diff --git a/RE-HCTF_450/.gitattributes b/RE-HCTF_450/.gitattributes
new file mode 100644
index 0000000..1ff0c42
--- /dev/null
+++ b/RE-HCTF_450/.gitattributes
@@ -0,0 +1,63 @@
+###############################################################################
+# Set default behavior to automatically normalize line endings.
+###############################################################################
+* text=auto
+
+###############################################################################
+# Set default behavior for command prompt diff.
+#
+# This is need for earlier builds of msysgit that does not have it on by
+# default for csharp files.
+# Note: This is only used by command line
+###############################################################################
+#*.cs     diff=csharp
+
+###############################################################################
+# Set the merge driver for project and solution files
+#
+# Merging from the command prompt will add diff markers to the files if there
+# are conflicts (Merging from VS is not affected by the settings below, in VS
+# the diff markers are never inserted). Diff markers may cause the following 
+# file extensions to fail to load in VS. An alternative would be to treat
+# these files as binary and thus will always conflict and require user
+# intervention with every merge. To do so, just uncomment the entries below
+###############################################################################
+#*.sln       merge=binary
+#*.csproj    merge=binary
+#*.vbproj    merge=binary
+#*.vcxproj   merge=binary
+#*.vcproj    merge=binary
+#*.dbproj    merge=binary
+#*.fsproj    merge=binary
+#*.lsproj    merge=binary
+#*.wixproj   merge=binary
+#*.modelproj merge=binary
+#*.sqlproj   merge=binary
+#*.wwaproj   merge=binary
+
+###############################################################################
+# behavior for image files
+#
+# image files are treated as binary by default.
+###############################################################################
+#*.jpg   binary
+#*.png   binary
+#*.gif   binary
+
+###############################################################################
+# diff behavior for common document formats
+# 
+# Convert binary document formats to text before diffing them. This feature
+# is only available from the command line. Turn it on by uncommenting the 
+# entries below.
+###############################################################################
+#*.doc   diff=astextplain
+#*.DOC   diff=astextplain
+#*.docx  diff=astextplain
+#*.DOCX  diff=astextplain
+#*.dot   diff=astextplain
+#*.DOT   diff=astextplain
+#*.pdf   diff=astextplain
+#*.PDF   diff=astextplain
+#*.rtf   diff=astextplain
+#*.RTF   diff=astextplain
diff --git a/RE-HCTF_450/.gitignore b/RE-HCTF_450/.gitignore
new file mode 100644
index 0000000..1bc915c
--- /dev/null
+++ b/RE-HCTF_450/.gitignore
@@ -0,0 +1,156 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.sln.docstates
+
+# Build results
+
+[Dd]ebug/
+[Rr]elease/
+x64/
+build/
+[Bb]in/
+[Oo]bj/
+
+# Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets
+!packages/*/build/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+*_i.c
+*_p.c
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.log
+*.scc
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opensdf
+*.sdf
+*.cachefile
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+*.ncrunch*
+.*crunch*.local.xml
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.Publish.xml
+
+# NuGet Packages Directory
+## TODO: If you have NuGet Package Restore enabled, uncomment the next line
+#packages/
+
+# Windows Azure Build Output
+csx
+*.build.csdef
+
+# Windows Store app package directory
+AppPackages/
+
+# Others
+sql/
+*.Cache
+ClientBin/
+[Ss]tyle[Cc]op.*
+~$*
+*~
+*.dbmdl
+*.[Pp]ublish.xml
+*.pfx
+*.publishsettings
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file to a newer
+# Visual Studio version. Backup files are not needed, because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+App_Data/*.mdf
+App_Data/*.ldf
+
+
+#LightSwitch generated files
+GeneratedArtifacts/
+_Pvt_Extensions/
+ModelManifest.xml
+
+# =========================
+# Windows detritus
+# =========================
+
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Mac desktop service store files
+.DS_Store
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP.sln" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP.sln"
new file mode 100644
index 0000000..97e6793
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP.sln"
@@ -0,0 +1,25 @@
+ï»¿
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "C_easy_VMP", "C_easy_VMP\C_easy_VMP.vcxproj", "{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.Build.0 = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.ActiveCfg = Release|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(Performance) = preSolution
+		HasPerformanceSessions = true
+	EndGlobalSection
+EndGlobal
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/C_easy_VMP.vcxproj" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/C_easy_VMP.vcxproj"
new file mode 100644
index 0000000..5e5a35b
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/C_easy_VMP.vcxproj"
@@ -0,0 +1,94 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>C_easy_VMP</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp" />
+    <ClCompile Include="Stack.cpp" />
+    <ClCompile Include="VMmain.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="Code_Define.h" />
+    <ClInclude Include="Stack.h" />
+    <ClInclude Include="VM.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/C_easy_VMP.vcxproj.filters" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/C_easy_VMP.vcxproj.filters"
new file mode 100644
index 0000000..3b2d11d
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/C_easy_VMP.vcxproj.filters"
@@ -0,0 +1,39 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="æºæ–‡ä»¶">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="å¤´æ–‡ä»¶">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="èµ„æºæ–‡ä»¶">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="VMmain.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="Stack.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="VM.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="Stack.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="Code_Define.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/Code_Define.h" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/Code_Define.h"
new file mode 100644
index 0000000..ddbc346
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/Code_Define.h"
@@ -0,0 +1,58 @@
+#include <Windows.h>
+#define General_VM 0x10
+enum myVm
+{
+	VM_X00_START = 0,
+
+	VM_PUSH, //ºËÐÄ´úÂë
+	VM_POP,
+
+	VM_ADD,	//¼ÆËã´úÂë
+	VM_SUB,
+	VM_XOR,
+	VM_CMP,
+			//Âß¼­´úÂë
+	VM_SHR,
+	VM_SHL,
+	VM_AND,
+	VM_OR,
+
+	VM_JMP, //Ìø×ª´úÂë
+	VM_JZ,
+	VM_EXIT_SUCCESS,
+	
+#ifdef _DEBUG
+	VM_DEBUG_BREAK,
+#endif
+	VM_STRLEN_CALL,//CALL´úÂë£¿£¿
+	VM_FAKE_CALL,
+
+	VM_EXIT_FAIL
+
+};
+enum Code_Push_Parameter
+{
+	PUSH_EAX = 0x10,
+	PUSH_EBX = 0x20,
+	PUSH_MEM = 0x30,
+	PUSH_NUM = 0x40,
+	PUSH_MEM_BYTE = 0x1,
+	PUSH_MEM_WORD = 0x2,
+	PUSH_MEM_DWORD= 0x4
+
+};
+enum Code_Pop_Parameter
+{
+	POP_EAX = 0x10,
+	POP_EBX = 0x20,
+	POP_MEM = 0x30,
+	POP_DEL = 0x40,
+	POP_MEM_BYTE = 0x1,
+	POP_MEM_WORD = 0x2,
+	POP_MEM_DWORD= 0x4
+};
+enum Code_JumpFun
+{
+	Jump_From_EIP = 0x10,
+	Jump_From_OEP = 0X20
+};
\ No newline at end of file
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/MainEntry.cpp" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/MainEntry.cpp"
new file mode 100644
index 0000000..5fb1afc
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/MainEntry.cpp"
@@ -0,0 +1,809 @@
+#include <cstdio>
+#include <Windows.h>
+#include "Stack.h"
+#include "VM.h"
+//char stringIn[] = "HCTF{S1FALS1R1Fa9123489}";
+int main()
+{
+
+	char Check_HCTF[] = "\x7b\x70\x6a\x67\x72\x73\x75\x55\x44\x32\x48\x50\x11\x12\x13\x14\x15";
+	
+	char Select_check_1[] = "0123456789qazwsxedcrtgbyhnujmiolp";
+	char Cmp_check_1[] = "\x38\x7a\x7a\x74\x65\x35\x37";
+	char Cmp_check_2[] = "\x65\x34\x74\x68\x7A\x71\x6D";
+	//
+	char XXXXX[] = "\x1b\x1a\x16\x11\x10\x13"; 
+
+	char stringIn[40] = {0};
+	printf("Please enter the flag:");
+	scanf_s("%s", stringIn, 40);
+
+	DWORD CALL_END_4[] =
+	{
+		/////////////////////////Data and function/////////////////////
+		VM_EXIT_FAIL,//END
+		VM_EXIT_FAIL,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		////JMP_TO_ENCODE
+		VM_PUSH, PUSH_NUM, 78,
+		VM_JMP, Jump_From_EIP,
+		////ÐèÒª½âÃÜµÄ´úÂë//////////////
+		////////////////////////////////
+		VM_X00_START ^ 0x31,
+		VM_POP ^ 0x31, POP_DEL ^ 0x31,
+		VM_PUSH ^ 0x31, PUSH_NUM ^ 0x31, 0x8 ^ 0x31,
+		VM_JMP ^ 0x31, Jump_From_EIP ^ 0x31,//JMP_TO_CODE
+		//Êý¾Ý¶Î
+		0x32 ^ 0x31,
+		0x44 ^ 0x31,
+		0x39 ^ 0x31,
+		0x46 ^ 0x31,
+		0x38 ^ 0x31,
+		0x35 ^ 0x31,
+		0x31 ^ 0x31,
+		0xFF ^ 0x31,
+		//
+		VM_PUSH ^ 0x31, PUSH_NUM ^ 0x31, ((DWORD)CALL_END_4) ^ 0x31,
+		VM_PUSH ^ 0x31, PUSH_NUM ^ 0x31, 64 ^ 0x31,//datasec!!
+		VM_ADD ^ 0x31,//¼ÆËãÆ÷Êý¾Ý¶Î
+		VM_POP ^ 0x31, POP_EAX ^ 0x31,//EAX = STRIN
+
+		VM_PUSH ^ 0x31, PUSH_NUM ^ 0x31, 0x0 ^ 0x31,
+		VM_POP ^ 0x31, POP_EBX ^ 0x31,//EBX = i
+
+		VM_PUSH ^ 0x31, PUSH_EAX ^ 0x31,
+		VM_PUSH ^ 0x31, PUSH_EBX ^ 0x31,
+		VM_ADD ^ 0x31,
+		VM_PUSH ^ 0x31, (PUSH_MEM_DWORD | PUSH_MEM) ^ 0x31,
+		VM_CMP ^ 0x31,
+		VM_POP ^ 0x31, POP_DEL ^ 0x31,
+		VM_POP ^ 0x31, POP_DEL ^ 0x31,
+		VM_PUSH ^ 0x31, PUSH_NUM ^ 0x31, 0x5 ^ 0x31,
+		VM_JZ ^ 0x31, Jump_From_EIP ^ 0x31,
+		//BUG
+		VM_PUSH ^ 0x31, PUSH_NUM ^ 0x31, 0x0 ^ 0x31,
+		VM_JMP ^ 0x31, Jump_From_OEP ^ 0x31,
+		//
+		VM_PUSH ^ 0x31, PUSH_NUM ^ 0x31, 0x4 ^ 0x31,
+		VM_PUSH ^ 0x31, PUSH_EBX ^ 0x31,
+		VM_ADD ^ 0x31,
+		VM_PUSH ^ 0x31, PUSH_NUM ^ 0x31, 28 ^ 0x31,
+		VM_CMP ^ 0x31,
+		VM_POP ^ 0x31, POP_DEL ^ 0x31,
+		VM_POP ^ 0x31, POP_EBX ^ 0x31,
+		VM_PUSH ^ 0x31, PUSH_NUM ^ 0x31, 0x5 ^ 0x31,
+		VM_JZ ^ 0x31, Jump_From_EIP ^ 0x31,
+		VM_PUSH ^ 0x31, PUSH_NUM ^ 0x31, (-46) ^ 0x31,//BACK
+		VM_JMP ^ 0x31, Jump_From_EIP ^ 0x31,
+		VM_EXIT_SUCCESS ^ 0x31,
+		0xAABBCCDD,
+		//////////////////////////////
+		////////////////////////////////
+		VM_PUSH, PUSH_NUM, (DWORD)(CALL_END_4 + 8),
+		VM_POP, POP_EAX,   ///EAX = addr need change
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_POP, POP_EBX, ///EBX = i
+
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_DWORD,	//GET
+		VM_PUSH, PUSH_NUM, 0xAABBCCDD,
+		VM_CMP,
+		VM_POP, POP_DEL,
+
+		VM_PUSH, PUSH_NUM, 24,
+		VM_JZ, Jump_From_EIP,
+
+		//×ö´¦Àí
+		VM_PUSH, PUSH_NUM, 0x31,
+		VM_XOR,
+		//VM_PUSH,PUSH_NUM,0xFFFFFFFF,
+		//VM_AND,
+		//
+		////////
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_POP, POP_MEM | POP_MEM_DWORD,		//SET
+		VM_PUSH, PUSH_EBX,
+		VM_PUSH, PUSH_NUM, 0x4,///£¡£¡£¡£¡£¡
+		VM_ADD,
+		VM_POP, POP_EBX,
+		VM_PUSH, PUSH_NUM, -42,
+		VM_JMP, Jump_From_EIP,
+		//Ñ­»·´¦Àí
+		
+		//jmp»ØÈ¥
+		VM_PUSH, PUSH_NUM, 0x8,
+		VM_JMP, Jump_From_OEP,
+		///////FUN2////
+		VM_POP, POP_DEL,
+
+		VM_EXIT_SUCCESS,
+	};
+	const DWORD FUNC_CHECK_1[] =
+	{
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		VM_PUSH,PUSH_NUM,15,//JMP TO MAIN
+		VM_JMP,Jump_From_EIP,
+		//////////FUN1////////////
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_EBX,
+		VM_PUSH, PUSH_NUM, (DWORD)Select_check_1,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_PUSH, PUSH_NUM,20, 
+		VM_JMP,Jump_From_EIP,
+		/////////////////////////
+		VM_POP,POP_EAX,	//EAX = IN
+		VM_PUSH,PUSH_NUM,0,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0xF8000000,
+		VM_AND,
+		
+		VM_PUSH,PUSH_NUM,27,
+		VM_SHR,
+
+		//JMP TO FUNTION
+		VM_PUSH,PUSH_NUM,0x7,
+		VM_JMP,Jump_From_OEP,
+		//END
+
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH,PUSH_NUM, 0x5,
+		VM_SHL,
+		VM_PUSH,PUSH_NUM,0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-39,
+		VM_JMP,Jump_From_EIP,
+		VM_EXIT_SUCCESS,
+	};
+	DWORD FUNC_CHECK_2[]
+	{
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		VM_X00_START,
+//////////////////////////////////////////////	
+
+		VM_POP,POP_EAX, //EAX = PARA1 ChangeCode
+		VM_POP,POP_EBX, //EBX = PARA2 strin
+		
+		VM_PUSH,PUSH_NUM,0x0,//Ñ¹Õ»ÓÃÓÚ¼ÆÊý
+		
+		VM_PUSH,PUSH_EBX,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0xF0000000,	//È¡Ç°¼¸¸öÊý
+		VM_AND,
+		
+		VM_PUSH,PUSH_NUM,0x1C,
+		VM_SHR,//ÒÆÎ»´¦Àí
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_SHR,
+		VM_PUSH,PUSH_NUM,0x2,
+		VM_SHL,
+
+		VM_SHL,//ÒÆÎ»¼ÆËã³ö½á¹û
+		
+		VM_PUSH, PUSH_NUM, 0xF0000000,
+		VM_AND,//È¥³ý¸ÉÈÅ
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x4,
+		VM_SHL,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-49,
+		VM_JMP,Jump_From_EIP,
+		///////
+		VM_PUSH,PUSH_NUM,0,
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM,28,
+		VM_POP,POP_EAX,
+
+		VM_PUSH, PUSH_EAX,//<---
+		VM_SHR,
+	
+		VM_PUSH,PUSH_EBX,
+		VM_OR,
+		VM_POP,POP_EBX,
+		
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x4,
+		VM_SUB,
+		VM_POP,POP_EAX,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-32,
+		VM_JMP,Jump_From_EIP,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_EBX,
+		VM_EXIT_SUCCESS,
+		
+	};
+	DWORD FUN_CHECK_3_FUN_1[] = 
+	{
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		VM_X00_START,
+//////////////////////////////////////////////
+		VM_POP,POP_DEL,
+		//Ò»´ÎÂÒÐò
+		VM_PUSH, PUSH_NUM, 0xFDB97531,
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_2,
+		VM_FAKE_CALL,
+		VM_POP, POP_DEL,
+		VM_EXIT_SUCCESS,
+	};
+	DWORD FUN_CHECK_3_FUN_2[] =
+	{
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		VM_X00_START,
+		//////////////////////////////////////////////
+		VM_POP, POP_DEL,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_EAX,
+		//Ò»´ÎÂÒÐò
+		VM_PUSH, PUSH_NUM, 0xE0000000,
+		VM_AND,
+		VM_PUSH, PUSH_NUM, 29,
+		VM_SHR,
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_NUM, 3,
+		VM_SHL,
+		VM_OR,
+		VM_EXIT_SUCCESS,
+	};
+	DWORD FUNC_CHECK_3X1[] =
+	{
+		/////////////////////////Data and function/////////////////////
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		////JMP_TO_ENCODE
