From 4839c809899736850ede5d1de76d5bbeaf092a72 Mon Sep 17 00:00:00 2001
From: ALittlePatate <maxime@patate.dev>
Date: Mon, 21 Oct 2024 23:02:33 +0200
Subject: [PATCH] fix: article

---
 pages/reversing_guardianrs1.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pages/reversing_guardianrs1.html b/pages/reversing_guardianrs1.html
index 523bf0c..50eb149 100644
--- a/pages/reversing_guardianrs1.html
+++ b/pages/reversing_guardianrs1.html
@@ -47,7 +47,7 @@
 <h2 id="Writing-a-bytecode-disassembler">
     <a href="#Writing-a-bytecode-disassembler">Writing a bytecode disassembler</a>
 </h2>
-<p>At this stage, we'd have to reverse engineer the <code class="language-plaintext highlighter-rouge">VMDispatcher</code> to understand how the bytecode is encoded but I instead decided to cheat and look at the source code of the virtualizer (lol).</p><p>The bytecode follows this simple format :</p><p></p><p><table><tbody><tr><th>Mnemonic (1 byte)</th><th>Size of the data (1 byte) </th><th>Argument (1 byte or more)</th></tr><tr><td>0x16 (Vmctx)</td><td>0x08 (Qword)</td><td>None</td></tr><tr><td>0x00 (Const)</td><td>0x08 (Qword)</td><td>0x20 (Rdx)</td></tr></tbody></table></p><p></p><p>Following this example, we can retrieve the first instructions of our function !</p><p>Using this simple logic and by looking at the existing code of Guardian-rs I could write a disassembler (code <a href="../misc/reversing_guardianrs1/disassembler.py" target="_blank">here</a> ).</p><p>It gave me the following code :</p><p></p>
+<p>At this stage, we'd have to reverse engineer the <code class="language-plaintext highlighter-rouge">VMDispatcher</code> to understand how the bytecode is encoded but I instead decided to cheat and look at the source code of the virtualizer (lol).</p><p>The bytecode follows this simple format :</p><p></p><p><table><tbody><tr><th>Mnemonic (1 byte)</th><th>Size of the data (1 byte) </th><th>Argument (1 byte or more)</th></tr><tr><td>0x16 (Vmctx)</td><td>0x08 (Qword)</td><td>None</td></tr><tr><td>0x00 (Const)</td><td>0x08 (Qword)</td><td>0x20 (Rdx)</td></tr></tbody></table></p><p></p><p>Following this example, we can retrieve the first instructions of our function !</p><p>Using this simple logic and by looking at the existing code of Guardian-rs I could write a disassembler (code <a href="../misc/reversing_guardianrs1/disassembler.py" target="_blank">here</a> ).</p><p>It gave me the following code (only showing a sample because it's long) :</p><p></p>
 <p>
     <img class="center_image" src="../images/reversing_guardianrs1/disassembled_bytecode_sample.png" alt="" />
 </p>

Mnemonic (1 byte)	Size of the data (1 byte)	Argument (1 byte or more)
0x16 (Vmctx)	0x08 (Qword)	None
0x00 (Const)	0x08 (Qword)	0x20 (Rdx)