Skip to content

Instantly share code, notes, and snippets.

@Mez0ne

Mez0ne/vm.py Secret

Created March 18, 2021 13:17
Show Gist options
  • Save Mez0ne/fdc7025497c1349143176972b0ee8999 to your computer and use it in GitHub Desktop.
Save Mez0ne/fdc7025497c1349143176972b0ee8999 to your computer and use it in GitHub Desktop.
Download ZIP
Geek-Tree 100000 VM Parse
Raw
vm.py
a=[33,3,25,2,16,68,119,68,105,68,110,68,100,68,111,68,119,45,16,68,67,68,65,68,49,68,56,68,48,68,55,68,69,68,66,65,17,2426,33,7,25,2,25,3,25,4,25,5,25,6,12,4,16,68,66,68,105,68,103,68,73,68,110,68,116,45,55,0,52,1,41,12,5,55,0,41,31,0,12,6,16,68,66,68,105,68,103,68,73,68,110,68,116,45,55,1,52,1,41,31,0,63,6,12,5,48,12,3,16,68,97,24,55,0,65,57,34,9,32,123,37,17,243,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,54,68,54,68,49,68,53,68,57,68,52,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,103,12,5,55,0,41,31,0,37,37,12,5,48,12,3,16,68,97,24,55,1,65,57,34,9,32,272,37,17,392,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,50,68,52,68,55,68,55,68,54,68,50,68,55,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,252,12,4,58,48,53,6,66,41,31,0,12,4,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,55,0,41,31,0,12,6,16,68,66,68,105,68,103,68,73,68,110,68,116,45,55,1,52,1,41,31,0,63,8,12,5,48,12,3,16,68,97,24,55,2,65,57,34,9,32,511,37,17,631,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,54,68,56,68,55,68,56,68,55,68,57,68,52,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,491,12,5,55,0,41,31,0,37,37,12,5,48,12,3,16,68,97,24,55,3,65,57,34,9,32,660,37,17,780,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,55,68,53,68,52,68,54,68,51,68,54,68,52,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,640,12,4,58,48,53,6,66,41,31,0,12,4,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,55,0,41,31,0,12,6,16,68,66,68,105,68,103,68,73,68,110,68,116,45,55,1,52,1,41,31,0,63,8,12,5,48,12,3,16,68,97,24,55,4,65,57,34,9,32,899,37,17,1019,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,50,68,57,68,57,68,49,68,57,68,49,68,57,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,879,12,5,55,0,41,31,0,37,37,12,5,48,12,3,16,68,97,24,55,5,65,57,34,9,32,1048,37,17,1168,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,50,68,49,68,56,68,50,68,54,68,52,68,51,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,1028,12,4,58,48,53,6,66,41,31,0,12,4,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,55,0,41,31,0,12,6,16,68,66,68,105,68,103,68,73,68,110,68,116,45,55,1,52,1,41,31,0,63,8,12,5,48,12,3,16,68,97,24,55,6,65,57,34,9,32,1287,37,17,1407,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,55,68,57,68,51,68,48,68,48,68,57,68,52,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,1267,12,5,55,0,41,31,0,37,37,12,5,48,12,3,16,68,97,24,55,7,65,57,34,9,32,1436,37,17,1556,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,52,68,52,68,52,68,56,68,54,68,49,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,1416,12,4,58,48,53,6,66,41,31,0,12,4,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,55,0,41,31,0,12,6,16,68,66,68,105,68,103,68,73,68,110,68,116,45,55,1,52,1,41,31,0,63,8,12,5,48,12,3,16,68,97,24,55,8,65,57,34,9,32,1675,37,17,1795,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,53,68,53,68,57,68,54,68,48,68,50,68,52,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,1655,12,5,55,0,41,31,0,37,37,12,5,48,12,3,16,68,97,24,55,9,65,57,34,9,32,1824,37,17,1944,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,54,68,50,68,52,68,54,68,56,68,55,68,51,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,1804,12,4,58,48,53,6,66,41