| View previous topic :: View next topic |
| Author |
Message |
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
 Posted: Sat Jun 20, 2009 5:20 pm Post subject: Does My Crap VM fail or what? |
 |
|
I recently coded a program that protects certain parts of the program marked with a macro. It basically encodes it and actively handles the exceptions. Now... The speed really sucks... See the download for the speed test... I am currently using a separate process to handle all the exceptions from the vm. So any suggestions that might speed it up a little?
http://www.mediafire.com/?zyznvg5rgzd
I mean for a loop like this:
| Code: | for i:=0 to 10 do
begin
end; |
It takes no VM 0 ms to do it while it takes the VM 325 ms...
|
|
| Back to top |
|
 |
Guy
Expert Cheater
![]() Reputation: 0
Joined: 30 May 2009
Posts: 187
|
| Posted: Sat Jun 20, 2009 9:34 pm Post subject: |
|
|
The VM looks like it'd be very easy to analyse, too - if you take a string dump, you'll find opcodes, registers, etc in plainview, with their VM equivalent:
| Code: |
00456185 E8 62DEFAFF CALL 00403FEC ; VMSpeedT.00403FEC
0045618A E9 C0060000 JMP 0045684F ; VMSpeedT.0045684F
0045618F 43 INC EBX
00456190 891F MOV DWORD PTR DS:[EDI],EBX
00456192 8BC6 MOV EAX,ESI
00456194 BA FC764500 MOV EDX,4576FC ; ASCII "EBP+EAX*8"
00456199 E8 4EDEFAFF CALL 00403FEC ; VMSpeedT.00403FEC
0045619E E9 AC060000 JMP 0045684F ; VMSpeedT.0045684F
004561A3 8BC6 MOV EAX,ESI
004561A5 BA F8684500 MOV EDX,4568F8 ; ASCII "error"
004561AA E8 3DDEFAFF CALL 00403FEC ; VMSpeedT.00403FEC
004561AF E9 9B060000 JMP 0045684F ; VMSpeedT.0045684F
004561B4 8BC6 MOV EAX,ESI
004561B6 BA 10774500 MOV EDX,457710 ; ASCII "ESI+EAX*8"
004561BB E8 2CDEFAFF CALL 00403FEC ; VMSpeedT.00403FEC
004561C0 43 INC EBX
004561C1 891F MOV DWORD PTR DS:[EDI],EBX
004561C3 E9 87060000 JMP 0045684F ; VMSpeedT.0045684F
004561C8 8BC6 MOV EAX,ESI
004561CA BA 24774500 MOV EDX,457724 ; ASCII "EDI+EAX*8"
004561CF E8 18DEFAFF CALL 00403FEC ; VMSpeedT.00403FEC
|
EDIT: Is there a reason why there's two instances of "VM Speed Test" being launched too?
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Jun 21, 2009 7:58 am Post subject: |
|
|
| One debugs the other. And I didn't add anything else to it. No Obfuscation or anything. Anti-Debug nothing. XD
|
|
| Back to top |
|
|
Guy
Expert Cheater
![]() Reputation: 0
Joined: 30 May 2009
Posts: 187
|
| Posted: Sun Jun 21, 2009 8:18 am Post subject: |
|
|
| dnsi0 wrote: | | One debugs the other. And I didn't add anything else to it. No Obfuscation or anything. Anti-Debug nothing. XD |
Anti-debug and obfuscation aren't necessarily a requirement; virtualization itself should be the obfuscation.
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Jun 21, 2009 9:04 am Post subject: |
|
|
| Majii wrote: | | dnsi0 wrote: | | One debugs the other. And I didn't add anything else to it. No Obfuscation or anything. Anti-Debug nothing. XD |
Anti-debug and obfuscation aren't necessarily a requirement; virtualization itself should be the obfuscation. |
I know. But you need to obfuscate the vm. Or anyone can reverse the vm and no matter how complex the encoding is it will still be broken.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
