let disassemble bytearray index = match (bytearray.(index) land 0xff) with 0x0 -> (VM__Handler0__PopIntoRegister(0),[index+1]) | 0x1 -> (VM__Handler1__PushDwordFromRegister(0),[index+1]) | 0x2 -> (VM__Handler2__AddWords,[index+1]) | 0x3 -> (VM__Handler3__StoreByteIntoRegister(bytearray.(index+1)),[index+2]) | 0x4 -> (VM__Handler0__PopIntoRegister(4),[index+1]) | 0x5 -> (VM__Handler1__PushDwordFromRegister(4),[index+1]) | 0x6 -> (VM__Handler4__ShrDword,[index+1]) | 0x7 -> (VM__Handler5__ReadDword__FromStackSegment,[index+1]) | ... -> ...
Handler #02: Handler #04: mov ax, [ebp+0] mov eax, [ebp+0] sub ebp, 2 mov cl, [ebp+4] add [ebp+4], ax sub ebp, 2 pushf shr eax, cl pop dword ptr [ebp+0] mov [ebp+4], eax pushf pop dword ptr [ebp+0]
type size = B | W | D | Q type temp = int * size type seg = Scratch | SS | FS | Regular type irbinop = Add | And | Shl | Shr | MakeQword type irunop = Neg | MakeByte | TakeHighDword | Flags type irexpr = Reg of register | Temp of int | Const of const | Deref of seg * irexpr * size | Binop of irexpr * irbinop * irexpr | Unop of irexpr * irunop type ir = DeclareTemps of temp list | Assign of irexpr * irexpr | Push of irexpr | Pop of irexpr | Return
let make_microcode = function VM__Handler0__PopIntoRegister(b) -> [Pop(Deref(Scratch, Const(Dword(zero_extend_byte_dword(b land 0x3C))), D))] | VM__Handler2__AddWords -> [DeclareTemps([(0, W);(1, W);(2, W)]); Pop(Temp(0)); Pop(Temp(1)); Assign(Temp(2), Binop(Temp(0), Add, Temp(1))); Push(Temp(2)); Push(Unop(Temp(2), Flags))] | VM__Handler4__ShrDword -> [DeclareTemps([(0, D);(1, W);(2, D)]); Pop(Temp(0)); Pop(Temp(1)); Assign(Temp(2), Binop(Temp(0), Shr, Temp(1))); Push(Temp(2)); Push(Unop(Temp(2), Flags))] | VM__Handler7__PushESP -> [Push(Reg(Esp))] | VM__Handler23__WriteDwordIntoFSSegment -> [DeclareTemps([(0, D);(1, D)]); Pop(Temp(0)); Pop(Temp(1)); Assign(Deref(FS, Temp(0), D), Temp(1))] | ... -> ...
VM__Handler1__PushDwordFromRegister 32 and al, 3Ch ; al = 32 mov edx, [edi+eax] sub ebp, 4 mov [ebp+0], edx Push (Deref (Scratch, Const (Dword 32l), D)); VM__Handler7__PushESP mov eax, ebp sub ebp, 4 mov [ebp+0], eax Push (Reg Esp); VM__Handler0__PopIntoRegister 40 and al, 3Ch mov edx, [ebp+0] add ebp, 4 mov [edi+eax], edx Pop (Deref (Scratch, Const (Dword 40l), D)); VM__Handler19__PushSignedByteAsDword (-1l) movzx eax, byte ptr [esi] ; *esi = -1 sub esi, 0FFFFFFFFh cbw cwde sub ebp, 4 mov [ebp+0], eax Push (Const (Dword (-1l))); VM__Handler9__PushDword 4525664l mov eax, [esi] ; *esi = 4525664l add esi, 4 sub ebp, 4 mov [ebp+0], eax Push (Const (Dword 4525664l)); VM__Handler9__PushDword 4362952l}; mov eax, [esi] ; *esi = 4362952l add esi, 4 sub ebp, 4 mov [ebp+0], eax Push (Const (Dword 4362952l)); VM__Handler19__PushSignedByteAsDword 0l}; movzx eax, byte ptr [esi] ; *esi = 0 sub esi, 0FFFFFFFFh cbw cwde sub ebp, 4 mov [ebp+0], eax Push (Const (Dword (0l))); VM__Handler42__ReadDwordFromFSSegment}; mov eax, [ebp+0] DeclareTemps([(0,D)]); Pop (Temp 0); mov eax, fs:[eax] mov [ebp+0], eax Push (Deref (FS, Temp 0, D));
There are 31,321 total registered users.
[+] expand
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}