中文摘要：

在采用虚拟化技术保护的程序中定位x86代码和虚拟机代码的临界点是实现被虚拟机保护代码自动化提取和还原的前提,目前尚不存在能有效实现虚拟机代码入口点定位的方法。针对该问题,构建一个程序状态转移模型,并在此模型的基础上,提出基于栈监控的自建栈型虚拟机代码入口点定位方法和基于寄存器值聚类分析的复用栈型虚拟机代码入口点定位方法,有效解决了虚拟机代码入口点的定位问题。实验结果表明,该方法能有效实现堆栈型虚拟机代码入口点的准确定位。

英文摘要：

Locating the entry point of stack-based virtual machine in the program protected by virtualization technology is the key to restore the virtual machine protection code. Currently, there was no existing methods could reliably locate the entry point of code protected by virtual machine. To solve this problem, this paper established a program state model. Based on the model, this paper presented the method of stack-based monitoring to locate the entry point of code protected by the self-building stack VM, and also presented the method of clustering register values to locate the entry point of code protected by the reusing stack virtual machine. By this way, the problem was solved efficiently. Experimental results show that the proposed method can locate the entry point of the stack-based virtual machine code.