From c9451388502b270aaf0eb07a2b7aa85524f4df63 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Mon, 7 Jun 2021 07:44:37 +0000 Subject: [PATCH] Update README.md --- README.md | 58 +++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 52 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 70f84c9..38e13d7 100644 --- a/README.md +++ b/README.md @@ -21,10 +21,56 @@ The repo contains the following notable folders and files: ### Usage Requirements -In order to use the virtual instruction assembler you must first have a few values at hand. The required values are listed below: +In order to use the virtual instruction assembler you must first have a few values at hand. You must have an unpacked vmprotect 2 binary. This file cannot be a dump, it must be unpacked. Second, you must know the RVA to the vm entry address of the first push instruction. This first push instruction must not be `push contant_value`, it must be of type `push reg` as the constant values are pushed onto the stack by the generated c++ header file. The last thing you need is a virtual instruction assembly file. You can make one of these easily. Simply open a text editor and create your first label: -* `vm_entry rva` - relative virtual address to a vm_entry... -* `image base` - image base value from optional headers... -* a path to a vasm file is required... -* `advancement` - which way the virtual instruction pointer advances... -* `out path` - a path to where the vmasm file will be stored... \ No newline at end of file + +***Note: you can use ANY virtual instruction which is defined by vmprofiler... you can see them all [here]()*** + +``` +get_hello: + SREGQ 0x90 + SREGQ 0x88 + SREGQ 0x80 + SREGQ 0x78 + SREGQ 0x70 + SREGQ 0x68 + SREGQ 0x60 + SREGQ 0x58 + SREGQ 0x50 + SREGQ 0x48 + SREGQ 0x40 + SREGQ 0x38 + SREGQ 0x30 + SREGQ 0x28 + SREGQ 0x20 + SREGQ 0x18 + SREGQ 0x10 + SREGQ 0x8 + SREGQ 0x0 + + LCONSTQ 0x6F6C6C6568 + SREGQ 0x78 + SREGQ 0x0 + SREGQ 0x0 + + LREGQ 0x0 + LREGQ 0x8 + LREGQ 0x10 + LREGQ 0x18 + LREGQ 0x20 + LREGQ 0x28 + LREGQ 0x30 + LREGQ 0x38 + LREGQ 0x40 + LREGQ 0x48 + LREGQ 0x50 + LREGQ 0x58 + LREGQ 0x60 + LREGQ 0x68 + LREGQ 0x70 + LREGQ 0x78 + LREGQ 0x80 + LREGQ 0x88 + LREGQ 0x90 + VMEXIT +``` \ No newline at end of file