Map and projects (the most frequently updated page of this blog)


when VMs have only one opcode...

VMs are common in advanced packers or virii, but they seem to follow the same architectures (x86 or stack machine).
I was curious, and implemented, around a small fibonacci example, the usual models of course, but as well the TTA and Subleq ones, two models of one instruction set architectures.

Opcode-less VMs are quite small in code, but the virtual code is quite obscure - which makes an easy but annoying challenge:
typically, you would expect that MOV is the most basic opcode, and arithmetic operations tend to be more complex. But in Subleq, a standard MOV is made of 4 lines of code, while SUB+JLE is only 1.


This is not a pipe

...nor a virus.... just the EICAR test file.
I never took the time before to look at it in details, so I wrote a commented source to re-create it exactly.

Source code