diff --git a/README.md b/README.md index c3ae34c..b91c4a1 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,12 @@ -# vm_entry - an entry point into the vm +# vmemu - Virtual Machine Emulation + +VMEmu uses unicorn to emulate x86_64 instructions which make up the virtual machine handlers. This project is extremely simple in that it will check every executed instruction in order to find any `JMP` instruction which uses a register and jumps to a vm handler. When this JMP is executed all native registers, virtual scratch registers, and the virtual stack are saved into a trace entry. Emulation ends when a VMEXIT instruction is found. + +You can continue the analysis using IDA outside of the virtual machine and then use VMEmu again once execution enters back into the virtual machine. I have plans to turn this into a library and inherit this library into `vmprofiler-qt` and make a split view where you can see what native instructions are executed prior to the next vm entry. However for now this project is used to generate vmtrace files which `vmprofiler-qt` can parse. + +# VMProtect 2 - Virtual Machine Architecture Overview + +## vm_entry - an entry point into the vm `vm_entry` is the code name for the vmp2 routine which is used to transition control flow from non-virtualized code to virtualized code. Prior to calling this function a value is pushed onto the stack.