,31,0,12,4,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,55,0,41,31,0,12,6,16,68,66,68,105,68,103,68,73,68,110,68,116,45,55,1,52,1,41,31,0,63,8,12,5,48,12,3,16,68,97,24,55,10,65,57,34,9,32,2063,37,17,2183,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,56,68,55,68,50,68,54,68,57,68,48,68,57,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,2043,12,5,55,0,41,31,0,37,37,12,5,48,12,3,16,68,97,24,55,11,65,57,34,9,32,2212,37,17,2332,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,53,68,56,68,49,68,49,68,55,68,55,68,51,52,1,44,41,31,0,12,6,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,12,5,58,48,58,31,1,31,0,55,1,66,41,37,13,0,31,0,0,63,5,37,17,2192,12,4,58,48,53,6,66,41,31,0,12,4,58,48,16,68,66,68,105,68,103,68,73,68,110,68,116,45,16,68,49,68,49,68,50,68,53,68,56,68,57,68,57,68,57,68,48,68,54,68,56,68,52,68,50,68,53,68,57,68,55,52,1,15,41,31,0,16,68,112,68,97,68,114,68,115,68,101,68,73,68,110,68,116,45,53,4,52,1,7,5,7,63,4,3,38,0,1,3,8,31,0,5,7,37,37]
from vmbase import funcs
def get_str(idx):
ret=''
cur=idx+1
while(1):
if(a[cur]==68):
ret+=chr(a[cur+1])
cur+=2
else:
break
return ret,cur
def nop(i):
print(i," : ?(", a[i],')')
return
desc=[nop for i in range(69)]
func_size=[0 for i in range(len(funcs))]
func_size[3]+=6
func_size[12]+=1
func_size[13]+=1
func_size[17]+=1
func_size[25]+=1
func_size[31]+=1
func_size[32]+=1
func_size[33]+=1
func_size[52]+=1
func_size[53]+=1
func_size[55]+=1
func_size[63]+=1
func_size[68]+=1
desc[5]=lambda x:print(x," : push undef")
desc[7]=lambda x:print(x," : mov eax, 1")
desc[8]=lambda x:print(x," : return 1")
desc[9]=lambda x:print(x," : inverse sign [esp]")
desc[0]=lambda x:print(x," : or [esp+1], [esp]")
def _call(eip):
# exit()
off=1
g=a[eip+1]
print("Setting child funcs @ %d"%g)
cnt=a[eip+2]
I=a[eip+3]
print("Cnt:%d, I:%d"%(cnt,I))
off+=3
for i in range(cnt):
print("Q[%d] = stack[%d]"%(a[eip+off],a[eip+off+1]))
off+=2
for i in range(I):
print("H[%d]=%d"%(i,a[eip+off]))
off+=1
global g_off
g_off=off
# stack.append("Child_Func_%d"%g)
return off
desc[3]=lambda x:_call(x)
desc[12]=lambda x:print(x," : push ",a[x+1])
desc[13]=lambda x:print(x," : mov [esp] ",a[x+1])
desc[15]=lambda x:print(x," : MODULE [esp+1], [esp]; pop")
desc[16]=lambda x: 0
desc[17]=lambda x:print(x," : jmp ",a[x+1])
desc[25]=lambda x:print(x," : malloc at ",a[x+1])
desc[31]=lambda x:print(x," : xchg [esp], [esp+",a[x+1],"]")
desc[32]=lambda x:print(x," : jnz, ",a[x+1])
desc[33]=lambda x:print(x," : mov ebp, ",a[x+1])
desc[34]=lambda x:print(x," : cmp [esp+1], [esp]")
desc[37]=lambda x:print(x," : pop ")
desc[41]=lambda x:print(x," : mov [ebp- [ebp - [esp+1] ]], [esp]")
desc[44]=lambda x:print(x," : mul [esp], [esp+1]; pop;")
desc[45]=lambda x:print(x," : finish str(push [window,str]")
desc[48]=lambda x:print(x," : mov [esp], [ ebp- [esp]] ")
desc[52]=lambda x:print(x," : call [ebp+",a[x+1],"]")
desc[53]=lambda x:print(x," : push [ebp-",a[x+1],"]")
desc[55]=lambda x:print(x," : PUSH, ",a[x+1])
desc[57]=lambda x:print(x," : push ARGS[pop] ")
desc[58]=lambda x:print(x," : push [esp] ")
desc[63]=lambda x:print(x," : sub ebp, ",a[x+1])
desc[65]=lambda x:print(x," :pop; push ARGS[pop]")
desc[66]=lambda x:print(x," : add [esp], [esp+1]; pop")
eip=0
while(eip<len(a)):
cur_func=funcs[a[eip]]
# print(eip,cur_func)
desc[a[eip]](eip)
if(cur_func=="error"):
print(eip,'err')
exit()
if(a[eip]==16 and a[eip+1]==68):
# print(i)
print(eip," : ",end='')
cur_str =get_str(eip)
print("push : '", cur_str[0],"'")
eip=cur_str[1]
if(a[eip]==3):
eip+=g_off
else:
eip+=(func_size[a[eip]]+1)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment