Skip to content

Latest commit

 

History

History
56 lines (47 loc) · 1.68 KB

README.md

File metadata and controls

56 lines (47 loc) · 1.68 KB

BaddyVM

Another poorly implemented virtual machine for C#. Good for crackme obfuscation to show how good you are.

What opcodes are implemented?

Click me

How well does it work?

Can add two times two and coolly call a virtual method that no one will know about it.

Not all opcodes work correctly.

Made for fun.

How much slower will the code run?

Slower than the Yandere-dev code

How to use?

Download latest sources, open Program.cs, change it for yourself and compile it in Release (because of the #!DEBUG directive, which turns off part of the protection in the debug release to make debugging easier for me) mode.

IMPORTANT!!! Any Net7 files must be obfuscated by a compiled BaddyVM targetting Net7.0. Any Net6 files must be obfuscated by a compiled BaddyVM targetting Net6.0.

VM in action

Crackme #1 (Used old version)

How it looks

public unsafe static void Main(string[] args)
{
	int* ptr = Marshal.AllocHGlobal(64);
	int* ptr2 = Marshal.AllocHGlobal(120);
	*(IntPtr*)(ptr2 + 0) = ptr;
	*(IntPtr*)(ptr2 + 12) = args;
	*(IntPtr*)(ptr2 + 10) = 1;
	*(IntPtr*)(ptr2 + 4) = VMRunner.VMTable;
	VMRunner.a(<Module>.Main(), ptr2);
	Marshal.FreeHGlobal(ptr);
	Marshal.FreeHGlobal(ptr2);
}

The VM instructions look like this

internal unsafe static int* Store(int* A_0, int* A_1)
{
	int num = (int)(*(ushort*)A_0);
	A_0 = (int*)((byte*)A_0 + 2);
	ref IntPtr ptr = ref *(IntPtr*)(A_1 + num / 4);
	int* ptr2 = *(long*)(A_1 + 0);
	IntPtr intPtr = (IntPtr)(*(long*)ptr2);
	ptr2 -= 2;
	*(IntPtr*)(A_1 + 0) = ptr2;
	ptr = intPtr;
	jmp(Router());
}