n\r\n// turns off MFC's hiding of some common and often safely ignored warning messages\r\n#define _AFX_ALL_WARNINGS\r\n\r\n#include <afxwin.h>         // MFC core and standard components\r\n#include <afxext.h>         // MFC extensions\r\n\r\n\r\n\r\n\r\n\r\n#ifndef _AFX_NO_OLE_SUPPORT\r\n#include <afxdtctl.h>           // MFC support for Internet Explorer 4 Common Controls\r\n#endif\r\n#ifndef _AFX_NO_AFXCMN_SUPPORT\r\n#include <afxcmn.h>             // MFC support for Windows Common Controls\r\n#endif // _AFX_NO_AFXCMN_SUPPORT\r\n\r\n#include <afxcontrolbars.h>     // MFC support for ribbons and control bars\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n#ifdef _UNICODE\r\n#if defined _M_IX86\r\n#pragma comment(linker,\"/manifestdependency:\\\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\\\"\")\r\n#elif defined _M_X64\r\n#pragma comment(linker,\"/manifestdependency:\\\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\\\"\")\r\n#else\r\n#pragma comment(linker,\"/manifestdependency:\\\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\\\"\")\r\n#endif\r\n#endif\r\n\r\n\r\n"
  },
  {
    "path": "VM Project/targetver.h",
    "content": "#pragma once\r\n\r\n// Including SDKDDKVer.h defines the highest available Windows platform.\r\n\r\n// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and\r\n// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.\r\n\r\n#include <SDKDDKVer.h>\r\n"
  },
  {
    "path": "VM Project.sln",
    "content": "\r\nMicrosoft Visual Studio Solution File, Format Version 12.00\r\n# Visual Studio 2012\r\nProject(\"{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}\") = \"VM Project\", \"VM Project\\VM Project.vcxproj\", \"{50DC5327-0CAD-4787-B236-F3B0127AA8A9}\"\r\nEndProject\r\nGlobal\r\n\tGlobalSection(SolutionConfigurationPlatforms) = preSolution\r\n\t\tDebug|Win32 = Debug|Win32\r\n\t\tRelease|Win32 = Release|Win32\r\n\tEndGlobalSection\r\n\tGlobalSection(ProjectConfigurationPlatforms) = postSolution\r\n\t\t{50DC5327-0CAD-4787-B236-F3B0127AA8A9}.Debug|Win32.ActiveCfg = Debug|Win32\r\n\t\t{50DC5327-0CAD-4787-B236-F3B0127AA8A9}.Debug|Win32.Build.0 = Debug|Win32\r\n\t\t{50DC5327-0CAD-4787-B236-F3B0127AA8A9}.Debug|Win32.Deploy.0 = Debug|Win32\r\n\t\t{50DC5327-0CAD-4787-B236-F3B0127AA8A9}.Release|Win32.ActiveCfg = Release|Win32\r\n\t\t{50DC5327-0CAD-4787-B236-F3B0127AA8A9}.Release|Win32.Build.0 = Release|Win32\r\n\tEndGlobalSection\r\n\tGlobalSection(SolutionProperties) = preSolution\r\n\t\tHideSolutionNode = FALSE\r\n\tEndGlobalSection\r\nEndGlobal\r\n"
  }
]