From 49d154575eacdfa003c625923be3f383f567d824 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Fri, 20 Aug 2021 02:27:08 +0000 Subject: [PATCH] Update README.md --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index aad1d97..7c7dc80 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ # VMEmu - Virtual Machine Handler Emulation -VMEmu uses unicorn to emulate x86_64 instructions which make up the virtual machine handlers. This project is extremely simple in that it will check every executed instruction in order to find any `JMP` instruction which uses a register and jumps to a vm handler. When this JMP is executed all native registers, virtual scratch registers, and the virtual stack are saved into a trace entry. Emulation ends when a VMEXIT instruction is found. This project supports multi-code path virtual instruction code and will discover all code paths. You can continue the analysis using IDA outside of the virtual machine and then use VMEmu again once execution enters back into the virtual machine. +VMEmu uses unicorn to emulate x86_64 instructions which make up the virtual machine handlers. This project is extremely simple in that it will check every executed instruction in order to find any `JMP` instruction which uses a register and jumps to a vm handler. When this JMP is executed all native registers, virtual scratch registers, and the virtual stack are saved into a trace entry. Emulation ends when a VMEXIT instruction is found. This project supports multi-code path virtual instruction code and will discover all code paths, this means virtual branching (JCC's) and switch cases (jmp tables & indirect jmp tables) are fully supported. You can continue the analysis using IDA outside of the virtual machine and then use VMEmu again once execution enters back into the virtual machine. ``` Usage: VMEmu [options...] @@ -14,8 +14,10 @@ Options: --vmentry relative virtual address to a vm entry... --bin path to unpacked virtualized binary... --out output file name... - --unpack unpack a vmp2, usermode, binary... + --unpack unpack a vmp2 binary... + --emuall scan for all vm enters and trace all of them... this may take a few minutes... --locateconst scan all vm enters for a specific constant value... + -h, --help Shows this page ```