The antispy C/C + + Virtual Machine implements a simple but very powerful interpreter to obscure mathematical operations. The abstraction of the virtual machine makes the static and dynamic analysis of functions very difficul
t. The implementation of a virtual machine takes place in two steps. The code to be exported is loaded into the virtual machine and then executed.
Registers are defined in the namespace antispy:: Vm _ register. There are 14 so-called registers that are available for free. There are also two specialized registers.
This:: anti _ spy:: vm _ register:: Return _ register is used to store results.
_ from code Register
This::: anti _ spy:: vm _ register:: From _ code Register is a special register to read variables from the virtual machine without pushing them on the stack beforehand.
Our virtual machine implements a stack. This is no different from the stack of other architectures and platforms. It is used to store data for long operations and manipulate data.
In our instruction set, we distinguish between different types of operations.
- jump _ rel _ nz
- jump _ rel _ ez
- Ccall _ vfunc
- Documentation follows.