+		VM_PUSH,PUSH_NUM,11,
+		VM_JMP,Jump_From_EIP,
+		////ÐèÒª½âÃÜµÄ´úÂë//////////////
+		VM_X00_START ^ 0x28,
+		VM_PUSH^0x28,
+		PUSH_NUM ^ 0x28,
+		(DWORD)FUN_CHECK_3_FUN_1 ^ 0x28,
+		VM_FAKE_CALL ^ 0x28,
+		VM_PUSH ^ 0x28,
+		PUSH_NUM ^ 0x28,
+		58 ^ 0x28,
+		VM_JMP ^ 0x28,
+		Jump_From_EIP ^ 0x28,
+		0xFFFFAAAA,
+		////////////////////////////////
+		VM_PUSH, PUSH_NUM, (DWORD)(FUNC_CHECK_3X1 + 8),
+		VM_POP,POP_EAX,   ///EAX = addr need change
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_POP,POP_EBX, ///EBX = i
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_DWORD,	//GET
+		VM_PUSH, PUSH_NUM, 0xFFFFAAAA,
+		VM_CMP,
+		VM_POP,POP_DEL,
+	
+		VM_PUSH,PUSH_NUM,24,
+		VM_JZ,Jump_From_EIP,
+
+		//×ö´¦Àí
+		VM_PUSH,PUSH_NUM,0x28,
+		VM_XOR,
+		////////
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_POP,POP_MEM | POP_MEM_DWORD,		//SET
+		VM_PUSH,PUSH_EBX,
+		VM_PUSH,PUSH_NUM,0x4,///£¡£¡£¡£¡£¡
+		VM_ADD,
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM, -42,
+		VM_JMP,Jump_From_EIP,
+		//Ñ­»·´¦Àí
+		
+		//jmp»ØÈ¥
+		VM_PUSH,PUSH_NUM,0x8,
+		VM_JMP,Jump_From_OEP,
+		///////FUN2////
+		VM_POP,POP_DEL,
+		VM_EXIT_SUCCESS,
+		
+	};
+	DWORD FUNC_CHECK_3X2[] = 
+	{
+		/////////////////////////Data and function/////////////////////
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		////JMP_TO_ENCODE
+		VM_PUSH, PUSH_NUM, 11,
+		VM_JMP, Jump_From_EIP,
+		////ÐèÒª½âÃÜµÄ´úÂë//////////////
+		VM_X00_START ^ 0x28,
+		VM_PUSH ^ 0x28,
+		PUSH_NUM ^ 0x28,
+		(DWORD)FUN_CHECK_3_FUN_2 ^ 0x28,
+		VM_FAKE_CALL ^ 0x28,
+		VM_PUSH ^ 0x28,
+		PUSH_NUM ^ 0x28,
+		58 ^ 0x28,
+		VM_JMP ^ 0x28,
+		Jump_From_EIP ^ 0x28,
+		0xFFFFAAAA,
+		////////////////////////////////
+		VM_PUSH, PUSH_NUM, (DWORD)(FUNC_CHECK_3X2 + 8),
+		VM_POP, POP_EAX,   ///EAX = addr need change
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_POP, POP_EBX, ///EBX = i
+
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_DWORD,	//GET
+		VM_PUSH, PUSH_NUM, 0xFFFFAAAA,
+		VM_CMP,
+		VM_POP, POP_DEL,
+
+		VM_PUSH, PUSH_NUM, 24,
+		VM_JZ, Jump_From_EIP,
+
+		//×ö´¦Àí
+		VM_PUSH, PUSH_NUM, 0x28,
+		VM_XOR,
+		////////
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_POP, POP_MEM | POP_MEM_DWORD,		//SET
+		VM_PUSH, PUSH_EBX,
+		VM_PUSH, PUSH_NUM, 0x4,///£¡£¡£¡£¡£¡
+		VM_ADD,
+		VM_POP, POP_EBX,
+		VM_PUSH, PUSH_NUM, -42,
+		VM_JMP, Jump_From_EIP,
+		//Ñ­»·´¦Àí
+
+		//jmp»ØÈ¥
+		VM_PUSH, PUSH_NUM, 0x8,
+		VM_JMP, Jump_From_OEP,
+		///////FUN2////
+		VM_POP, POP_DEL,
+		VM_EXIT_SUCCESS,
+	};
+	DWORD CODE[] =
+	{
+		/////////////////////////Data and function/////////////////////
+		VM_EXIT_FAIL,
+		VM_EXIT_FAIL,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		/////////////////////////fun1 strlen////////////////////////////////
+		VM_PUSH, PUSH_NUM, (DWORD)stringIn, //NUM1  push addr of input Str  *stack 1
+		VM_POP, POP_EBX,
+		VM_PUSH, PUSH_EBX,					//EBX = ADDR STR
+		VM_PUSH, PUSH_EBX,					//±£´æÒ»´Î addr of input str
+		VM_STRLEN_CALL,						//pop addr, call strlen, push result *stack1
+		VM_PUSH, PUSH_NUM, 0x18,			
+		VM_CMP,								//¼ÆËã³¤¶ÈÊÇ·ñÎª24  *stack 2
+
+		VM_PUSH, PUSH_NUM, 0x7,			    //push jmp next func(jmpto_fun2)  *stack 3
+		VM_JZ, Jump_From_EIP,				//pop and JZ  (18)	*stack 2
+		VM_PUSH, PUSH_NUM, 0,				//jmp code to Fail   *stack 3
+		VM_JMP, Jump_From_OEP,				//jmp   *stack 2
+		///////////////////////fun2 xor HCTF{//////////////////////////////
+
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä£¨¿ÉÒÔÉ¾³ý£©*Stack 1 topofStack:length of addr 
+		VM_PUSH, PUSH_NUM, 0x5,				//HCTF{ 5¸ö
+		VM_PUSH, PUSH_NUM, 0x0,				//push 0x0 i = 0  *Stack 2
+		VM_CMP,			//cmp <-----
+
+		VM_PUSH, PUSH_NUM, 0x23,	//push NUM3 is jum to exit
+		VM_JZ, Jump_From_EIP,		//pop NUM3 JZ  (18)
+
+		VM_POP, POP_EAX,		//pop eax  ;eax = i
+		VM_PUSH, PUSH_EBX,	//EBX: push addr of input Str
+		VM_PUSH, PUSH_EAX,	//PUSH i
+		VM_ADD,				//Pop i ,add i str
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE, //POP STR, FIND BYTE STR, PUSH result
+		VM_PUSH, PUSH_NUM, 0x33,    //num push 0x33 
+		VM_XOR,					 //pop 0x33,top xor 0x33
+
+		VM_PUSH, PUSH_EBX,			   //EBX: push addr of input Str
+		VM_PUSH, PUSH_EAX,			   //PUSH i
+		VM_ADD,						   //Pop i ,add i str
+		VM_POP, POP_MEM | POP_MEM_BYTE,//pop addr,pop result, Set That addr     
+
+		VM_PUSH, PUSH_EAX,	//EAX = i
+		VM_PUSH, PUSH_NUM, 0x1,	//NUM = 1
+		VM_ADD,			//I = I+1
+		VM_POP, POP_EAX,		//eax = i
+		VM_PUSH, PUSH_EAX,	//
+
+		VM_PUSH, PUSH_NUM, -0x29,	//NUM5  jmp code
+		VM_JMP, Jump_From_EIP,		//circle jmp
+		////////////////func check last '}'///////////////////////////
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä *Stack 2 topofStack:length of addr X 2
+		VM_PUSH, PUSH_EBX,					//EBX: push addr of input Str
+		VM_ADD,								 //Pop STR ,add 24  str
+		VM_PUSH, PUSH_NUM, 0x1,
+		VM_SUB,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+	
+		VM_PUSH, PUSH_NUM, 0x33,		//num push 0x33 
+		VM_XOR,							//pop 0x33,top xor 0x33
+		VM_PUSH, PUSH_NUM, 0x4E,		//num push 0x4e
+		VM_CMP,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0,				//jmp code to Fail   *stack 3
+		VM_JMP, Jump_From_OEP,
+		///////////////////func push HCTF{ xor 0x33////////////////////////////////
+
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä 
+		
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_SUB,
+		VM_POP, POP_EAX,
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH,PUSH_NUM,0x5,		//Jmp to next Fun
+		VM_JZ, Jump_From_EIP,
+		
+		VM_PUSH,PUSH_NUM, -0x23,	//Circle Jmp
+		VM_JMP, Jump_From_EIP,
+		///////////////////fun check HCTF{/////////////////////////////////////
+
+
+		VM_PUSH,PUSH_NUM,0,
+		VM_POP,POP_EBX,				//EBX = i		
+		VM_PUSH, PUSH_NUM, (DWORD)Check_HCTF,
+		VM_POP,POP_EAX,				//EAX = ADDR Check_HCTF
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_EAX,			//EAX = EAX+i
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_CMP,
+		VM_PUSH,PUSH_NUM,0x5,  // <------ok
+		
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_JMP,Jump_From_OEP,  //  <----- Fail
+
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä 
+		
+		VM_PUSH,PUSH_EBX,
+		VM_PUSH,PUSH_NUM,1,
+
+		VM_ADD,
+		VM_POP,POP_EBX,
+
+		VM_PUSH,PUSH_EBX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_CMP,
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä 
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, -0x36,
+		VM_JMP,Jump_From_EIP,
+
+		///////////////////fun Ñ¹ËõÈëÕ»Ä£¿é//////////////////////////////
+
+		
+		VM_POP,POP_EAX,					//EAX = strlen(Input Str)
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_POP,POP_EBX,					//EBX = ADDR STR IN
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EAX,
+		VM_XOR,
+		VM_POP,POP_EAX,
+		VM_PUSH, PUSH_EAX,					//Õâ¸ö¿Õ¼ä´æ·Å×ÅÄÇ¸ö½á¹û
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x4,
+		VM_CMP,
+		VM_PUSH,PUSH_NUM,28,//£¡£¡£¡
+		VM_JZ,Jump_From_EIP,
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_NUM,0x3,
+		VM_SHL,
+		VM_SHL,
+		VM_OR,
+
+		
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_ADD,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,-39,//£¡£¡£¡
+		VM_JMP,Jump_From_EIP,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_POP,POP_EAX,
+
+		VM_PUSH,PUSH_EBX,
+		VM_STRLEN_CALL,
+
+		VM_PUSH,PUSH_NUM,0x3,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-74,
+		
+		VM_JMP,Jump_From_EIP,
+		VM_POP,POP_DEL,
+
+		//////////////////////FUNC_CHECK_1//////////////////////
+	
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_1,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		/////////////±È½Ï
+		VM_PUSH, PUSH_NUM, (DWORD)Cmp_check_1,
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_POP,POP_EAX,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_XOR,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_JMP,Jump_From_OEP,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,13,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_PUSH,PUSH_EAX,
+		VM_ADD,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,-50,
+		VM_JMP,Jump_From_EIP,
+
+		/////////////////////fun_check_2////////////////////////
+		//////Ò»´ÎÂÒÐò
+
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,0xFDB97531,
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_2,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_EAX,
+
+	
+		////////////////////Ñ­»·Î»ÒÆ//////
+		VM_PUSH,PUSH_NUM,0xE0000000,
+		VM_AND,
+		VM_PUSH,PUSH_NUM,29,
+		VM_SHR,
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,3,
+		VM_SHL,
+		VM_OR,
+
+	
+		//////////////////2´ÎÂÒÐò/////
+		VM_PUSH, PUSH_NUM, 0xFDB97531,
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_2,
+		VM_FAKE_CALL,
+		VM_POP, POP_DEL,
+		VM_POP, POP_EAX,
+		VM_PUSH, PUSH_EAX,
+		
+	
+		//////////Ò»´ÎÑ¡Ôñ
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_1,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+	
+		/////////×îÖÕ±È½Ï
+		VM_PUSH, PUSH_NUM, (DWORD)Cmp_check_2,
+		VM_POP, POP_EBX,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_POP, POP_EAX,
+
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_XOR,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_JMP, Jump_From_OEP,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 13,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0x1,
+		VM_PUSH, PUSH_EAX,
+		VM_ADD,
+		VM_POP, POP_EAX,
+		VM_PUSH, PUSH_NUM, -50,
+		VM_JMP, Jump_From_EIP,
+		VM_POP,POP_DEL,
+
+		///
+		////////////////////////FUN_CHECK_3,HARD////////////////////////////
+		/////
+		//1´ÎÂÒÐò
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_3X1,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		
+		//À¬»øÖ¸Áî//
+		VM_PUSH,0x1000,
+		VM_POP,0x1000,
+		//end//
+		//1´ÎÑ­»·ÒÆÎ»
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_3X2,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		
+		//1´ÎÑ¡Ôñ
+		VM_POP,POP_EAX,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x1F,
+		VM_AND,
+		VM_PUSH,PUSH_NUM,0x30,
+		VM_ADD,
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_SHR,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-34,
+		VM_JMP,Jump_From_EIP,
+		/////////×Ô½âÃÜÑ­»·±È½Ï´úÂë//////	
+		
+		VM_PUSH, PUSH_NUM, (DWORD)CALL_END_4,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		
+		///////////////////×îºóÒ»ÂÖÒà»ò±È½Ï£¬·À×÷±×¡£
+		VM_PUSH,PUSH_NUM,12,
+		VM_ADD,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,0,
+		VM_POP,POP_EBX,//EBX = i,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,17,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x22,
+		VM_XOR,
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM,-35,
+		VM_JMP,Jump_From_EIP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_DEL,
+		//////
+		VM_PUSH, PUSH_NUM, (DWORD)XXXXX,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_POP,POP_EBX,//EBX = i,
+		VM_POP,POP_EAX, //EAX = STRIN
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_CMP,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_JMP,Jump_From_OEP,
+
+		VM_POP, POP_DEL,
+		VM_POP, POP_DEL,
+
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH,PUSH_NUM,0x6,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-46,
+		VM_JMP,Jump_From_EIP,
+
+		VM_EXIT_SUCCESS,
+	};
+	
+	VM_Function Fun1(64);
+	Fun1.StartVM(CODE+2);
+
+	printf("====================================\n");
+	printf("============YOU GOT IT!=============\n");
+	printf("====================================\n");
+	getchar();
+	getchar();
+	return 0;
+}
\ No newline at end of file
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/Stack.cpp" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/Stack.cpp"
new file mode 100644
index 0000000..2a5cbf2
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/Stack.cpp"
@@ -0,0 +1,31 @@
+#include "Stack.h"
+
+//¼ÇµÃfree
+VM_STACK::VM_STACK(int MaxSize)
+{
+	if (MaxSize < 1)
+		Error("Error the Stack is too small\n");
+	S = (VM_Stack *)malloc(sizeof(struct VM_Stack));
+	if (S == NULL)
+		Error("Create Stack Malloc Fail CODE 1");
+	S->vmStack = (PDWORD)malloc(sizeof(DWORD)*MaxSize);
+	if (S->vmStack == NULL)
+		Error("Create Stack Malloc Fail CODE 2");
+	memset(S->vmStack, sizeof(DWORD)*MaxSize, 0);
+	S->capacity = MaxSize;
+	S->TopOfStack = 0;
+
+}
+void VM_STACK::Stack_Push(DWORD xxx)
+{
+	S->vmStack[++S->TopOfStack] = xxx;
+}
+void VM_STACK::Stack_Pop(PDWORD xxx)
+{
+	*xxx = S->vmStack[S->TopOfStack--];
+}
+void VM_STACK::Error(char* xxx)
+{
+	printf("%s,LastError = %d", xxx, GetLastError());
+	exit(-1);
+}
\ No newline at end of file
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/Stack.h" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/Stack.h"
new file mode 100644
index 0000000..4c75167
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/Stack.h"
@@ -0,0 +1,40 @@
+#include <Windows.h>
+#include <stdio.h>
+#pragma once
+class VM_STACK
+{
+	struct VM_Stack
+	{
+		int capacity;
+		int TopOfStack;
+		PDWORD vmStack;
+	};
+	typedef struct VM_Stack *Stack;
+protected:
+	Stack S;
+	
+	//BOOL StartVM(PBYTE vmCode, PDWORD vmData);
+	
+public:
+	VM_STACK(int MaxSize);//CreateStack
+	void Stack_Push(DWORD xxx);
+	void Stack_Pop(PDWORD xxx);
+#ifdef _DEBUG
+	void Debug_PrintStack()
+	{
+		printf("\n");
+		for (int i = 0; i <= S->TopOfStack; i++)
+			printf("Stack :  %d   ( %x )\n",i,S->vmStack[i]);
+		printf("\n");
+	}
+#endif
+	~VM_STACK()
+	{
+		free(S->vmStack);
+		free(S);
+	}
+private:
+	
+	void Error(char* xxx);
+
+};
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/VM.h" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/VM.h"
new file mode 100644
index 0000000..b30ef88
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/VM.h"
@@ -0,0 +1,63 @@
+#include <map>
+#include <cstdio>
+#include "Stack.h"
+#include "Code_Define.h"
+class VM_Function:public VM_STACK
+{
+	typedef struct _VMDATA
+	{
+
+		DWORD EAX;
+		DWORD EBX;
+
+		DWORD OEP;
+		PDWORD CODE;
+		PDWORD DATA;
+
+		BOOL  SFLAG;		//·ûºÅ±êÖ¾
+		BOOL  ZFLAG;		//Áã±êÖ¾
+
+	} VMDATA, *PVMDATA;
+
+	typedef void(VM_Function::*ProcessFuncPtr)(PVMDATA);
+
+	//typedef void(VM_Function::*ProcessTest)();
+	//ProcessTest calltest;
+
+	std::map<int, ProcessFuncPtr> ControlTable;
+	ProcessFuncPtr callname;
+	
+public:
+	VM_Function(int datax) ;
+	BOOL StartVM(PDWORD vmCode);
+
+private:
+	virtual void CODE_X00_START();
+	void CODE_PUSH(PVMDATA vm_data);
+	void CODE_POP(PVMDATA vm_data);
+
+	
+	void CODE_ADD(PVMDATA vm_data);
+	void CODE_SUB(PVMDATA vm_data);
+	void CODE_XOR(PVMDATA vm_data);
+	void CODE_JMP(PVMDATA vm_data);
+	void CODE_JZ(PVMDATA vm_data);
+	void CODE_CMP(PVMDATA vm_data);
+	//Âß¼­Ö¸Áî
+	void CODE_SHR(PVMDATA vm_data);
+	void CODE_SHL(PVMDATA vm_data);
+	void CODE_AND(PVMDATA vm_data);
+	void CODE_OR(PVMDATA vm_data);
+
+	//CALLÖ¸Áî
+	void CODE_STRLEN_CALL(PVMDATA vm_data);
+	void CODE_FAKE_CALL(PVMDATA vm_data);
+	//ÐéÄâ»·¾³±ä»¯Ö¸Áî
+	void CODE_EXIT_SUCCESS(PVMDATA vm_data);
+	void CODE_EXIT_FAIL(PVMDATA vm_data);
+#ifdef _DEBUG
+	void CODE_DBG_BREAK(PVMDATA vm_data);
+#endif
+	//×Óº¯Êý·µ»ØÖµ
+	DWORD VM_RET;
+};
\ No newline at end of file
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/VMmain.cpp" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/VMmain.cpp"
new file mode 100644
index 0000000..af66002
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/CM_\344\270\273\344\275\223/C_easy_VMP/VMmain.cpp"
@@ -0,0 +1,303 @@
+#include "VM.h"
+VM_Function::VM_Function(int datax) :VM_STACK(datax)
+{
+	ControlTable[VM_X00_START] = 0x00;
+	ControlTable[VM_PUSH]	   = &VM_Function::CODE_PUSH;
+
+	ControlTable[VM_POP]	  = &VM_Function::CODE_POP;
+	ControlTable[VM_ADD]	  = &VM_Function::CODE_ADD;
+	ControlTable[VM_SUB]	  = &VM_Function::CODE_SUB;
+	ControlTable[VM_XOR]	  = &VM_Function::CODE_XOR;
+	ControlTable[VM_JMP]	  = &VM_Function::CODE_JMP;
+	ControlTable[VM_JZ]		  = &VM_Function::CODE_JZ;
+	ControlTable[VM_CMP]	  = &VM_Function::CODE_CMP;
+
+	ControlTable[VM_SHR] = &VM_Function::CODE_SHR;
+	ControlTable[VM_SHL] = &VM_Function::CODE_SHL;
+	ControlTable[VM_AND] = &VM_Function::CODE_AND;
+	ControlTable[VM_OR] = &VM_Function::CODE_OR;
+
+	ControlTable[VM_STRLEN_CALL]  = &VM_Function::CODE_STRLEN_CALL;
+	ControlTable[VM_FAKE_CALL] = &VM_Function::CODE_FAKE_CALL;
+	ControlTable[VM_EXIT_SUCCESS] = &VM_Function::CODE_EXIT_SUCCESS;
+	ControlTable[VM_EXIT_FAIL] = &VM_Function::CODE_EXIT_FAIL;
+
+#ifdef _DEBUG
+	ControlTable[VM_DEBUG_BREAK] = &VM_Function::CODE_DBG_BREAK;
+#endif
+
+}
+#ifdef _DEBUG
+void VM_Function::CODE_DBG_BREAK(PVMDATA vm_data)
+{
+	printf("\n===== VM Debug BreakPoint  =====\n");
+	Debug_PrintStack();
+	printf(" EAX:  %x\n EBX:  %x\n Zflag: %d\n Sflag: %d\n", vm_data->EAX, vm_data->EBX, vm_data->ZFLAG, vm_data->SFLAG);
+	getchar();
+}
+#endif
+void VM_Function::CODE_X00_START()
+{
+	printf("VM_Start\n");
+}
+void VM_Function::CODE_PUSH(PVMDATA vm_data)
+{
+	DWORD reg = *((vm_data->CODE)+2);
+	switch ((*(++vm_data->CODE))&0x70)
+	{
+	case PUSH_EAX:
+		Stack_Push(vm_data->EAX);
+		break;
+	case PUSH_EBX:
+		Stack_Push(vm_data->EBX);
+		break;
+	case PUSH_MEM:
+		Stack_Pop(&reg);
+	
+		switch ((*vm_data->CODE) & 0x7)
+		{
+		case PUSH_MEM_BYTE:
+			reg = *(BYTE*)reg;
+			break;
+		case PUSH_MEM_WORD:
+			reg = *(WORD*)reg;
+			break;
+		case PUSH_MEM_DWORD:
+			reg = *(DWORD*)reg;
+			break;
+		default:
+			break;
+		}
+		Stack_Push(reg);
+		break;
+	case PUSH_NUM:
+		Stack_Push(reg);
+		(vm_data->CODE)++;
+		break;
+	default:
+		break;
+	}
+	
+}
+
+void VM_Function::CODE_POP(PVMDATA vm_data)
+{
+	DWORD reg = 0;
+	BYTE DataB = 0;
+	WORD DataW = 0;
+	DWORD DataDW = 0;
+	DWORD Addr = 0;
+	switch ((*(++vm_data->CODE)) & 0x70)
+	{
+	case POP_EAX:
+		Stack_Pop(&(vm_data->EAX));
+		break;
+	case POP_EBX:
+		Stack_Pop(&(vm_data->EBX));
+		break;
+	case POP_MEM:
+		
+		Stack_Pop(&Addr);
+		Stack_Pop(&reg);
+		
+		switch ((*vm_data->CODE) & 0x7)
+		{
+		case POP_MEM_BYTE:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataB, al
+				pop eax
+			}
+			*(BYTE*)Addr = DataB;
+			break;
+		case POP_MEM_WORD:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataW, ax
+				pop eax
+			}
+			*(WORD*)Addr = DataW;
+			break;
+		case POP_MEM_DWORD:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataDW,eax
+				pop eax
+			}
+			*(DWORD*)Addr = DataDW;
+			break;
+		default:
+			break;
+		}
+		//(vm_data->CODE)++;
+		break;
+	case POP_DEL:
+		Stack_Pop(&reg);
+		break;
+	default:
+		break;
+	}
+
+}
+
+void VM_Function::CODE_ADD( PVMDATA vm_data)
+{
+	
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] += reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((S->vmStack[S->TopOfStack]) == 0);
+	vm_data->SFLAG = ((S->vmStack[S->TopOfStack]) < 0);
+}
+void VM_Function::CODE_SUB(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] -= reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((S->vmStack[S->TopOfStack]) == 0);
+	vm_data->SFLAG = ((S->vmStack[S->TopOfStack]) & 0x80000000);
+}
+void VM_Function::CODE_XOR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] ^= reg;
+	
+}
+void VM_Function::CODE_SHR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] = S->vmStack[S->TopOfStack] >> reg;
+}
+void VM_Function::CODE_SHL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] = S->vmStack[S->TopOfStack] << reg;
+}
+void VM_Function::CODE_OR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] |= reg;
+}
+void VM_Function::CODE_AND(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] &= reg;
+}
+void VM_Function::CODE_JMP( PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg );
+	(vm_data->CODE)++;
+	if (Jump_From_EIP == *(vm_data->CODE))
+		vm_data->CODE = (vm_data->CODE) + (reg);
+	else if (Jump_From_OEP == *(vm_data->CODE))
+		vm_data->CODE = (PDWORD)(vm_data->OEP) + (reg);
+	
+}
+void VM_Function::CODE_JZ( PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	(vm_data->CODE)++;
+	if (vm_data->ZFLAG)
+	{
+		if (Jump_From_EIP == *(vm_data->CODE))
+			vm_data->CODE = (vm_data->CODE) + (reg);
+		else if (Jump_From_OEP == *(vm_data->CODE))
+			vm_data->CODE = (PDWORD)(vm_data->OEP) + (reg);
+
+		vm_data->ZFLAG = 0;
+	}
+	
+}
+void VM_Function::CODE_CMP(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	reg = (S->vmStack[(S->TopOfStack) - 1]) - (S->vmStack[S->TopOfStack]);
+	vm_data->ZFLAG = (reg == 0);
+	
+}
+
+void VM_Function::CODE_STRLEN_CALL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	DWORD STRLEN_RET = 0;
+	Stack_Pop(&reg);
+	STRLEN_RET = strlen((char*)(reg));
+	Stack_Push(STRLEN_RET);
+}
+void VM_Function::CODE_FAKE_CALL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	StartVM((PDWORD)reg+2);
+	Stack_Push(VM_RET);
+}
+void VM_Function::CODE_EXIT_SUCCESS(PVMDATA vm_data)
+{
+	vm_data->CODE = 0x0;
+#ifdef _DEBUG
+	Debug_PrintStack();
+#endif
+}
+void VM_Function::CODE_EXIT_FAIL(PVMDATA vm_data)
+{
+	vm_data->CODE = 0x0;
+	printf("Sorry Fail, Try Again\n");
+	getchar();
+	exit(1);
+#ifdef _DEBUG
+	printf("============END===========\n");
+	printf("============END===========\n");
+	printf("============END===========\n");
+	Debug_PrintStack();
+	exit(1);
+#endif
+}
+//
+BOOL VM_Function::StartVM(PDWORD vmCode)
+{
+	VMDATA vm_data;
+	//Stack vm_Stack = CreateVmStack(64);
+
+	vm_data.OEP = (DWORD)(vmCode-2);
+	vm_data.CODE = vmCode;
+
+	vm_data.EAX = 0;
+	vm_data.EBX = 0;
+	//vm_data.ECX = 0;
+
+	vm_data.SFLAG = FALSE;
+	vm_data.ZFLAG = FALSE;
+	
+	
+	while (vm_data.CODE++)
+	{
+		DWORD XXXX = *(vm_data.CODE);
+		callname = ControlTable[*(vm_data.CODE)];
+		(this->*callname)(&vm_data);
+		
+	
+		
+	}
+	return FALSE;
+}
\ No newline at end of file
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/FLAG\350\257\264\346\230\216.txt" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/FLAG\350\257\264\346\230\216.txt"
new file mode 100644
index 0000000..afc860c
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/FLAG\350\257\264\346\230\216.txt"
@@ -0,0 +1,6 @@
+FLAGE¸ñÊ½£º
+HCTF{123412341234123489}
+
+HCTF{S1FALS1R1Fa9xxxxxx}
+»¨À¨ºÅÖÐÇ°12¸öÊÇ²»»á±äµÄ£¬ºó6¸öÎªÓÃÓÚ¼ì²âµÄÊý¾Ý£¬Ã¿¸öflag²»Í¬
+Òà»òOx22ÓëÄÚ´æ½øÐÐ±È½Ï
\ No newline at end of file
diff --git "a/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/\344\273\243\347\240\201\350\231\232\346\213\237\347\256\200\345\215\225\344\273\213\347\273\215.txt" "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/\344\273\243\347\240\201\350\231\232\346\213\237\347\256\200\345\215\225\344\273\213\347\273\215.txt"
new file mode 100644
index 0000000..b9bd790
--- /dev/null
+++ "b/RE-HCTF_450/CM_VM_\345\256\214\346\210\220\347\211\210/\344\273\243\347\240\201\350\231\232\346\213\237\347\256\200\345\215\225\344\273\213\347\273\215.txt"
@@ -0,0 +1,22 @@
+¼ò½é£º×Ö½ÚÂë½âÊÍÆ÷£¬×Ô¼ºÎ¬»¤Ò»¸öÕ»Óë2¸ö¼Ä´æÆ÷£¬Ò»¸öÓÃÓÚÌø×ªµÄ±êÖ¾Î»¡£
+¢ÙÐéÄâ»¯ºËÐÄÔ­Àí
+´úÂë²ð½â£º
+mov-->push,pop
+add-->push,push,VM_add,pop
+jmp-->push Á¢¼´Êý,jmp ¼ÆËãcode
+
+Ë«²Ù×÷ÊýÖ¸ÁîÔ¼¶¨£º
+pop³öÒ»¸öÓëÕ»ÖÐºóÒ»¸ö²Ù×÷¡£ËùÒÔÏÈÈëÕ»µÄÓÃÓÚ´¢´æ½á¹û
+
+ÐéÄâcallÖ¸Áî£º
+×Óº¯ÊýÓëÖ÷º¯Êý¹²ÏíÒ»¸öÕ»£¬¼Ä´æÆ÷²»Í¬¡£
+µ÷ÓÃÊ±£¬pushµØÖ·£¬fake_callµ÷ÓÃ£¬exit_success·µ»Ø.
+
+²»¿ÉÐéÄâÖ¸Áî£º
+·â×°ÔÚÒ»¸öÌØÊâµÄVMÖ¸ÁîÖÐ£¬×÷ÎªVMÖ¸Áîµ÷ÓÃ¡£
+
+
+¢ÚÐéÄâ»¯»ìÏý£º
+Ìî³äÀ¬»ø×Ö½ÚÂë£¬ÀýÈçpush£¬0x100
+×Óº¯Êý×Ô½âÃÜÔËÐÐ¡£
+
diff --git a/RE-HCTF_450/C_easy_VMP/C_easy_VMP.sln b/RE-HCTF_450/C_easy_VMP/C_easy_VMP.sln
new file mode 100644
index 0000000..8842ff3
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP/C_easy_VMP.sln
@@ -0,0 +1,22 @@
+ï»¿
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "C_easy_VMP", "C_easy_VMP\C_easy_VMP.vcxproj", "{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.Build.0 = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.ActiveCfg = Release|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/RE-HCTF_450/C_easy_VMP/C_easy_VMP/C_easy_VMP.vcxproj b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/C_easy_VMP.vcxproj
new file mode 100644
index 0000000..e8a5d4a
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/C_easy_VMP.vcxproj
@@ -0,0 +1,93 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>C_easy_VMP</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp" />
+    <ClCompile Include="Stack.cpp" />
+    <ClCompile Include="VMmain.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="Stack.h" />
+    <ClInclude Include="VM.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP/C_easy_VMP/C_easy_VMP.vcxproj.filters b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/C_easy_VMP.vcxproj.filters
new file mode 100644
index 0000000..2b58cb9
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/C_easy_VMP.vcxproj.filters
@@ -0,0 +1,36 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="æºæ–‡ä»¶">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="å¤´æ–‡ä»¶">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="èµ„æºæ–‡ä»¶">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="VMmain.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="Stack.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="VM.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="Stack.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP/C_easy_VMP/C_easy_VMP_code.rar b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/C_easy_VMP_code.rar
new file mode 100644
index 0000000..e3af73f
Binary files /dev/null and b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/C_easy_VMP_code.rar differ
diff --git a/RE-HCTF_450/C_easy_VMP/C_easy_VMP/MainEntry.cpp b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/MainEntry.cpp
new file mode 100644
index 0000000..0d8b698
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/MainEntry.cpp
@@ -0,0 +1,168 @@
+#include <cstdio>
+#include <Windows.h>
+#include "Stack.h"
+#include "VM.h"
+/*
+enum myVm
+{
+	VM_PUSH_EAX = 0,
+	VM_PUSH_NUM,
+	VM_POP_EAX,
+	VM_ADD,
+	VM_SUB,
+	VM_XOR,
+	VM_JMP,
+	VM_JZ,
+	VM_EXIT,
+	VM_CMP,
+
+	VM_STRLEN_CALL
+
+	};
+	*/
+int main()
+{
+	char stringIn[10] = {0};
+	scanf_s("%s", stringIn, 10);
+#ifdef _DEBUG
+	printf("addr = %x \n", stringIn);
+#endif
+	BYTE CODE[] =
+	{ 
+	VM_X00_START,
+	VM_PUSH_NUM,	//NUM1  push addr of input Str
+
+	VM_POP_EBX,
+	VM_PUSH_EBX,	//EBX = ADDR STR
+
+	VM_STRLEN_CALL, //pop addr, call strlen, push result
+
+	VM_PUSH_NUM,	//NUNM2 push 0x0 i = 0
+	VM_CMP,			//cmp <-----
+	VM_PUSH_NUM,	//push NUM3 is jum to exit
+	VM_JZ,			//pop NUM3 JZ  (18)
+	 
+	VM_POP_EAX,		//pop eax  ;eax = i
+
+	
+	VM_PUSH_EBX,	//EBX: push addr of input Str
+	VM_PUSH_EAX,	//PUSH i
+	
+	VM_ADD,			//Pop i ,add i str
+	VM_BYTE_MEM_GET, //POP STR, FIND BYTE STR, PUSH result
+	VM_PUSH_NUM,    //num push 6 (6)
+	VM_XOR,			//pop 6,top xor 6
+
+	VM_PUSH_EBX,	//EBX: push addr of input Str
+	VM_PUSH_EAX,	//PUSH i
+	VM_ADD,			//Pop i ,add i str
+	VM_BYTE_MEM_SET,//pop addr,pop result, Set That addr
+
+	VM_PUSH_EAX,	//EAX = i
+	VM_PUSH_NUM,	//NUM = 1
+	VM_ADD,			//I = I+1
+	VM_POP_EAX,		//eax = i
+	VM_PUSH_EAX,	//push to jmp
+
+	VM_PUSH_NUM,	//NUM5  jmp code
+	VM_JMP,			//circle jmp
+	VM_EXIT };
+	DWORD CODE_DATA[] =
+	{ 
+	(DWORD)stringIn,
+	0x000,
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+	};
+
+	StartVM(CODE, CODE_DATA);
+	if (!strcmp(stringIn, "745230"))
+	{
+		printf("YOU GOT IT\n");
+	}
+	else
+	{
+		printf("SORRY FAIL\n");
+	}
+#ifdef _DEBUG
+	printf("%s", stringIn);
+#endif
+	return 0;
+}
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP/C_easy_VMP/Stack.cpp b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/Stack.cpp
new file mode 100644
index 0000000..3928a6c
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/Stack.cpp
@@ -0,0 +1,33 @@
+#include "Stack.h"
+#include <stdio.h>
+//¼ÇµÃfree
+Stack CreateVmStack(int MaxSize)
+{
+	Stack S;
+	if (MaxSize < 1)
+		Error("Error the Stack is too small\n");
+	S = (VM_Stack *)malloc(sizeof(struct VM_Stack));
+	if (S == NULL)
+		Error("Create Stack Malloc Fail CODE 1");
+	S->vmStack = (PDWORD)malloc(sizeof(DWORD)*MaxSize);
+	if (S->vmStack == NULL)
+		Error("Create Stack Malloc Fail CODE 2");
+	memset(S->vmStack, sizeof(DWORD)*MaxSize, 0);
+	S->capacity = MaxSize;
+	S->TopOfStack = 0;
+	return S;
+	
+}
+void Stack_Push(DWORD xxx, Stack S)
+{
+	S->vmStack[++S->TopOfStack] = xxx;
+}
+void Stack_Pop(PDWORD xxx, Stack S)
+{
+	*xxx = S->vmStack[S->TopOfStack--];
+}
+void Error(char* xxx)
+{
+	printf("%s,LastError = %d", xxx,GetLastError());
+	exit(-1);
+}
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP/C_easy_VMP/Stack.h b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/Stack.h
new file mode 100644
index 0000000..fefd990
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/Stack.h
@@ -0,0 +1,13 @@
+#include <Windows.h>
+typedef struct VM_Stack *Stack;
+BOOL StartVM(PBYTE vmCode, PDWORD vmData);
+Stack CreateVmStack(int MaxSize);
+void Stack_Push(DWORD xxx, Stack S);
+void Stack_Pop(PDWORD xxx, Stack S);
+void Error(char* xxx);
+struct VM_Stack
+{
+	int capacity;
+	int TopOfStack;
+	PDWORD vmStack;
+};
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP/C_easy_VMP/VM.h b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/VM.h
new file mode 100644
index 0000000..5567f2b
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/VM.h
@@ -0,0 +1,44 @@
+#include <Windows.h>
+
+typedef struct _VMDATA
+{		//¶ÑÕ»
+	DWORD ESP;
+	DWORD EAX;
+	DWORD EBX;
+	DWORD ECX;
+	DWORD EDX;
+	DWORD ESI;
+	DWORD EDI;
+	DWORD EIP;
+	PBYTE OEP;
+	PBYTE CODE;
+	PDWORD DATA;
+	//PBYTE PARAM;
+	//PBYTE PARAM1;
+	BOOL  SFLAG;		//·ûºÅ±êÖ¾
+	BOOL  ZFLAG;		//Áã±êÖ¾
+} VMDATA, *PVMDATA;
+enum myVm
+{
+	VM_X00_START = 0,
+	VM_PUSH_EAX,
+	VM_POP_EAX,
+
+	VM_PUSH_EBX,
+	VM_POP_EBX,
+
+	VM_PUSH_NUM,
+	VM_BYTE_MEM_GET,
+	VM_BYTE_MEM_SET,
+
+	VM_ADD,
+	VM_SUB,
+	VM_XOR,
+	VM_JMP,
+	VM_JZ,
+	VM_EXIT,
+	VM_CMP,
+
+	VM_STRLEN_CALL
+
+};
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP/C_easy_VMP/VMmain.cpp b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/VMmain.cpp
new file mode 100644
index 0000000..a343fc7
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP/C_easy_VMP/VMmain.cpp
@@ -0,0 +1,175 @@
+#include "VM.h"
+#include"Stack.h"
+void CODE_PUSH(Stack xxx, DWORD DATA)
+{
+	Stack_Push(DATA, xxx);
+}
+void CODE_PUSH_NUM(Stack xxx, PVMDATA vm_data)
+{
+	Stack_Push(*(vm_data->DATA), xxx);
+	(vm_data->DATA)++;
+}
+void CODE_POP(Stack xxx, DWORD *REG)
+{
+	Stack_Pop(REG, xxx);
+}
+void CODE_ADD(Stack xxx, PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg, xxx);
+	xxx->vmStack[xxx->TopOfStack] += reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((xxx->vmStack[xxx->TopOfStack]) == 0);
+	vm_data->SFLAG = ((xxx->vmStack[xxx->TopOfStack]) < 0);
+}
+void CODE_SUB(Stack xxx, PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg, xxx);
+	xxx->vmStack[xxx->TopOfStack] -= reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((xxx->vmStack[xxx->TopOfStack]) == 0);
+	vm_data->SFLAG = ((xxx->vmStack[xxx->TopOfStack]) & 0x80000000);
+}
+void CODE_XOR(Stack xxx)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg, xxx);
+	xxx->vmStack[xxx->TopOfStack] ^= reg;
+}
+void CODE_JMP(Stack xxx, PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg, xxx);
+	vm_data->CODE = (vm_data->CODE) + (reg);
+}
+void CODE_JZ(Stack xxx, PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg, xxx);
+	if (vm_data->ZFLAG)
+		vm_data->CODE = (vm_data->CODE) + (reg);
+}
+void CODE_CMP(Stack xxx, PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	reg = (xxx->vmStack[(xxx->TopOfStack) - 1]) - (xxx->vmStack[xxx->TopOfStack]);
+	vm_data->ZFLAG = (reg == 0);
+}
+void CODE_BYTE_MEM_GET(Stack xxx)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg, xxx);
+	reg = *(BYTE*)reg;
+	Stack_Push(reg, xxx);
+}
+void CODE_BYTE_MEM_SET(Stack xxx)
+{
+	DWORD reg = NULL;
+	DWORD Addr = NULL;
+	BYTE  Data = NULL;
+	Stack_Pop(&Addr, xxx); //result
+	Stack_Pop(&reg, xxx);//address
+	_asm
+	{
+		push eax
+		xor eax, eax
+		mov eax, reg
+		mov Data,al
+		pop eax
+
+	}
+	*(BYTE*)Addr = Data;
+}
+void CODE_STRLEN_CALL(Stack xxx)
+{
+	DWORD reg = NULL;
+	DWORD STRLEN_RET = 0;
+	Stack_Pop(&reg, xxx);
+	STRLEN_RET = strlen((char*)(reg));
+	Stack_Push(STRLEN_RET, xxx);
+}
+void CODE_EXIT(Stack xxx)
+{
+	free(xxx->vmStack);
+	free(xxx);
+}
+
+BOOL StartVM(PBYTE vmCode,	PDWORD vmData)
+{
+	VMDATA vm_data;
+	Stack vm_Stack = CreateVmStack(64);
+
+	vm_data.OEP = vmCode;
+	vm_data.CODE = vmCode;
+	vm_data.DATA = vmData;
+	//vm_data.PARAM = vmparam;
+	//vm_data.PARAM1 = vmparam1;
+	vm_data.EAX = 0;
+	vm_data.EBX = 0;
+	vm_data.ECX = 0;
+	vm_data.EDX = 0;
+	vm_data.EDI = 0;
+	vm_data.ESI = 0;
+	vm_data.ESP = 0;
+	vm_data.SFLAG = FALSE;
+	vm_data.ZFLAG = FALSE;
+
+
+	while (vm_data.CODE++)
+	{
+		switch (*(vm_data.CODE))
+		{
+		case VM_PUSH_EAX:
+			CODE_PUSH(vm_Stack, vm_data.EAX);
+			break;
+		case VM_POP_EAX:
+			CODE_POP(vm_Stack, &(vm_data.EAX));
+			break;
+		case VM_PUSH_EBX:
+			CODE_PUSH(vm_Stack, vm_data.EBX);
+			break;
+		case VM_POP_EBX:
+			CODE_POP(vm_Stack, &(vm_data.EBX));
+			break;
+		case VM_PUSH_NUM:
+			CODE_PUSH_NUM(vm_Stack, &vm_data);
+			break;
+		case VM_ADD:
+			CODE_ADD(vm_Stack, &vm_data);
+			break;
+		case VM_SUB:
+			CODE_SUB(vm_Stack, &vm_data);
+			break;
+		case VM_XOR:
+			CODE_XOR(vm_Stack);
+			break;
+		case VM_JMP:
+			CODE_JMP(vm_Stack, &vm_data);
+			break;
+		case VM_JZ:
+			CODE_JZ(vm_Stack, &vm_data);
+			break;
+
+		case VM_STRLEN_CALL:
+			CODE_STRLEN_CALL(vm_Stack);
+			break;
+		case VM_CMP:
+			CODE_CMP(vm_Stack, &vm_data);
+			break;
+		case VM_BYTE_MEM_GET:
+			CODE_BYTE_MEM_GET(vm_Stack);
+			break;
+		case VM_BYTE_MEM_SET:
+			CODE_BYTE_MEM_SET(vm_Stack);
+			break;
+		case VM_EXIT:
+			CODE_EXIT(vm_Stack);
+			return TRUE;
+		default:
+			break;
+		}
+		
+	}
+	return FALSE;
+}
\ No newline at end of file
diff --git "a/RE-HCTF_450/C_easy_VMP/\344\273\243\347\240\201\350\231\232\346\213\237\347\272\246\345\256\232.txt" "b/RE-HCTF_450/C_easy_VMP/\344\273\243\347\240\201\350\231\232\346\213\237\347\272\246\345\256\232.txt"
new file mode 100644
index 0000000..bb53ca0
--- /dev/null
+++ "b/RE-HCTF_450/C_easy_VMP/\344\273\243\347\240\201\350\231\232\346\213\237\347\272\246\345\256\232.txt"
@@ -0,0 +1,20 @@
+×Ô¼ºÎ¬»¤Ò»¸öÕ»Óë¼¸¸ö¼Ä´æÆ÷£¬±êÖ¾Î»ÓÃÓÚÐéÄâ»¯´úÂë¡£
+¢ÙÐéÄâ»¯ºËÐÄÔ­Àí
+´úÂë²ð½â£º
+mov-->push,pop
+add-->push,push,VM_add,pop
+jmp-->push Á¢¼´Êý,jmp ¼ÆËãcode
+
+cmpÖ¸ÁîÓësubÖ¸ÁîÓÃadd´úÌæ£¿
+
+Ë«²Ù×÷ÊýÖ¸ÁîÔ¼¶¨£º
+pop³öÒ»¸öÓëÕ»ÖÐºóÒ»¸ö²Ù×÷¡£ËùÒÔÏÈÈëÕ»µÄÓÃÓÚ´¢´æ½á¹û
+
+Î±Ö¸ÁîÓë×Ô¶¨ÒåÖ¸Áî£º
+¿¼ÂÇÌâÄ¿ÄÑ¶È½øÐÐÐÞ¸Ä¡£
+
+callÖ¸Áî£º
+¿¼ÂÇ×Ô¼º·â×°ÖÐ¡£¡£¡£
+
+²»¿ÉÐéÄâÖ¸Áî£º
+ÔÝÎÞ´úÂë¡£ÐèÒªÔÝÊ±ÍË³öÐéÄâ»¯£¬»¹Ô­»·¾³µ÷ÓÃ¡£
diff --git a/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP.sln b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP.sln
new file mode 100644
index 0000000..8842ff3
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP.sln
@@ -0,0 +1,22 @@
+ï»¿
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "C_easy_VMP", "C_easy_VMP\C_easy_VMP.vcxproj", "{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.Build.0 = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.ActiveCfg = Release|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/C_easy_VMP.vcxproj b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/C_easy_VMP.vcxproj
new file mode 100644
index 0000000..af2096a
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/C_easy_VMP.vcxproj
@@ -0,0 +1,93 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>C_easy_VMP</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp" />
+    <ClCompile Include="Stack.cpp" />
+    <ClCompile Include="VMmain.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="Stack.h" />
+    <ClInclude Include="VM.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/C_easy_VMP.vcxproj.filters b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/C_easy_VMP.vcxproj.filters
new file mode 100644
index 0000000..2b58cb9
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/C_easy_VMP.vcxproj.filters
@@ -0,0 +1,36 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="æºæ–‡ä»¶">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="å¤´æ–‡ä»¶">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="èµ„æºæ–‡ä»¶">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="VMmain.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="Stack.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="VM.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="Stack.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/MainEntry.cpp b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/MainEntry.cpp
new file mode 100644
index 0000000..d6888c3
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/MainEntry.cpp
@@ -0,0 +1,174 @@
+#include <cstdio>
+#include <Windows.h>
+#include "Stack.h"
+#include "VM.h"
+/*
+enum myVm
+{
+	VM_PUSH_EAX = 0,
+	VM_PUSH_NUM,
+	VM_POP_EAX,
+	VM_ADD,
+	VM_SUB,
+	VM_XOR,
+	VM_JMP,
+	VM_JZ,
+	VM_EXIT,
+	VM_CMP,
+
+	VM_STRLEN_CALL
+
+	};
+	*/
+int main()
+{
+	char stringIn[10] = {0};
+	scanf_s("%s", stringIn, 10);
+#ifdef _DEBUG
+	printf("addr = %x \n", stringIn);
+#endif
+	BYTE CODE[] =
+	{ 
+	VM_X00_START,
+	VM_PUSH_NUM,	//NUM1  push addr of input Str
+
+	VM_POP_EBX,
+	VM_PUSH_EBX,	//EBX = ADDR STR
+
+	VM_STRLEN_CALL, //pop addr, call strlen, push result
+
+	VM_PUSH_NUM,	//NUNM2 push 0x0 i = 0
+	VM_CMP,			//cmp <-----
+	VM_PUSH_NUM,	//push NUM3 is jum to exit
+	VM_JZ,			//pop NUM3 JZ  (18)
+	 
+	VM_POP_EAX,		//pop eax  ;eax = i
+
+	
+	VM_PUSH_EBX,	//EBX: push addr of input Str
+	VM_PUSH_EAX,	//PUSH i
+	
+	VM_ADD,			//Pop i ,add i str
+	VM_BYTE_MEM_GET, //POP STR, FIND BYTE STR, PUSH result
+	VM_PUSH_NUM,    //num push 6 (6)
+	VM_XOR,			//pop 6,top xor 6
+
+	VM_PUSH_EBX,	//EBX: push addr of input Str
+	VM_PUSH_EAX,	//PUSH i
+	VM_ADD,			//Pop i ,add i str
+	VM_BYTE_MEM_SET,//pop addr,pop result, Set That addr
+
+	VM_PUSH_EAX,	//EAX = i
+	VM_PUSH_NUM,	//NUM = 1
+	VM_ADD,			//I = I+1
+	VM_POP_EAX,		//eax = i
+	VM_PUSH_EAX,	//
+
+	VM_PUSH_NUM,	//NUM5  jmp code
+	VM_JMP,			//circle jmp
+	VM_EXIT };
+	DWORD CODE_DATA[] =
+	{ 
+	(DWORD)stringIn,
+	0x000,
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+	}; 
+	VM_Function Fun1(64);
+	Fun1.StartVM(CODE, CODE_DATA);
+	printf("VM_2:%x\n", (int*)*(int*)(&Fun1));
+	typedef void(*Fun)(VOID);
+	Fun pFun = NULL;
+	pFun = (Fun)*((int*)*(int*)(&Fun1));
+	pFun();
+
+	if (!strcmp(stringIn, "745230"))
+	{
+		printf("YOU GOT IT\n");
+	}
+	else
+	{
+		printf("SORRY FAIL\n");
+	}
+#ifdef _DEBUG
+	printf("%s", stringIn);
+#endif
+	return 0;
+}
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/Stack.cpp b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/Stack.cpp
new file mode 100644
index 0000000..2a5cbf2
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/Stack.cpp
@@ -0,0 +1,31 @@
+#include "Stack.h"
+
+//¼ÇµÃfree
+VM_STACK::VM_STACK(int MaxSize)
+{
+	if (MaxSize < 1)
+		Error("Error the Stack is too small\n");
+	S = (VM_Stack *)malloc(sizeof(struct VM_Stack));
+	if (S == NULL)
+		Error("Create Stack Malloc Fail CODE 1");
+	S->vmStack = (PDWORD)malloc(sizeof(DWORD)*MaxSize);
+	if (S->vmStack == NULL)
+		Error("Create Stack Malloc Fail CODE 2");
+	memset(S->vmStack, sizeof(DWORD)*MaxSize, 0);
+	S->capacity = MaxSize;
+	S->TopOfStack = 0;
+
+}
+void VM_STACK::Stack_Push(DWORD xxx)
+{
+	S->vmStack[++S->TopOfStack] = xxx;
+}
+void VM_STACK::Stack_Pop(PDWORD xxx)
+{
+	*xxx = S->vmStack[S->TopOfStack--];
+}
+void VM_STACK::Error(char* xxx)
+{
+	printf("%s,LastError = %d", xxx, GetLastError());
+	exit(-1);
+}
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/Stack.h b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/Stack.h
new file mode 100644
index 0000000..4d95389
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/Stack.h
@@ -0,0 +1,31 @@
+#include <Windows.h>
+#include <stdio.h>
+#pragma once
+class VM_STACK
+{
+	struct VM_Stack
+	{
+		int capacity;
+		int TopOfStack;
+		PDWORD vmStack;
+	};
+	typedef struct VM_Stack *Stack;
+protected:
+	Stack S;
+	
+	//BOOL StartVM(PBYTE vmCode, PDWORD vmData);
+	
+public:
+	VM_STACK(int MaxSize);//CreateStack
+	void Stack_Push(DWORD xxx);
+	void Stack_Pop(PDWORD xxx);
+	~VM_STACK()
+	{
+		free(S->vmStack);
+		free(S);
+	}
+private:
+	
+	void Error(char* xxx);
+
+};
diff --git a/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/VM.h b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/VM.h
new file mode 100644
index 0000000..ce34eaa
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/VM.h
@@ -0,0 +1,84 @@
+#include <Windows.h>
+#include "Stack.h"
+#include <map>
+#include <cstdio>
+enum myVm
+{
+	VM_X00_START = 0,
+	VM_PUSH_EAX,
+	VM_POP_EAX,
+
+	VM_PUSH_EBX,
+	VM_POP_EBX,
+
+	VM_PUSH_NUM,
+	VM_BYTE_MEM_GET,
+	VM_BYTE_MEM_SET,
+
+	VM_ADD,
+	VM_SUB,
+	VM_XOR,
+	VM_JMP,
+	VM_JZ,
+	VM_EXIT,
+	VM_CMP,
+
+	VM_STRLEN_CALL
+
+};
+
+class VM_Function:public VM_STACK
+{
+	typedef struct _VMDATA
+	{
+		DWORD ESP;
+		DWORD EAX;
+		DWORD EBX;
+		DWORD ECX;
+		DWORD EDX;
+		DWORD ESI;
+		DWORD EDI;
+		DWORD EIP;
+		PBYTE OEP;
+		PBYTE CODE;
+		PDWORD DATA;
+		//PBYTE PARAM;
+		//PBYTE PARAM1;
+		BOOL  SFLAG;		//·ûºÅ±êÖ¾
+		BOOL  ZFLAG;		//Áã±êÖ¾
+	} VMDATA, *PVMDATA;
+
+	typedef void(VM_Function::*ProcessFuncPtr)(PVMDATA);
+
+	typedef void(VM_Function::*ProcessTest)();
+	ProcessTest calltest;
+
+	std::map<int, ProcessFuncPtr> ControlTable;
+	ProcessFuncPtr callname;
+	
+public:
+	VM_Function(int datax) ;
+	BOOL StartVM(PBYTE vmCode, PDWORD vmData);
+
+private:
+	virtual void CODE_X00_START();
+	void CODE_PUSH_EAX(PVMDATA vm_data);
+	void CODE_POP_EAX(PVMDATA vm_data);
+	void CODE_PUSH_EBX(PVMDATA vm_data);
+	void CODE_POP_EBX(PVMDATA vm_data);
+	void CODE_PUSH_NUM(PVMDATA vm_data);
+	
+	void CODE_ADD(PVMDATA vm_data);
+	void CODE_SUB(PVMDATA vm_data);
+	void CODE_XOR(PVMDATA vm_data);
+	void CODE_JMP(PVMDATA vm_data);
+	void CODE_JZ(PVMDATA vm_data);
+	void CODE_CMP(PVMDATA vm_data);
+	void CODE_BYTE_MEM_GET(PVMDATA vm_data);
+	void CODE_BYTE_MEM_SET(PVMDATA vm_data);
+	//CALLÖ¸Áî
+	void CODE_STRLEN_CALL(PVMDATA vm_data);
+	//ÐéÄâ»·¾³±ä»¯Ö¸Áî
+	void CODE_EXIT(PVMDATA vm_data);
+
+};
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/VMmain.cpp b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/VMmain.cpp
new file mode 100644
index 0000000..9226739
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_2/C_easy_VMP/VMmain.cpp
@@ -0,0 +1,222 @@
+#include "VM.h"
+VM_Function::VM_Function(int datax) :VM_STACK(datax)
+{
+	ControlTable[VM_X00_START] = 0x00;
+	ControlTable[VM_PUSH_EAX] = &VM_Function::CODE_PUSH_EAX;
+	ControlTable[VM_PUSH_EBX] = &VM_Function::CODE_PUSH_EBX;
+	ControlTable[VM_PUSH_NUM] = &VM_Function::CODE_PUSH_NUM;
+	ControlTable[VM_POP_EAX]  = &VM_Function::CODE_POP_EAX;
+	ControlTable[VM_POP_EBX]  = &VM_Function::CODE_POP_EBX;
+	ControlTable[VM_ADD]	  = &VM_Function::CODE_ADD;
+	ControlTable[VM_SUB]	  = &VM_Function::CODE_SUB;
+	ControlTable[VM_XOR]	  = &VM_Function::CODE_XOR;
+	ControlTable[VM_JMP]	  = &VM_Function::CODE_JMP;
+	ControlTable[VM_JZ]		  = &VM_Function::CODE_JZ;
+	ControlTable[VM_CMP]	  = &VM_Function::CODE_CMP;
+	ControlTable[VM_BYTE_MEM_GET] = &VM_Function::CODE_BYTE_MEM_GET;
+	ControlTable[VM_BYTE_MEM_SET] = &VM_Function::CODE_BYTE_MEM_SET;
+	ControlTable[VM_STRLEN_CALL]  = &VM_Function::CODE_STRLEN_CALL;
+	ControlTable[VM_EXIT]	  = &VM_Function::CODE_EXIT;
+	ProcessTest xxxx;
+	xxxx = &VM_Function::CODE_X00_START;
+	printf("VM_1:%x,  VM_1:%x\n", xxxx, *(int*)*(int*)(this));
+	calltest = xxxx;
+
+	(this->*calltest)();//ÕâÀïµÄClallÊÇÍ¨¹ýÒ»¸öÌø×ª±íÊµÏÖµÄ£¿ÎªÊ²Ã´£¿
+
+	typedef void(*Fun)(VOID);
+	Fun pFun = NULL;
+	pFun = (Fun)*((int*)*(int*)(this));
+	pFun();
+
+}
+void VM_Function::CODE_X00_START()
+{
+	printf("VM_Start\n");
+}
+void VM_Function::CODE_PUSH_EAX(PVMDATA vm_data)
+{
+	Stack_Push(vm_data->EAX);
+}
+void VM_Function::CODE_PUSH_EBX(PVMDATA vm_data)
+{
+	Stack_Push(vm_data->EBX);
+}
+void VM_Function::CODE_PUSH_NUM( PVMDATA vm_data)
+{
+	Stack_Push(*(vm_data->DATA));
+	(vm_data->DATA)++;
+}
+void VM_Function::CODE_POP_EAX(PVMDATA vm_data)
+{
+	Stack_Pop(&(vm_data->EAX));
+}
+void VM_Function::CODE_POP_EBX(PVMDATA vm_data)
+{
+	Stack_Pop(&(vm_data->EBX));
+}
+void VM_Function::CODE_ADD( PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] += reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((S->vmStack[S->TopOfStack]) == 0);
+	vm_data->SFLAG = ((S->vmStack[S->TopOfStack]) < 0);
+}
+void VM_Function::CODE_SUB(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] -= reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((S->vmStack[S->TopOfStack]) == 0);
+	vm_data->SFLAG = ((S->vmStack[S->TopOfStack]) & 0x80000000);
+}
+void VM_Function::CODE_XOR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] ^= reg;
+}
+void VM_Function::CODE_JMP(  PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg );
+	vm_data->CODE = (vm_data->CODE) + (reg);
+}
+void VM_Function::CODE_JZ( PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	if (vm_data->ZFLAG)
+		vm_data->CODE = (vm_data->CODE) + (reg);
+}
+void VM_Function::CODE_CMP(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	reg = (S->vmStack[(S->TopOfStack) - 1]) - (S->vmStack[S->TopOfStack]);
+	vm_data->ZFLAG = (reg == 0);
+}
+void VM_Function::CODE_BYTE_MEM_GET(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	reg = *(BYTE*)reg;
+	Stack_Push(reg);
+}
+void VM_Function::CODE_BYTE_MEM_SET(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	DWORD Addr = NULL;
+	BYTE  Data = NULL;
+	Stack_Pop(&Addr); //result
+	Stack_Pop(&reg);//address
+	_asm
+	{
+		push eax
+		xor eax, eax
+		mov eax, reg
+		mov Data,al
+		pop eax
+
+	}
+	*(BYTE*)Addr = Data;
+}
+void VM_Function::CODE_STRLEN_CALL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	DWORD STRLEN_RET = 0;
+	Stack_Pop(&reg);
+	STRLEN_RET = strlen((char*)(reg));
+	Stack_Push(STRLEN_RET);
+}
+void VM_Function::CODE_EXIT(PVMDATA vm_data)
+{
+	//free(xxx->vmStack);
+	//free(xxx);
+	vm_data->CODE = 0x0;
+	
+}
+//
+BOOL VM_Function::StartVM(PBYTE vmCode, PDWORD vmData)
+{
+	VMDATA vm_data;
+	//Stack vm_Stack = CreateVmStack(64);
+
+	vm_data.OEP = vmCode;
+	vm_data.CODE = vmCode;
+	vm_data.DATA = vmData;
+	//vm_data.PARAM = vmparam;
+	//vm_data.PARAM1 = vmparam1;
+	vm_data.EAX = 0;
+	vm_data.EBX = 0;
+	vm_data.ECX = 0;
+	vm_data.EDX = 0;
+	vm_data.EDI = 0;
+	vm_data.ESI = 0;
+	vm_data.ESP = 0;
+	vm_data.SFLAG = FALSE;
+	vm_data.ZFLAG = FALSE;
+	
+	
+	while (vm_data.CODE++)
+	{
+		callname = ControlTable[*(vm_data.CODE)];
+		(this->*callname)(&vm_data);
+		
+		/*switch (*(vm_data.CODE))
+		{
+		case VM_PUSH_EAX:
+			CODE_PUSH_EAX(&vm_data);
+			break;
+		case VM_POP_EAX:
+			CODE_POP_EAX(&vm_data);
+			break;
+		case VM_PUSH_EBX:
+			CODE_PUSH_EBX(&vm_data);
+			break;
+		case VM_POP_EBX:
+			CODE_POP_EBX(&vm_data);
+			break;
+		case VM_PUSH_NUM:
+			CODE_PUSH_NUM(&vm_data);
+			break;
+		case VM_ADD:
+			CODE_ADD(&vm_data);
+			break;
+		case VM_SUB:
+			CODE_SUB(&vm_data);
+			break;
+		case VM_XOR:
+			CODE_XOR(&vm_data);
+			break;
+		case VM_JMP:
+			CODE_JMP(&vm_data);
+			break;
+		case VM_JZ:
+			CODE_JZ(&vm_data);
+			break;
+
+		case VM_STRLEN_CALL:
+			CODE_STRLEN_CALL(&vm_data);
+			break;
+		case VM_CMP:
+			CODE_CMP(&vm_data);
+			break;
+		case VM_BYTE_MEM_GET:
+			CODE_BYTE_MEM_GET(&vm_data);
+			break;
+		case VM_BYTE_MEM_SET:
+			CODE_BYTE_MEM_SET(&vm_data);
+			break;
+		case VM_EXIT:
+			CODE_EXIT(&vm_data);
+			return TRUE;
+		default:
+			break;
+		}*/
+		
+	}
+	return FALSE;
+}
\ No newline at end of file
diff --git "a/RE-HCTF_450/C_easy_VMP_2/\344\273\243\347\240\201\346\265\213\350\257\225\347\211\210\346\234\2542.txt" "b/RE-HCTF_450/C_easy_VMP_2/\344\273\243\347\240\201\346\265\213\350\257\225\347\211\210\346\234\2542.txt"
new file mode 100644
index 0000000..930c110
--- /dev/null
+++ "b/RE-HCTF_450/C_easy_VMP_2/\344\273\243\347\240\201\346\265\213\350\257\225\347\211\210\346\234\2542.txt"
@@ -0,0 +1,5 @@
+ºËÐÄÔ­ÀíÏàÍ¬¡£
+¸Ä±ä£º
+1.³¢ÊÔÊ¹ÓÃC++±àÐ´¡£
+2.³õÊ¼»¯Ê±´´½¨Ò»¸öÐéÄâÖ¸Áîµ÷ÓÃ±í£¬Þð³ýswitch¡ªcaseÓï¾ä£¬²ÉÓÃÐéÄâÖ¸Áî±íµ÷ÓÃ²Ù×÷¡£
+
diff --git a/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP.sln b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP.sln
new file mode 100644
index 0000000..8842ff3
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP.sln
@@ -0,0 +1,22 @@
+ï»¿
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "C_easy_VMP", "C_easy_VMP\C_easy_VMP.vcxproj", "{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.Build.0 = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.ActiveCfg = Release|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/C_easy_VMP.vcxproj b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/C_easy_VMP.vcxproj
new file mode 100644
index 0000000..5e5a35b
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/C_easy_VMP.vcxproj
@@ -0,0 +1,94 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>C_easy_VMP</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp" />
+    <ClCompile Include="Stack.cpp" />
+    <ClCompile Include="VMmain.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="Code_Define.h" />
+    <ClInclude Include="Stack.h" />
+    <ClInclude Include="VM.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/C_easy_VMP.vcxproj.filters b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/C_easy_VMP.vcxproj.filters
new file mode 100644
index 0000000..3b2d11d
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/C_easy_VMP.vcxproj.filters
@@ -0,0 +1,39 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="æºæ–‡ä»¶">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="å¤´æ–‡ä»¶">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="èµ„æºæ–‡ä»¶">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="VMmain.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="Stack.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="VM.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="Stack.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="Code_Define.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/C_easy_VMP_code.rar b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/C_easy_VMP_code.rar
new file mode 100644
index 0000000..e3af73f
Binary files /dev/null and b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/C_easy_VMP_code.rar differ
diff --git a/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/Code_Define.h b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/Code_Define.h
new file mode 100644
index 0000000..0487457
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/Code_Define.h
@@ -0,0 +1,49 @@
+#include <Windows.h>
+#define General_VM 0x10
+enum myVm
+{
+	VM_X00_START = 0,
+
+	VM_PUSH, //ºËÐÄ´úÂë
+	VM_POP,
+
+	VM_ADD,	//¼ÆËã´úÂë
+	VM_SUB,
+	VM_XOR,
+	VM_CMP,
+
+	VM_JMP, //Ìø×ª´úÂë
+	VM_JZ,
+	VM_EXIT,
+	
+
+	VM_STRLEN_CALL,//CALL´úÂë£¿£¿
+	VM_FAKE_CALL
+
+};
+enum Code_Push_Parameter
+{
+	PUSH_EAX = 0x10,
+	PUSH_EBX = 0x20,
+	PUSH_MEM = 0x30,
+	PUSH_NUM = 0x40,
+	PUSH_MEM_BYTE = 0x1,
+	PUSH_MEM_WORD = 0x2,
+	PUSH_MEM_DWORD= 0x4
+
+};
+enum Code_Pop_Parameter
+{
+	POP_EAX = 0x10,
+	POP_EBX = 0x20,
+	POP_MEM = 0x30,
+	POP_DEL = 0x40,
+	POP_MEM_BYTE = 0x1,
+	POP_MEM_WORD = 0x2,
+	POP_MEM_DWORD= 0x4
+};
+enum Code_JumpFun
+{
+	Jump_From_EIP = 0x10,
+	Jump_From_OEP = 0X20
+};
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/MainEntry.cpp b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/MainEntry.cpp
new file mode 100644
index 0000000..7698acc
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/MainEntry.cpp
@@ -0,0 +1,175 @@
+#include <cstdio>
+#include <Windows.h>
+#include "Stack.h"
+#include "VM.h"
+/*
+enum myVm
+{
+	VM_PUSH_EAX = 0,
+	VM_PUSH_NUM,
+	VM_POP_EAX,
+	VM_ADD,
+	VM_SUB,
+	VM_XOR,
+	VM_JMP,
+	VM_JZ,
+	VM_EXIT,
+	VM_CMP,
+
+	VM_STRLEN_CALL
+
+	};
+	*/
+int main()
+{
+	char stringIn[10] = {0};
+	scanf_s("%s", stringIn, 10);
+#ifdef _DEBUG
+	printf("addr = %x \n", stringIn);
+#endif
+	DWORD CODE[] =
+	{ 
+	VM_X00_START, 
+	VM_PUSH, PUSH_NUM, (DWORD)stringIn, //NUM1  push addr of input Str
+		
+	VM_POP,POP_EBX,
+	VM_PUSH,PUSH_EBX,				//EBX = ADDR STR
+
+	VM_STRLEN_CALL, //pop addr, call strlen, push result
+
+	VM_PUSH, PUSH_NUM, 0x0,	//NUNM2 push 0x0 i = 0
+	VM_CMP,			//cmp <-----
+
+	VM_PUSH, PUSH_NUM, 0x23,	//push NUM3 is jum to exit
+	VM_JZ, Jump_From_EIP,		//pop NUM3 JZ  (18)
+	 
+	VM_POP,POP_EAX,		//pop eax  ;eax = i
+
+	VM_PUSH,PUSH_EBX,	//EBX: push addr of input Str
+	VM_PUSH,PUSH_EAX,	//PUSH i
+	
+	VM_ADD,			//Pop i ,add i str
+	VM_PUSH,PUSH_MEM|PUSH_MEM_BYTE, //POP STR, FIND BYTE STR, PUSH result
+	VM_PUSH,PUSH_NUM,0x6,    //num push 6 (6)
+	VM_XOR,			//pop 6,top xor 6
+
+	VM_PUSH,PUSH_EBX,	//EBX: push addr of input Str
+	VM_PUSH,PUSH_EAX,	//PUSH i
+	VM_ADD,			//Pop i ,add i str
+	VM_POP,POP_MEM|POP_MEM_BYTE,//pop addr,pop result, Set That addr       bug?
+
+	VM_PUSH,PUSH_EAX,	//EAX = i
+	VM_PUSH,PUSH_NUM,0x1,	//NUM = 1
+	VM_ADD,			//I = I+1
+	VM_POP,POP_EAX,		//eax = i
+	VM_PUSH,PUSH_EAX,	//
+
+	VM_PUSH,PUSH_NUM,-0x29,	//NUM5  jmp code
+	VM_JMP, Jump_From_EIP,		//circle jmp
+	VM_EXIT, VM_EXIT, VM_EXIT };
+	/*
+	DWORD CODE_DATA[] =
+	{ 
+	(DWORD)stringIn,
+	0x000,
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+
+	0x012,
+	0x006,
+	0x001,
+	-0x15,
+	}; */
+	VM_Function Fun1(64);
+	Fun1.StartVM(CODE);
+	printf("VM_2:%x\n", (int*)*(int*)(&Fun1));
+	//typedef void(*Fun)(VOID);
+	//Fun pFun = NULL;
+	//pFun = (Fun)*((int*)*(int*)(&Fun1));
+	//pFun();
+
+	if (!strcmp(stringIn, "745230"))
+	{
+		printf("YOU GOT IT\n");
+	}
+	else
+	{
+		printf("SORRY FAIL\n");
+	}
+#ifdef _DEBUG
+	printf("%s", stringIn);
+#endif
+	return 0;
+}
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/Stack.cpp b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/Stack.cpp
new file mode 100644
index 0000000..2a5cbf2
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/Stack.cpp
@@ -0,0 +1,31 @@
+#include "Stack.h"
+
+//¼ÇµÃfree
+VM_STACK::VM_STACK(int MaxSize)
+{
+	if (MaxSize < 1)
+		Error("Error the Stack is too small\n");
+	S = (VM_Stack *)malloc(sizeof(struct VM_Stack));
+	if (S == NULL)
+		Error("Create Stack Malloc Fail CODE 1");
+	S->vmStack = (PDWORD)malloc(sizeof(DWORD)*MaxSize);
+	if (S->vmStack == NULL)
+		Error("Create Stack Malloc Fail CODE 2");
+	memset(S->vmStack, sizeof(DWORD)*MaxSize, 0);
+	S->capacity = MaxSize;
+	S->TopOfStack = 0;
+
+}
+void VM_STACK::Stack_Push(DWORD xxx)
+{
+	S->vmStack[++S->TopOfStack] = xxx;
+}
+void VM_STACK::Stack_Pop(PDWORD xxx)
+{
+	*xxx = S->vmStack[S->TopOfStack--];
+}
+void VM_STACK::Error(char* xxx)
+{
+	printf("%s,LastError = %d", xxx, GetLastError());
+	exit(-1);
+}
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/Stack.h b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/Stack.h
new file mode 100644
index 0000000..255ae1e
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/Stack.h
@@ -0,0 +1,40 @@
+#include <Windows.h>
+#include <stdio.h>
+#pragma once
+class VM_STACK
+{
+	struct VM_Stack
+	{
+		int capacity;
+		int TopOfStack;
+		PDWORD vmStack;
+	};
+	typedef struct VM_Stack *Stack;
+protected:
+	Stack S;
+	
+	//BOOL StartVM(PBYTE vmCode, PDWORD vmData);
+	
+public:
+	VM_STACK(int MaxSize);//CreateStack
+	void Stack_Push(DWORD xxx);
+	void Stack_Pop(PDWORD xxx);
+#ifdef _DEBUG
+	void Debug_PrintStack()
+	{
+		printf("\n");
+		for (int i = 0; i <= S->TopOfStack; i++)
+			printf("Stack :  %d   ( %d )\n",i,S->vmStack[i]);
+		printf("\n");
+	}
+#endif
+	~VM_STACK()
+	{
+		free(S->vmStack);
+		free(S);
+	}
+private:
+	
+	void Error(char* xxx);
+
+};
diff --git a/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/VM.h b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/VM.h
new file mode 100644
index 0000000..3f4bd06
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/VM.h
@@ -0,0 +1,60 @@
+#include <map>
+#include <cstdio>
+#include "Stack.h"
+#include "Code_Define.h"
+class VM_Function:public VM_STACK
+{
+	typedef struct _VMDATA
+	{
+		//DWORD ESP;
+		DWORD EAX;
+		DWORD EBX;
+		//DWORD ECX;
+		//DWORD EDX;
+		//DWORD ESI;
+		//DWORD EDI;
+		//DWORD EIP;
+		DWORD OEP;
+		PDWORD CODE;
+		PDWORD DATA;
+		//PBYTE PARAM;
+		//PBYTE PARAM1;
+		BOOL  SFLAG;		//·ûºÅ±êÖ¾
+		BOOL  ZFLAG;		//Áã±êÖ¾
+
+	} VMDATA, *PVMDATA;
+
+	typedef void(VM_Function::*ProcessFuncPtr)(PVMDATA);
+
+	//typedef void(VM_Function::*ProcessTest)();
+	//ProcessTest calltest;
+
+	std::map<int, ProcessFuncPtr> ControlTable;
+	ProcessFuncPtr callname;
+	
+public:
+	VM_Function(int datax) ;
+	BOOL StartVM(PDWORD vmCode);
+
+private:
+	virtual void CODE_X00_START();
+	void CODE_PUSH(PVMDATA vm_data);
+	void CODE_POP(PVMDATA vm_data);
+
+	
+	void CODE_ADD(PVMDATA vm_data);
+	void CODE_SUB(PVMDATA vm_data);
+	void CODE_XOR(PVMDATA vm_data);
+	void CODE_JMP(PVMDATA vm_data);
+	void CODE_JZ(PVMDATA vm_data);
+	void CODE_CMP(PVMDATA vm_data);
+
+	//CALLÖ¸Áî
+	void CODE_STRLEN_CALL(PVMDATA vm_data);
+	void CODE_FAKE_CALL(PVMDATA vm_data);
+	//ÐéÄâ»·¾³±ä»¯Ö¸Áî
+	void CODE_EXIT(PVMDATA vm_data);
+
+	//×Óº¯Êý·µ»ØÖµ
+	DWORD VM_RET;
+};
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/VMmain.cpp b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/VMmain.cpp
new file mode 100644
index 0000000..29c8874
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_3/C_easy_VMP/VMmain.cpp
@@ -0,0 +1,349 @@
+#include "VM.h"
+VM_Function::VM_Function(int datax) :VM_STACK(datax)
+{
+	ControlTable[VM_X00_START] = 0x00;
+	ControlTable[VM_PUSH]	   = &VM_Function::CODE_PUSH;
+
+	ControlTable[VM_POP]	  = &VM_Function::CODE_POP;
+	ControlTable[VM_ADD]	  = &VM_Function::CODE_ADD;
+	ControlTable[VM_SUB]	  = &VM_Function::CODE_SUB;
+	ControlTable[VM_XOR]	  = &VM_Function::CODE_XOR;
+	ControlTable[VM_JMP]	  = &VM_Function::CODE_JMP;
+	ControlTable[VM_JZ]		  = &VM_Function::CODE_JZ;
+	ControlTable[VM_CMP]	  = &VM_Function::CODE_CMP;
+
+	ControlTable[VM_STRLEN_CALL]  = &VM_Function::CODE_STRLEN_CALL;
+	ControlTable[VM_EXIT]	  = &VM_Function::CODE_EXIT;
+	//ProcessTest xxxx;
+	//xxxx = &VM_Function::CODE_X00_START;
+	//printf("VM_1:%x,  VM_1:%x\n", xxxx, *(int*)*(int*)(this));
+	//calltest = xxxx;
+
+	//(this->*calltest)();//ÕâÀïµÄClallÊÇÍ¨¹ýÒ»¸öÌø×ª±íÊµÏÖµÄ£¿ÎªÊ²Ã´£¿
+
+	//typedef void(*Fun)(VOID);
+	//Fun pFun = NULL;
+	//pFun = (Fun)*((int*)*(int*)(this));
+	//pFun();
+
+}
+void VM_Function::CODE_X00_START()
+{
+	printf("VM_Start\n");
+}
+void VM_Function::CODE_PUSH(PVMDATA vm_data)
+{
+	DWORD reg = *((vm_data->CODE)+2);
+	switch ((*(++vm_data->CODE))&0x70)
+	{
+	case PUSH_EAX:
+		Stack_Push(vm_data->EAX);
+		break;
+	case PUSH_EBX:
+		Stack_Push(vm_data->EBX);
+		break;
+	case PUSH_MEM:
+		Stack_Pop(&reg);
+	
+		switch ((*vm_data->CODE) & 0x7)
+		{
+		case PUSH_MEM_BYTE:
+			reg = *(BYTE*)reg;
+			break;
+		case PUSH_MEM_WORD:
+			reg = *(WORD*)reg;
+			break;
+		case PUSH_MEM_DWORD:
+			reg = *(DWORD*)reg;
+			break;
+		default:
+			break;
+		}
+		Stack_Push(reg);
+		break;
+	case PUSH_NUM:
+		Stack_Push(reg);
+		(vm_data->CODE)++;
+		break;
+	default:
+		break;
+	}
+	
+}
+/*
+void VM_Function::CODE_PUSH_EBX(PVMDATA vm_data)
+{
+	Stack_Push(vm_data->EBX);
+}
+void VM_Function::CODE_PUSH_NUM( PVMDATA vm_data)
+{
+	Stack_Push(*(vm_data->DATA));
+	(vm_data->DATA)++;
+}
+void VM_Function::CODE_POP_EBX(PVMDATA vm_data)
+{
+Stack_Pop(&(vm_data->EBX));
+}*/
+void VM_Function::CODE_POP(PVMDATA vm_data)
+{
+	DWORD reg = 0;
+	BYTE DataB = 0;
+	WORD DataW = 0;
+	DWORD DataDW = 0;
+	DWORD Addr = 0;
+	switch ((*(++vm_data->CODE)) & 0x70)
+	{
+	case POP_EAX:
+		Stack_Pop(&(vm_data->EAX));
+		break;
+	case POP_EBX:
+		Stack_Pop(&(vm_data->EBX));
+		break;
+	case POP_MEM:
+		
+		Stack_Pop(&Addr);
+		Stack_Pop(&reg);
+		
+		switch ((*vm_data->CODE) & 0x7)
+		{
+		case POP_MEM_BYTE:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataB, al
+				pop eax
+			}
+			*(BYTE*)Addr = DataB;
+			break;
+		case POP_MEM_WORD:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataW, ax
+				pop eax
+			}
+			*(WORD*)Addr = DataW;
+			break;
+		case POP_MEM_DWORD:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataDW,eax
+				pop eax
+			}
+			*(DWORD*)Addr = DataDW;
+			break;
+		default:
+			break;
+		}
+		//(vm_data->CODE)++;
+		break;
+	case POP_DEL:
+		Stack_Pop(&reg);
+		break;
+	default:
+		break;
+	}
+
+}
+
+void VM_Function::CODE_ADD( PVMDATA vm_data)
+{
+	
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] += reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((S->vmStack[S->TopOfStack]) == 0);
+	vm_data->SFLAG = ((S->vmStack[S->TopOfStack]) < 0);
+}
+void VM_Function::CODE_SUB(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] -= reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((S->vmStack[S->TopOfStack]) == 0);
+	vm_data->SFLAG = ((S->vmStack[S->TopOfStack]) & 0x80000000);
+}
+void VM_Function::CODE_XOR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] ^= reg;
+	
+}
+void VM_Function::CODE_JMP( PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg );
+	(vm_data->CODE)++;
+	if (Jump_From_EIP == *(vm_data->CODE))
+		vm_data->CODE = (vm_data->CODE) + (reg);
+	if (Jump_From_OEP == *(vm_data->CODE))
+		vm_data->CODE = (PDWORD)(vm_data->OEP) + (reg);
+	
+}
+void VM_Function::CODE_JZ( PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	(vm_data->CODE)++;
+	if (vm_data->ZFLAG)
+	{
+		if (Jump_From_EIP == *(vm_data->CODE))
+			vm_data->CODE = (vm_data->CODE) + (reg);
+		if (Jump_From_OEP == *(vm_data->CODE))
+			vm_data->CODE = (PDWORD)(vm_data->OEP) + (reg);
+
+		vm_data->ZFLAG = 0;
+	}
+	
+}
+void VM_Function::CODE_CMP(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	reg = (S->vmStack[(S->TopOfStack) - 1]) - (S->vmStack[S->TopOfStack]);
+	vm_data->ZFLAG = (reg == 0);
+	
+}
+/*
+void VM_Function::CODE_BYTE_MEM_GET(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	reg = *(BYTE*)reg;
+	Stack_Push(reg);
+}
+void VM_Function::CODE_BYTE_MEM_SET(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	DWORD Addr = NULL;
+	BYTE  Data = NULL;
+	Stack_Pop(&Addr); //result
+	Stack_Pop(&reg);//address
+	_asm
+	{
+		push eax
+		xor eax, eax
+		mov eax, reg
+		mov Data,al
+		pop eax
+
+	}
+	*(BYTE*)Addr = Data;
+}*/
+void VM_Function::CODE_STRLEN_CALL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	DWORD STRLEN_RET = 0;
+	Stack_Pop(&reg);
+	STRLEN_RET = strlen((char*)(reg));
+	Stack_Push(STRLEN_RET);
+}
+void VM_Function::CODE_FAKE_CALL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	StartVM((PDWORD)reg);
+	Stack_Push(VM_RET);
+}
+void VM_Function::CODE_EXIT(PVMDATA vm_data)
+{
+	//free(xxx->vmStack);
+	//free(xxx);
+	vm_data->CODE = 0x0;
+	
+}
+//
+BOOL VM_Function::StartVM(PDWORD vmCode)
+{
+	VMDATA vm_data;
+	//Stack vm_Stack = CreateVmStack(64);
+
+	vm_data.OEP = (DWORD)vmCode;
+	vm_data.CODE = vmCode;
+	//vm_data.DATA = vmData;
+	//vm_data.PARAM = vmparam;
+	//vm_data.PARAM1 = vmparam1;
+	vm_data.EAX = 0;
+	vm_data.EBX = 0;
+	//vm_data.ECX = 0;
+	//vm_data.EDX = 0;
+	//vm_data.EDI = 0;
+	//vm_data.ESI = 0;
+	//vm_data.ESP = 0;
+	vm_data.SFLAG = FALSE;
+	vm_data.ZFLAG = FALSE;
+	
+	
+	while (vm_data.CODE++)
+	{
+		DWORD XXXX = *(vm_data.CODE);
+		callname = ControlTable[*(vm_data.CODE)];
+		(this->*callname)(&vm_data);
+		
+		/*switch (*(vm_data.CODE))
+		{
+		case VM_PUSH_EAX:
+			CODE_PUSH_EAX(&vm_data);
+			break;
+		case VM_POP_EAX:
+			CODE_POP_EAX(&vm_data);
+			break;
+		case VM_PUSH_EBX:
+			CODE_PUSH_EBX(&vm_data);
+			break;
+		case VM_POP_EBX:
+			CODE_POP_EBX(&vm_data);
+			break;
+		case VM_PUSH_NUM:
+			CODE_PUSH_NUM(&vm_data);
+			break;
+		case VM_ADD:
+			CODE_ADD(&vm_data);
+			break;
+		case VM_SUB:
+			CODE_SUB(&vm_data);
+			break;
+		case VM_XOR:
+			CODE_XOR(&vm_data);
+			break;
+		case VM_JMP:
+			CODE_JMP(&vm_data);
+			break;
+		case VM_JZ:
+			CODE_JZ(&vm_data);
+			break;
+
+		case VM_STRLEN_CALL:
+			CODE_STRLEN_CALL(&vm_data);
+			break;
+		case VM_CMP:
+			CODE_CMP(&vm_data);
+			break;
+		case VM_BYTE_MEM_GET:
+			CODE_BYTE_MEM_GET(&vm_data);
+			break;
+		case VM_BYTE_MEM_SET:
+			CODE_BYTE_MEM_SET(&vm_data);
+			break;
+		case VM_EXIT:
+			CODE_EXIT(&vm_data);
+			return TRUE;
+		default:
+			break;
+		}*/
+		
+	}
+	return FALSE;
+}
\ No newline at end of file
diff --git "a/RE-HCTF_450/C_easy_VMP_3/\344\273\243\347\240\201\344\277\256\346\224\271\347\211\210\346\234\2543.txt" "b/RE-HCTF_450/C_easy_VMP_3/\344\273\243\347\240\201\344\277\256\346\224\271\347\211\210\346\234\2543.txt"
new file mode 100644
index 0000000..8b055fa
--- /dev/null
+++ "b/RE-HCTF_450/C_easy_VMP_3/\344\273\243\347\240\201\344\277\256\346\224\271\347\211\210\346\234\2543.txt"
@@ -0,0 +1,9 @@
+ºËÐÄÔ­ÀíÏàÍ¬¡£
+¸Ä±ä£º
+.ËùÓÐÖ¸Áî²Ù×÷Ê¹ÓÃ°ë3µØÖ·Ö¸Áî»¯
+.°ëÐéÄâ»¯¸÷ÖÖÑ­»·²Ù×÷
+
+
+ÆäËüÐÞ¸Ä£º
+×Ö½ÚÂë²»ÔÙ´ÓÍ·¼ÓÔØ£¬´ÓÖÐ¼ä¼ÓÔØ£¬ÆäËü¿É×÷ÎªÊý¾Ý»òÕß×Óº¯Êý´¦Àí¡£
+VM_DATA±»É¾³ý£¬Ìí¼ÓVM_RETÓÃÓÚVM_CALLµÄ·µ»Ø
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP.sln b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP.sln
new file mode 100644
index 0000000..97e6793
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP.sln
@@ -0,0 +1,25 @@
+ï»¿
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "C_easy_VMP", "C_easy_VMP\C_easy_VMP.vcxproj", "{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.Build.0 = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.ActiveCfg = Release|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(Performance) = preSolution
+		HasPerformanceSessions = true
+	EndGlobalSection
+EndGlobal
diff --git a/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/C_easy_VMP.vcxproj b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/C_easy_VMP.vcxproj
new file mode 100644
index 0000000..5e5a35b
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/C_easy_VMP.vcxproj
@@ -0,0 +1,94 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>C_easy_VMP</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp" />
+    <ClCompile Include="Stack.cpp" />
+    <ClCompile Include="VMmain.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="Code_Define.h" />
+    <ClInclude Include="Stack.h" />
+    <ClInclude Include="VM.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/C_easy_VMP.vcxproj.filters b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/C_easy_VMP.vcxproj.filters
new file mode 100644
index 0000000..3b2d11d
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/C_easy_VMP.vcxproj.filters
@@ -0,0 +1,39 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="æºæ–‡ä»¶">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="å¤´æ–‡ä»¶">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="èµ„æºæ–‡ä»¶">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="VMmain.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="Stack.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="VM.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="Stack.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="Code_Define.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/Code_Define.h b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/Code_Define.h
new file mode 100644
index 0000000..fd78d0e
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/Code_Define.h
@@ -0,0 +1,58 @@
+#include <Windows.h>
+#define General_VM 0x10
+enum myVm
+{
+	VM_X00_START = 0,
+
+	VM_PUSH, //ºËÐÄ´úÂë
+	VM_POP,
+
+	VM_ADD,	//¼ÆËã´úÂë
+	VM_SUB,
+	VM_XOR,
+	VM_CMP,
+			//Âß¼­´úÂë
+	VM_SHR,
+	VM_SHL,
+	VM_AND,
+	VM_OR,
+
+	VM_JMP, //Ìø×ª´úÂë
+	VM_JZ,
+	VM_EXIT,
+	
+#ifdef _DEBUG
+	VM_DEBUG_BREAK,
+#endif
+	VM_STRLEN_CALL,//CALL´úÂë£¿£¿
+	VM_FAKE_CALL
+
+
+
+};
+enum Code_Push_Parameter
+{
+	PUSH_EAX = 0x10,
+	PUSH_EBX = 0x20,
+	PUSH_MEM = 0x30,
+	PUSH_NUM = 0x40,
+	PUSH_MEM_BYTE = 0x1,
+	PUSH_MEM_WORD = 0x2,
+	PUSH_MEM_DWORD= 0x4
+
+};
+enum Code_Pop_Parameter
+{
+	POP_EAX = 0x10,
+	POP_EBX = 0x20,
+	POP_MEM = 0x30,
+	POP_DEL = 0x40,
+	POP_MEM_BYTE = 0x1,
+	POP_MEM_WORD = 0x2,
+	POP_MEM_DWORD= 0x4
+};
+enum Code_JumpFun
+{
+	Jump_From_EIP = 0x10,
+	Jump_From_OEP = 0X20
+};
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/MainEntry.cpp b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/MainEntry.cpp
new file mode 100644
index 0000000..3dfc1c1
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/MainEntry.cpp
@@ -0,0 +1,264 @@
+#include <cstdio>
+#include <Windows.h>
+#include "Stack.h"
+#include "VM.h"
+
+int main()
+{
+
+	char Check_HCTF[] = "\x7b\x70\x6a\x67\x72\x73\x75\x55\x44\x32\x48\x50\x11\x12\x13\x14\x15";
+#ifdef _DEBUG
+	char stringIn[] = "HCTF{123456789123456789}";
+	printf("addr1 = %x \n", stringIn);
+	printf("addr2 = %d \n", Check_HCTF);
+#else
+	char stringIn[40] = {0};
+	scanf_s("%s", stringIn, 40);
+#endif
+	/*
+	DWORD CODE[] =
+	{ 
+	VM_X00_START, 
+	VM_PUSH, PUSH_NUM, (DWORD)stringIn, //NUM1  push addr of input Str
+		
+	VM_POP,POP_EBX,
+	VM_PUSH,PUSH_EBX,				//EBX = ADDR STR
+
+	VM_STRLEN_CALL, //pop addr, call strlen, push result
+
+	VM_PUSH, PUSH_NUM, 0x0,	//NUNM2 push 0x0 i = 0
+	VM_CMP,			//cmp <-----
+
+	VM_PUSH, PUSH_NUM, 0x23,	//push NUM3 is jum to exit
+	VM_JZ, Jump_From_EIP,		//pop NUM3 JZ  (18)
+	 
+	VM_POP,POP_EAX,		//pop eax  ;eax = i
+
+	VM_PUSH,PUSH_EBX,	//EBX: push addr of input Str
+	VM_PUSH,PUSH_EAX,	//PUSH i
+	
+	VM_ADD,				//Pop i ,add i str
+	VM_PUSH,PUSH_MEM|PUSH_MEM_BYTE, //POP STR, FIND BYTE STR, PUSH result
+	VM_PUSH,PUSH_NUM,0x6,    //num push 6 (6)
+	VM_XOR,					 //pop 6,top xor 6
+
+	VM_PUSH,PUSH_EBX,	//EBX: push addr of input Str
+	VM_PUSH,PUSH_EAX,	//PUSH i
+	VM_ADD,				//Pop i ,add i str
+	VM_POP,POP_MEM|POP_MEM_BYTE,//pop addr,pop result, Set That addr      
+
+	VM_PUSH,PUSH_EAX,	//EAX = i
+	VM_PUSH,PUSH_NUM,0x1,	//NUM = 1
+	VM_ADD,			//I = I+1
+	VM_POP,POP_EAX,		//eax = i
+	VM_PUSH,PUSH_EAX,	//
+
+	VM_PUSH,PUSH_NUM,-0x29,	//NUM5  jmp code
+	VM_JMP, Jump_From_EIP,		//circle jmp
+	VM_EXIT };
+	*/
+	DWORD CODE[] =
+	{
+		/////////////////////////Data and function/////////////////////
+		VM_EXIT,
+		VM_EXIT,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		/////////////////////////fun1 strlen////////////////////////////////
+		VM_PUSH, PUSH_NUM, (DWORD)stringIn, //NUM1  push addr of input Str  *stack 1
+		VM_POP, POP_EBX,
+		VM_PUSH, PUSH_EBX,					//EBX = ADDR STR
+		VM_PUSH, PUSH_EBX,					//±£´æÒ»´Î addr of input str
+		VM_STRLEN_CALL,						//pop addr, call strlen, push result *stack1
+		VM_PUSH, PUSH_NUM, 0x18,			
+		VM_CMP,								//¼ÆËã³¤¶ÈÊÇ·ñÎª24  *stack 2
+
+		VM_PUSH, PUSH_NUM, 0x7,			    //push jmp next func(jmpto_fun2)  *stack 3
+		VM_JZ, Jump_From_EIP,				//pop and JZ  (18)	*stack 2
+		VM_PUSH, PUSH_NUM, 0,				//jmp code to Fail   *stack 3
+		VM_JMP, Jump_From_OEP,				//jmp   *stack 2
+		///////////////////////fun2 xor HCTF{//////////////////////////////
+
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä£¨¿ÉÒÔÉ¾³ý£©*Stack 1 topofStack:length of addr 
+		VM_PUSH, PUSH_NUM, 0x5,				//HCTF{ 5¸ö
+		VM_PUSH, PUSH_NUM, 0x0,				//push 0x0 i = 0  *Stack 2
+		VM_CMP,			//cmp <-----
+
+		VM_PUSH, PUSH_NUM, 0x23,	//push NUM3 is jum to exit
+		VM_JZ, Jump_From_EIP,		//pop NUM3 JZ  (18)
+
+		VM_POP, POP_EAX,		//pop eax  ;eax = i
+		VM_PUSH, PUSH_EBX,	//EBX: push addr of input Str
+		VM_PUSH, PUSH_EAX,	//PUSH i
+		VM_ADD,				//Pop i ,add i str
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE, //POP STR, FIND BYTE STR, PUSH result
+		VM_PUSH, PUSH_NUM, 0x33,    //num push 0x33 
+		VM_XOR,					 //pop 0x33,top xor 0x33
+
+		VM_PUSH, PUSH_EBX,			   //EBX: push addr of input Str
+		VM_PUSH, PUSH_EAX,			   //PUSH i
+		VM_ADD,						   //Pop i ,add i str
+		VM_POP, POP_MEM | POP_MEM_BYTE,//pop addr,pop result, Set That addr     
+
+		VM_PUSH, PUSH_EAX,	//EAX = i
+		VM_PUSH, PUSH_NUM, 0x1,	//NUM = 1
+		VM_ADD,			//I = I+1
+		VM_POP, POP_EAX,		//eax = i
+		VM_PUSH, PUSH_EAX,	//
+
+		VM_PUSH, PUSH_NUM, -0x29,	//NUM5  jmp code
+		VM_JMP, Jump_From_EIP,		//circle jmp
+		////////////////func check last '}'///////////////////////////
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä *Stack 2 topofStack:length of addr X 2
+		VM_PUSH, PUSH_EBX,					//EBX: push addr of input Str
+		VM_ADD,								 //Pop STR ,add 24  str
+		VM_PUSH, PUSH_NUM, 0x1,
+		VM_SUB,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+	
+		VM_PUSH, PUSH_NUM, 0x33,		//num push 0x33 
+		VM_XOR,							//pop 0x33,top xor 0x33
+		VM_PUSH, PUSH_NUM, 0x4E,		//num push 0x4e
+		VM_CMP,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0,				//jmp code to Fail   *stack 3
+		VM_JMP, Jump_From_OEP,
+		///////////////////func push HCTF{ xor 0x33////////////////////////////////
+
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä 
+		
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_SUB,
+		VM_POP, POP_EAX,
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH,PUSH_NUM,0x5,		//Jmp to next Fun
+		VM_JZ, Jump_From_EIP,
+		
+		VM_PUSH,PUSH_NUM, -0x23,	//Circle Jmp
+		VM_JMP, Jump_From_EIP,
+		///////////////////fun check HCTF{/////////////////////////////////////
+
+
+		VM_PUSH,PUSH_NUM,0,
+		VM_POP,POP_EBX,				//EBX = i		
+		VM_PUSH, PUSH_NUM, (DWORD)Check_HCTF,
+		VM_POP,POP_EAX,				//EAX = ADDR Check_HCTF
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_EAX,			//EAX = EAX+i
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_CMP,
+		VM_PUSH,PUSH_NUM,0x5,  // <------ok
+		
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_JMP,Jump_From_OEP,  //  <----- Fail
+
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä 
+		
+		VM_PUSH,PUSH_EBX,
+		VM_PUSH,PUSH_NUM,1,
+
+		VM_ADD,
+		VM_POP,POP_EBX,
+
+		VM_PUSH,PUSH_EBX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_CMP,
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä 
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, -0x36,
+		VM_JMP,Jump_From_EIP,
+
+		///////////////////fun Ñ¹ËõÈëÕ»Ä£¿é//////////////////////////////
+
+		
+		VM_POP,POP_EAX,					//EAX = strlen(Input Str)
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_POP,POP_EBX,					//EBX = ADDR STR IN
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EAX,
+		VM_XOR,
+		VM_POP,POP_EAX,
+		VM_PUSH, PUSH_EAX,					//Õâ¸ö¿Õ¼ä´æ·Å×ÅÄÇ¸ö½á¹û
+		
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x4,//£¡£¡£¡
+		VM_CMP,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_JZ,Jump_From_EIP,
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_NUM,0x3,
+		VM_SHL,
+		VM_SHL,
+		VM_OR,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_ADD,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,0,//£¡£¡£¡
+		VM_JMP,Jump_From_EIP,
+
+		VM_DEBUG_BREAK,
+		
+		
+
+
+
+
+		VM_EXIT
+		
+
+		
+		
+		
+	};
+	VM_Function Fun1(64);
+	Fun1.StartVM(CODE+2);
+	/*printf("VM_2:%x\n", (int*)*(int*)(&Fun1));
+	
+	if (!strcmp(stringIn, "745230"))
+	{
+		printf("YOU GOT IT\n");
+	}
+	else
+	{
+		printf("SORRY FAIL\n");
+	}*/
+#ifdef _DEBUG
+	printf("%s\n", stringIn);
+	for (int i = 0; i < strlen(stringIn); i++)
+	{
+		printf("%3d  ( %3x ) ( %3c )\n", i, stringIn[i], stringIn[i]);
+	}
+#endif
+	return 0;
+}
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/Stack.cpp b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/Stack.cpp
new file mode 100644
index 0000000..2a5cbf2
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/Stack.cpp
@@ -0,0 +1,31 @@
+#include "Stack.h"
+
+//¼ÇµÃfree
+VM_STACK::VM_STACK(int MaxSize)
+{
+	if (MaxSize < 1)
+		Error("Error the Stack is too small\n");
+	S = (VM_Stack *)malloc(sizeof(struct VM_Stack));
+	if (S == NULL)
+		Error("Create Stack Malloc Fail CODE 1");
+	S->vmStack = (PDWORD)malloc(sizeof(DWORD)*MaxSize);
+	if (S->vmStack == NULL)
+		Error("Create Stack Malloc Fail CODE 2");
+	memset(S->vmStack, sizeof(DWORD)*MaxSize, 0);
+	S->capacity = MaxSize;
+	S->TopOfStack = 0;
+
+}
+void VM_STACK::Stack_Push(DWORD xxx)
+{
+	S->vmStack[++S->TopOfStack] = xxx;
+}
+void VM_STACK::Stack_Pop(PDWORD xxx)
+{
+	*xxx = S->vmStack[S->TopOfStack--];
+}
+void VM_STACK::Error(char* xxx)
+{
+	printf("%s,LastError = %d", xxx, GetLastError());
+	exit(-1);
+}
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/Stack.h b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/Stack.h
new file mode 100644
index 0000000..4c75167
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/Stack.h
@@ -0,0 +1,40 @@
+#include <Windows.h>
+#include <stdio.h>
+#pragma once
+class VM_STACK
+{
+	struct VM_Stack
+	{
+		int capacity;
+		int TopOfStack;
+		PDWORD vmStack;
+	};
+	typedef struct VM_Stack *Stack;
+protected:
+	Stack S;
+	
+	//BOOL StartVM(PBYTE vmCode, PDWORD vmData);
+	
+public:
+	VM_STACK(int MaxSize);//CreateStack
+	void Stack_Push(DWORD xxx);
+	void Stack_Pop(PDWORD xxx);
+#ifdef _DEBUG
+	void Debug_PrintStack()
+	{
+		printf("\n");
+		for (int i = 0; i <= S->TopOfStack; i++)
+			printf("Stack :  %d   ( %x )\n",i,S->vmStack[i]);
+		printf("\n");
+	}
+#endif
+	~VM_STACK()
+	{
+		free(S->vmStack);
+		free(S);
+	}
+private:
+	
+	void Error(char* xxx);
+
+};
diff --git a/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/VM.h b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/VM.h
new file mode 100644
index 0000000..c79459c
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/VM.h
@@ -0,0 +1,62 @@
+#include <map>
+#include <cstdio>
+#include "Stack.h"
+#include "Code_Define.h"
+class VM_Function:public VM_STACK
+{
+	typedef struct _VMDATA
+	{
+
+		DWORD EAX;
+		DWORD EBX;
+
+		DWORD OEP;
+		PDWORD CODE;
+		PDWORD DATA;
+
+		BOOL  SFLAG;		//·ûºÅ±êÖ¾
+		BOOL  ZFLAG;		//Áã±êÖ¾
+
+	} VMDATA, *PVMDATA;
+
+	typedef void(VM_Function::*ProcessFuncPtr)(PVMDATA);
+
+	//typedef void(VM_Function::*ProcessTest)();
+	//ProcessTest calltest;
+
+	std::map<int, ProcessFuncPtr> ControlTable;
+	ProcessFuncPtr callname;
+	
+public:
+	VM_Function(int datax) ;
+	BOOL StartVM(PDWORD vmCode);
+
+private:
+	virtual void CODE_X00_START();
+	void CODE_PUSH(PVMDATA vm_data);
+	void CODE_POP(PVMDATA vm_data);
+
+	
+	void CODE_ADD(PVMDATA vm_data);
+	void CODE_SUB(PVMDATA vm_data);
+	void CODE_XOR(PVMDATA vm_data);
+	void CODE_JMP(PVMDATA vm_data);
+	void CODE_JZ(PVMDATA vm_data);
+	void CODE_CMP(PVMDATA vm_data);
+	//Âß¼­Ö¸Áî
+	void CODE_SHR(PVMDATA vm_data);
+	void CODE_SHL(PVMDATA vm_data);
+	void CODE_AND(PVMDATA vm_data);
+	void CODE_OR(PVMDATA vm_data);
+
+	//CALLÖ¸Áî
+	void CODE_STRLEN_CALL(PVMDATA vm_data);
+	void CODE_FAKE_CALL(PVMDATA vm_data);
+	//ÐéÄâ»·¾³±ä»¯Ö¸Áî
+	void CODE_EXIT(PVMDATA vm_data);
+#ifdef _DEBUG
+	void CODE_DBG_BREAK(PVMDATA vm_data);
+#endif
+	//×Óº¯Êý·µ»ØÖµ
+	DWORD VM_RET;
+};
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/VMmain.cpp b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/VMmain.cpp
new file mode 100644
index 0000000..94c6ce4
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_4/C_easy_VMP/VMmain.cpp
@@ -0,0 +1,287 @@
+#include "VM.h"
+VM_Function::VM_Function(int datax) :VM_STACK(datax)
+{
+	ControlTable[VM_X00_START] = 0x00;
+	ControlTable[VM_PUSH]	   = &VM_Function::CODE_PUSH;
+
+	ControlTable[VM_POP]	  = &VM_Function::CODE_POP;
+	ControlTable[VM_ADD]	  = &VM_Function::CODE_ADD;
+	ControlTable[VM_SUB]	  = &VM_Function::CODE_SUB;
+	ControlTable[VM_XOR]	  = &VM_Function::CODE_XOR;
+	ControlTable[VM_JMP]	  = &VM_Function::CODE_JMP;
+	ControlTable[VM_JZ]		  = &VM_Function::CODE_JZ;
+	ControlTable[VM_CMP]	  = &VM_Function::CODE_CMP;
+
+	ControlTable[VM_SHR] = &VM_Function::CODE_SHR;
+	ControlTable[VM_SHL] = &VM_Function::CODE_SHL;
+	ControlTable[VM_AND] = &VM_Function::CODE_AND;
+	ControlTable[VM_OR] = &VM_Function::CODE_OR;
+
+	ControlTable[VM_STRLEN_CALL]  = &VM_Function::CODE_STRLEN_CALL;
+	ControlTable[VM_EXIT]	  = &VM_Function::CODE_EXIT;
+
+#ifdef _DEBUG
+	ControlTable[VM_DEBUG_BREAK] = &VM_Function::CODE_DBG_BREAK;
+#endif
+
+}
+#ifdef _DEBUG
+void VM_Function::CODE_DBG_BREAK(PVMDATA vm_data)
+{
+	printf("\n===== VM Debug BreakPoint  =====\n");
+	Debug_PrintStack();
+	printf(" EAX:  %x\n EBX:  %x\n Zflag: %d\n Sflag: %d\n", vm_data->EAX, vm_data->EBX, vm_data->ZFLAG, vm_data->SFLAG);
+	getchar();
+}
+#endif
+void VM_Function::CODE_X00_START()
+{
+	printf("VM_Start\n");
+}
+void VM_Function::CODE_PUSH(PVMDATA vm_data)
+{
+	DWORD reg = *((vm_data->CODE)+2);
+	switch ((*(++vm_data->CODE))&0x70)
+	{
+	case PUSH_EAX:
+		Stack_Push(vm_data->EAX);
+		break;
+	case PUSH_EBX:
+		Stack_Push(vm_data->EBX);
+		break;
+	case PUSH_MEM:
+		Stack_Pop(&reg);
+	
+		switch ((*vm_data->CODE) & 0x7)
+		{
+		case PUSH_MEM_BYTE:
+			reg = *(BYTE*)reg;
+			break;
+		case PUSH_MEM_WORD:
+			reg = *(WORD*)reg;
+			break;
+		case PUSH_MEM_DWORD:
+			reg = *(DWORD*)reg;
+			break;
+		default:
+			break;
+		}
+		Stack_Push(reg);
+		break;
+	case PUSH_NUM:
+		Stack_Push(reg);
+		(vm_data->CODE)++;
+		break;
+	default:
+		break;
+	}
+	
+}
+
+void VM_Function::CODE_POP(PVMDATA vm_data)
+{
+	DWORD reg = 0;
+	BYTE DataB = 0;
+	WORD DataW = 0;
+	DWORD DataDW = 0;
+	DWORD Addr = 0;
+	switch ((*(++vm_data->CODE)) & 0x70)
+	{
+	case POP_EAX:
+		Stack_Pop(&(vm_data->EAX));
+		break;
+	case POP_EBX:
+		Stack_Pop(&(vm_data->EBX));
+		break;
+	case POP_MEM:
+		
+		Stack_Pop(&Addr);
+		Stack_Pop(&reg);
+		
+		switch ((*vm_data->CODE) & 0x7)
+		{
+		case POP_MEM_BYTE:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataB, al
+				pop eax
+			}
+			*(BYTE*)Addr = DataB;
+			break;
+		case POP_MEM_WORD:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataW, ax
+				pop eax
+			}
+			*(WORD*)Addr = DataW;
+			break;
+		case POP_MEM_DWORD:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataDW,eax
+				pop eax
+			}
+			*(DWORD*)Addr = DataDW;
+			break;
+		default:
+			break;
+		}
+		//(vm_data->CODE)++;
+		break;
+	case POP_DEL:
+		Stack_Pop(&reg);
+		break;
+	default:
+		break;
+	}
+
+}
+
+void VM_Function::CODE_ADD( PVMDATA vm_data)
+{
+	
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] += reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((S->vmStack[S->TopOfStack]) == 0);
+	vm_data->SFLAG = ((S->vmStack[S->TopOfStack]) < 0);
+}
+void VM_Function::CODE_SUB(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] -= reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((S->vmStack[S->TopOfStack]) == 0);
+	vm_data->SFLAG = ((S->vmStack[S->TopOfStack]) & 0x80000000);
+}
+void VM_Function::CODE_XOR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] ^= reg;
+	
+}
+void VM_Function::CODE_SHR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] = S->vmStack[S->TopOfStack] >> reg;
+}
+void VM_Function::CODE_SHL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] = S->vmStack[S->TopOfStack] << reg;
+}
+void VM_Function::CODE_OR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] |= reg;
+}
+void VM_Function::CODE_AND(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] &= reg;
+}
+void VM_Function::CODE_JMP( PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg );
+	(vm_data->CODE)++;
+	if (Jump_From_EIP == *(vm_data->CODE))
+		vm_data->CODE = (vm_data->CODE) + (reg);
+	else if (Jump_From_OEP == *(vm_data->CODE))
+		vm_data->CODE = (PDWORD)(vm_data->OEP) + (reg);
+	
+}
+void VM_Function::CODE_JZ( PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	(vm_data->CODE)++;
+	if (vm_data->ZFLAG)
+	{
+		if (Jump_From_EIP == *(vm_data->CODE))
+			vm_data->CODE = (vm_data->CODE) + (reg);
+		else if (Jump_From_OEP == *(vm_data->CODE))
+			vm_data->CODE = (PDWORD)(vm_data->OEP) + (reg);
+
+		vm_data->ZFLAG = 0;
+	}
+	
+}
+void VM_Function::CODE_CMP(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	reg = (S->vmStack[(S->TopOfStack) - 1]) - (S->vmStack[S->TopOfStack]);
+	vm_data->ZFLAG = (reg == 0);
+	
+}
+
+void VM_Function::CODE_STRLEN_CALL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	DWORD STRLEN_RET = 0;
+	Stack_Pop(&reg);
+	STRLEN_RET = strlen((char*)(reg));
+	Stack_Push(STRLEN_RET);
+}
+void VM_Function::CODE_FAKE_CALL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	StartVM((PDWORD)reg);
+	Stack_Push(VM_RET);
+}
+void VM_Function::CODE_EXIT(PVMDATA vm_data)
+{
+	vm_data->CODE = 0x0;
+#ifdef _DEBUG
+	Debug_PrintStack();
+#endif
+}
+//
+BOOL VM_Function::StartVM(PDWORD vmCode)
+{
+	VMDATA vm_data;
+	//Stack vm_Stack = CreateVmStack(64);
+
+	vm_data.OEP = (DWORD)(vmCode-2);
+	vm_data.CODE = vmCode;
+
+	vm_data.EAX = 0;
+	vm_data.EBX = 0;
+	//vm_data.ECX = 0;
+
+	vm_data.SFLAG = FALSE;
+	vm_data.ZFLAG = FALSE;
+	
+	
+	while (vm_data.CODE++)
+	{
+		DWORD XXXX = *(vm_data.CODE);
+		callname = ControlTable[*(vm_data.CODE)];
+		(this->*callname)(&vm_data);
+		
+	
+		
+	}
+	return FALSE;
+}
\ No newline at end of file
diff --git "a/RE-HCTF_450/C_easy_VMP_4/\344\273\243\347\240\201\344\277\256\346\224\271\347\211\210\346\234\2544.txt" "b/RE-HCTF_450/C_easy_VMP_4/\344\273\243\347\240\201\344\277\256\346\224\271\347\211\210\346\234\2544.txt"
new file mode 100644
index 0000000..b2434ac
--- /dev/null
+++ "b/RE-HCTF_450/C_easy_VMP_4/\344\273\243\347\240\201\344\277\256\346\224\271\347\211\210\346\234\2544.txt"
@@ -0,0 +1,15 @@
+
+¡£¡£¡£¡£ÓÉÓÚ¸÷ÖÖµ°ÌÛµÄÔ­Òò£¬µÚ4°æµÄÍê³É°æ±»¸²¸ÇÇÒÎÞ·¨»¹Ô­ÁË£¬Ö±½Ó¿´µÚÎå°æ°É
+
+ºËÐÄÔ­ÀíÏàÍ¬¡£
+¸Ä±ä£º
+Ö÷ÒªÈÎÎñ£ºÍêÉÆËã·¨
+
+°ëÐéÄâ»¯¸÷ÖÖÑ­»·²Ù×÷£¨ÕýÔÚÏëÐ´³ÉÊ²Ã´Ñù£©
+Ê¹ÓÃÒ»Ð©ÆæÝâ´úÂë£¿£¨ÔÚÏëÄØ£©
+¼òÒ×¼ÓÃÜÖ¸Áî	(Î´Íê³É)
+¼òÒ×»¨Ö¸Áî	£¨Î´Íê³É£©
+
+ÆäËüÐÞ¸Ä£º
+×Ö½ÚÂë²»ÔÙ´ÓÍ·¼ÓÔØ£¬´ÓÖÐ¼ä¼ÓÔØ£¬ÆäËü¿É×÷ÎªÊý¾Ý»òÕß×Óº¯Êý´¦Àí¡£
+VM_DATA±»É¾³ý£¬Ìí¼ÓVM_RETÓÃÓÚVM_CALLµÄ·µ»Ø
diff --git "a/RE-HCTF_450/C_easy_VMP_4/\344\273\243\347\240\201\350\231\232\346\213\237\347\272\246\345\256\232.txt" "b/RE-HCTF_450/C_easy_VMP_4/\344\273\243\347\240\201\350\231\232\346\213\237\347\272\246\345\256\232.txt"
new file mode 100644
index 0000000..f3c488a
--- /dev/null
+++ "b/RE-HCTF_450/C_easy_VMP_4/\344\273\243\347\240\201\350\231\232\346\213\237\347\272\246\345\256\232.txt"
@@ -0,0 +1,28 @@
+×Ô¼ºÎ¬»¤Ò»¸öÕ»Óë¼¸¸ö¼Ä´æÆ÷£¬±êÖ¾Î»ÓÃÓÚÐéÄâ»¯´úÂë¡£
+¢ÙÐéÄâ»¯ºËÐÄÔ­Àí
+´úÂë²ð½â£º
+mov-->push,pop
+add-->push,push,VM_add,pop
+jmp-->push Á¢¼´Êý,jmp ¼ÆËãcode
+
+cmpÖ¸ÁîÓësubÖ¸ÁîÓÃadd´úÌæ£¿
+
+Ë«²Ù×÷ÊýÖ¸ÁîÔ¼¶¨£º
+pop³öÒ»¸öÓëÕ»ÖÐºóÒ»¸ö²Ù×÷¡£ËùÒÔÏÈÈëÕ»µÄÓÃÓÚ´¢´æ½á¹û
+
+Î±Ö¸ÁîÓë×Ô¶¨ÒåÖ¸Áî£º
+¿¼ÂÇÌâÄ¿ÄÑ¶È½øÐÐÐÞ¸Ä¡£
+
+callÖ¸Áî£º
+¿¼ÂÇ×Ô¼º·â×°ÖÐ¡£¡£¡£
+
+²»¿ÉÐéÄâÖ¸Áî£º
+ÔÝÎÞ´úÂë¡£ÐèÒªÔÝÊ±ÍË³öÐéÄâ»¯£¬»¹Ô­»·¾³µ÷ÓÃ¡£
+
+
+
+
+¢ÚÐéÄâ»¯»ìÏý£º
+Ë¼Â·1£¬ret´úÂë»ìÏý¡£
+Ë¼Â·2£¬ÂÒÐòÕûÀí¡£
+Ë¼Â·3£¬Ö¸ÁîÅòÕÍ¡£
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP.sln b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP.sln
new file mode 100644
index 0000000..97e6793
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP.sln
@@ -0,0 +1,25 @@
+ï»¿
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "C_easy_VMP", "C_easy_VMP\C_easy_VMP.vcxproj", "{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Debug|Win32.Build.0 = Debug|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.ActiveCfg = Release|Win32
+		{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(Performance) = preSolution
+		HasPerformanceSessions = true
+	EndGlobalSection
+EndGlobal
diff --git a/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/C_easy_VMP.vcxproj b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/C_easy_VMP.vcxproj
new file mode 100644
index 0000000..5e5a35b
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/C_easy_VMP.vcxproj
@@ -0,0 +1,94 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C460CB7F-F7D7-4F3E-B186-E28B05EFD922}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>C_easy_VMP</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp" />
+    <ClCompile Include="Stack.cpp" />
+    <ClCompile Include="VMmain.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="Code_Define.h" />
+    <ClInclude Include="Stack.h" />
+    <ClInclude Include="VM.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/C_easy_VMP.vcxproj.filters b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/C_easy_VMP.vcxproj.filters
new file mode 100644
index 0000000..3b2d11d
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/C_easy_VMP.vcxproj.filters
@@ -0,0 +1,39 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="æºæ–‡ä»¶">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="å¤´æ–‡ä»¶">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="èµ„æºæ–‡ä»¶">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="MainEntry.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="VMmain.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="Stack.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="VM.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="Stack.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="Code_Define.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/Code_Define.h b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/Code_Define.h
new file mode 100644
index 0000000..ddbc346
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/Code_Define.h
@@ -0,0 +1,58 @@
+#include <Windows.h>
+#define General_VM 0x10
+enum myVm
+{
+	VM_X00_START = 0,
+
+	VM_PUSH, //ºËÐÄ´úÂë
+	VM_POP,
+
+	VM_ADD,	//¼ÆËã´úÂë
+	VM_SUB,
+	VM_XOR,
+	VM_CMP,
+			//Âß¼­´úÂë
+	VM_SHR,
+	VM_SHL,
+	VM_AND,
+	VM_OR,
+
+	VM_JMP, //Ìø×ª´úÂë
+	VM_JZ,
+	VM_EXIT_SUCCESS,
+	
+#ifdef _DEBUG
+	VM_DEBUG_BREAK,
+#endif
+	VM_STRLEN_CALL,//CALL´úÂë£¿£¿
+	VM_FAKE_CALL,
+
+	VM_EXIT_FAIL
+
+};
+enum Code_Push_Parameter
+{
+	PUSH_EAX = 0x10,
+	PUSH_EBX = 0x20,
+	PUSH_MEM = 0x30,
+	PUSH_NUM = 0x40,
+	PUSH_MEM_BYTE = 0x1,
+	PUSH_MEM_WORD = 0x2,
+	PUSH_MEM_DWORD= 0x4
+
+};
+enum Code_Pop_Parameter
+{
+	POP_EAX = 0x10,
+	POP_EBX = 0x20,
+	POP_MEM = 0x30,
+	POP_DEL = 0x40,
+	POP_MEM_BYTE = 0x1,
+	POP_MEM_WORD = 0x2,
+	POP_MEM_DWORD= 0x4
+};
+enum Code_JumpFun
+{
+	Jump_From_EIP = 0x10,
+	Jump_From_OEP = 0X20
+};
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/MainEntry.cpp b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/MainEntry.cpp
new file mode 100644
index 0000000..47c621a
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/MainEntry.cpp
@@ -0,0 +1,883 @@
+#include <cstdio>
+#include <Windows.h>
+#include "Stack.h"
+#include "VM.h"
+
+int main()
+{
+
+	char Check_HCTF[] = "\x7b\x70\x6a\x67\x72\x73\x75\x55\x44\x32\x48\x50\x11\x12\x13\x14\x15";
+	
+	char Select_check_1[] = "0123456789qazwsxedcrtgbyhnujmiolp";
+	char Cmp_check_1[] = "\x38\x7a\x34\x72\x6e\x65\x36";
+	char Cmp_check_2[] = "\x38\x36\x33\x6e\x74\x36\x65";
+#ifdef _DEBUG
+	char stringIn[] = "HCTF{123412341234123489}";
+	printf("addr1 = %x \n", stringIn);
+	printf("addr2 = %d \n", Check_HCTF);
+#else
+	char stringIn[40] = {0};
+	scanf_s("%s", stringIn, 40);
+#endif
+	/*
+	DWORD CODE[] =
+	{ 
+	VM_X00_START, 
+	VM_PUSH, PUSH_NUM, (DWORD)stringIn, //NUM1  push addr of input Str
+		
+	VM_POP,POP_EBX,
+	VM_PUSH,PUSH_EBX,				//EBX = ADDR STR
+
+	VM_STRLEN_CALL, //pop addr, call strlen, push result
+
+	VM_PUSH, PUSH_NUM, 0x0,	//NUNM2 push 0x0 i = 0
+	VM_CMP,			//cmp <-----
+
+	VM_PUSH, PUSH_NUM, 0x23,	//push NUM3 is jum to exit
+	VM_JZ, Jump_From_EIP,		//pop NUM3 JZ  (18)
+	 
+	VM_POP,POP_EAX,		//pop eax  ;eax = i
+
+	VM_PUSH,PUSH_EBX,	//EBX: push addr of input Str
+	VM_PUSH,PUSH_EAX,	//PUSH i
+	
+	VM_ADD,				//Pop i ,add i str
+	VM_PUSH,PUSH_MEM|PUSH_MEM_BYTE, //POP STR, FIND BYTE STR, PUSH result
+	VM_PUSH,PUSH_NUM,0x6,    //num push 6 (6)
+	VM_XOR,					 //pop 6,top xor 6
+
+	VM_PUSH,PUSH_EBX,	//EBX: push addr of input Str
+	VM_PUSH,PUSH_EAX,	//PUSH i
+	VM_ADD,				//Pop i ,add i str
+	VM_POP,POP_MEM|POP_MEM_BYTE,//pop addr,pop result, Set That addr      
+
+	VM_PUSH,PUSH_EAX,	//EAX = i
+	VM_PUSH,PUSH_NUM,0x1,	//NUM = 1
+	VM_ADD,			//I = I+1
+	VM_POP,POP_EAX,		//eax = i
+	VM_PUSH,PUSH_EAX,	//
+
+	VM_PUSH,PUSH_NUM,-0x29,	//NUM5  jmp code
+	VM_JMP, Jump_From_EIP,		//circle jmp
+	VM_EXIT };
+	*/
+	DWORD CALL_END_4[] =
+	{
+		/////////////////////////Data and function/////////////////////
+		VM_EXIT_FAIL,//END
+		VM_EXIT_FAIL,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		////JMP_TO_ENCODE
+		VM_PUSH, PUSH_NUM, 78,
+		VM_JMP, Jump_From_EIP,
+		////ÐèÒª½âÃÜµÄ´úÂë//////////////
+		////////////////////////////////
+		VM_X00_START,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 0x8,
+		VM_JMP, Jump_From_EIP,//JMP_TO_CODE
+		//Êý¾Ý¶Î
+		0x32,
+		0x3C,
+		0x41,
+		0x43,
+		0x36,
+		0x40,
+		0x48,
+		0xFF,
+		//
+		VM_PUSH, PUSH_NUM, (DWORD)CALL_END_4,
+		VM_PUSH, PUSH_NUM, 64,//datasec!!
+		VM_ADD,//¼ÆËãÆ÷Êý¾Ý¶Î
+		VM_POP, POP_EAX,//EAX = STRIN
+
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_POP, POP_EBX,//EBX = i
+
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM_DWORD | PUSH_MEM,
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		//BUG
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_JMP, Jump_From_OEP,
+		//
+		VM_PUSH, PUSH_NUM, 0x4,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_NUM, 28,
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-46,//BACK
+		VM_JMP,Jump_From_EIP,
+		VM_EXIT_SUCCESS,
+		0xAABBCCDD,
+		//////////////////////////////
+		////////////////////////////////
+		VM_PUSH, PUSH_NUM, (DWORD)(CALL_END_4 + 8),
+		VM_POP, POP_EAX,   ///EAX = addr need change
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_POP, POP_EBX, ///EBX = i
+
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_DWORD,	//GET
+		VM_PUSH, PUSH_NUM, 0xAABBCCDD,
+		VM_CMP,
+		VM_POP, POP_DEL,
+
+		VM_PUSH, PUSH_NUM, 24,
+		VM_JZ, Jump_From_EIP,
+
+		//×ö´¦Àí
+		//VM_PUSH, PUSH_NUM, 0x31,
+		//VM_XOR,
+		VM_PUSH,PUSH_NUM,0xFFFFFFFF,
+		VM_AND,
+		//
+		////////
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_POP, POP_MEM | POP_MEM_DWORD,		//SET
+		VM_PUSH, PUSH_EBX,
+		VM_PUSH, PUSH_NUM, 0x4,///£¡£¡£¡£¡£¡
+		VM_ADD,
+		VM_POP, POP_EBX,
+		VM_PUSH, PUSH_NUM, -42,
+		VM_JMP, Jump_From_EIP,
+		//Ñ­»·´¦Àí
+		
+		//jmp»ØÈ¥
+		VM_PUSH, PUSH_NUM, 0x8,
+		VM_JMP, Jump_From_OEP,
+		///////FUN2////
+		VM_POP, POP_DEL,
+		VM_EXIT_SUCCESS,
+	};
+	const DWORD FUNC_CHECK_1[] =
+	{
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		VM_PUSH,PUSH_NUM,15,//JMP TO MAIN
+		VM_JMP,Jump_From_EIP,
+		//////////FUN1////////////
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_EBX,
+		VM_PUSH, PUSH_NUM, (DWORD)Select_check_1,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_PUSH, PUSH_NUM,20, 
+		VM_JMP,Jump_From_EIP,
+		/////////////////////////
+		VM_POP,POP_EAX,	//EAX = IN
+		VM_PUSH,PUSH_NUM,0,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0xF8000000,
+		VM_AND,
+		
+		VM_PUSH,PUSH_NUM,27,
+		VM_SHR,
+
+		//JMP TO FUNTION
+		VM_PUSH,PUSH_NUM,0x7,
+		VM_JMP,Jump_From_OEP,
+		//END
+
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH,PUSH_NUM, 0x5,
+		VM_SHL,
+		VM_PUSH,PUSH_NUM,0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-39,
+		VM_JMP,Jump_From_EIP,
+		VM_EXIT_SUCCESS,
+	};
+	DWORD FUNC_CHECK_2[]
+	{
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		VM_X00_START,
+//////////////////////////////////////////////	
+
+		VM_POP,POP_EAX, //EAX = PARA1 ChangeCode
+		VM_POP,POP_EBX, //EBX = PARA2 strin
+		
+		VM_PUSH,PUSH_NUM,0x0,//Ñ¹Õ»ÓÃÓÚ¼ÆÊý
+		
+		VM_PUSH,PUSH_EBX,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0xF0000000,	//È¡Ç°¼¸¸öÊý
+		VM_AND,
+		
+		VM_PUSH,PUSH_NUM,0x1C,
+		VM_SHR,//ÒÆÎ»´¦Àí
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_SHR,
+		VM_PUSH,PUSH_NUM,0x2,
+		VM_SHL,
+
+		VM_SHL,//ÒÆÎ»¼ÆËã³ö½á¹û
+		
+		VM_PUSH, PUSH_NUM, 0xF0000000,
+		VM_AND,//È¥³ý¸ÉÈÅ
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x4,
+		VM_SHL,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-49,
+		VM_JMP,Jump_From_EIP,
+		///////
+		VM_PUSH,PUSH_NUM,0,
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM,28,
+		VM_POP,POP_EAX,
+
+		VM_PUSH, PUSH_EAX,//<---
+		VM_SHR,
+	
+		VM_PUSH,PUSH_EBX,
+		VM_OR,
+		VM_POP,POP_EBX,
+		
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x4,
+		VM_SUB,
+		VM_POP,POP_EAX,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-32,
+		VM_JMP,Jump_From_EIP,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_EBX,
+		VM_EXIT_SUCCESS,
+		
+	};
+	DWORD FUN_CHECK_3_FUN_1[] = 
+	{
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		VM_X00_START,
+//////////////////////////////////////////////
+		VM_POP,POP_DEL,
+		//Ò»´ÎÂÒÐò
+		VM_PUSH, PUSH_NUM, 0xFDB97531,
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_2,
+		VM_FAKE_CALL,
+		VM_POP, POP_DEL,
+		VM_EXIT_SUCCESS,
+	};
+	DWORD FUN_CHECK_3_FUN_2[] =
+	{
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		VM_X00_START,
+		//////////////////////////////////////////////
+		VM_POP, POP_DEL,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_EAX,
+		//Ò»´ÎÂÒÐò
+		VM_PUSH, PUSH_NUM, 0xE0000000,
+		VM_AND,
+		VM_PUSH, PUSH_NUM, 29,
+		VM_SHR,
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_NUM, 3,
+		VM_SHL,
+		VM_OR,
+		VM_EXIT_SUCCESS,
+	};
+	DWORD FUNC_CHECK_3X1[] =
+	{
+		/////////////////////////Data and function/////////////////////
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		////JMP_TO_ENCODE
+		VM_PUSH,PUSH_NUM,11,
+		VM_JMP,Jump_From_EIP,
+		////ÐèÒª½âÃÜµÄ´úÂë//////////////
+		VM_X00_START ^ 0x28,
+		VM_PUSH^0x28,
+		PUSH_NUM ^ 0x28,
+		(DWORD)FUN_CHECK_3_FUN_1 ^ 0x28,
+		VM_FAKE_CALL ^ 0x28,
+		VM_PUSH ^ 0x28,
+		PUSH_NUM ^ 0x28,
+		58 ^ 0x28,
+		VM_JMP ^ 0x28,
+		Jump_From_EIP ^ 0x28,
+		0xFFFFAAAA,
+		////////////////////////////////
+		VM_PUSH, PUSH_NUM, (DWORD)(FUNC_CHECK_3X1 + 8),
+		VM_POP,POP_EAX,   ///EAX = addr need change
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_POP,POP_EBX, ///EBX = i
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_DWORD,	//GET
+		VM_PUSH, PUSH_NUM, 0xFFFFAAAA,
+		VM_CMP,
+		VM_POP,POP_DEL,
+	
+		VM_PUSH,PUSH_NUM,24,
+		VM_JZ,Jump_From_EIP,
+
+		//×ö´¦Àí
+		VM_PUSH,PUSH_NUM,0x28,
+		VM_XOR,
+		////////
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_POP,POP_MEM | POP_MEM_DWORD,		//SET
+		VM_PUSH,PUSH_EBX,
+		VM_PUSH,PUSH_NUM,0x4,///£¡£¡£¡£¡£¡
+		VM_ADD,
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM, -42,
+		VM_JMP,Jump_From_EIP,
+		//Ñ­»·´¦Àí
+		
+		//jmp»ØÈ¥
+		VM_PUSH,PUSH_NUM,0x8,
+		VM_JMP,Jump_From_OEP,
+		///////FUN2////
+		VM_POP,POP_DEL,
+		VM_EXIT_SUCCESS,
+		
+	};
+	DWORD FUNC_CHECK_3X2[] = 
+	{
+		/////////////////////////Data and function/////////////////////
+		VM_EXIT_SUCCESS,
+		VM_EXIT_SUCCESS,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		////JMP_TO_ENCODE
+		VM_PUSH, PUSH_NUM, 11,
+		VM_JMP, Jump_From_EIP,
+		////ÐèÒª½âÃÜµÄ´úÂë//////////////
+		VM_X00_START ^ 0x28,
+		VM_PUSH ^ 0x28,
+		PUSH_NUM ^ 0x28,
+		(DWORD)FUN_CHECK_3_FUN_2 ^ 0x28,
+		VM_FAKE_CALL ^ 0x28,
+		VM_PUSH ^ 0x28,
+		PUSH_NUM ^ 0x28,
+		58 ^ 0x28,
+		VM_JMP ^ 0x28,
+		Jump_From_EIP ^ 0x28,
+		0xFFFFAAAA,
+		////////////////////////////////
+		VM_PUSH, PUSH_NUM, (DWORD)(FUNC_CHECK_3X2 + 8),
+		VM_POP, POP_EAX,   ///EAX = addr need change
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_POP, POP_EBX, ///EBX = i
+
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_DWORD,	//GET
+		VM_PUSH, PUSH_NUM, 0xFFFFAAAA,
+		VM_CMP,
+		VM_POP, POP_DEL,
+
+		VM_PUSH, PUSH_NUM, 24,
+		VM_JZ, Jump_From_EIP,
+
+		//×ö´¦Àí
+		VM_PUSH, PUSH_NUM, 0x28,
+		VM_XOR,
+		////////
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_POP, POP_MEM | POP_MEM_DWORD,		//SET
+		VM_PUSH, PUSH_EBX,
+		VM_PUSH, PUSH_NUM, 0x4,///£¡£¡£¡£¡£¡
+		VM_ADD,
+		VM_POP, POP_EBX,
+		VM_PUSH, PUSH_NUM, -42,
+		VM_JMP, Jump_From_EIP,
+		//Ñ­»·´¦Àí
+
+		//jmp»ØÈ¥
+		VM_PUSH, PUSH_NUM, 0x8,
+		VM_JMP, Jump_From_OEP,
+		///////FUN2////
+		VM_POP, POP_DEL,
+		VM_EXIT_SUCCESS,
+	};
+	DWORD CODE[] =
+	{
+		/////////////////////////Data and function/////////////////////
+		VM_EXIT_FAIL,
+		VM_EXIT_FAIL,
+		/////////////////////////Code Start/////////////////////////////
+		VM_X00_START,
+		/////////////////////////fun1 strlen////////////////////////////////
+		VM_PUSH, PUSH_NUM, (DWORD)stringIn, //NUM1  push addr of input Str  *stack 1
+		VM_POP, POP_EBX,
+		VM_PUSH, PUSH_EBX,					//EBX = ADDR STR
+		VM_PUSH, PUSH_EBX,					//±£´æÒ»´Î addr of input str
+		VM_STRLEN_CALL,						//pop addr, call strlen, push result *stack1
+		VM_PUSH, PUSH_NUM, 0x18,			
+		VM_CMP,								//¼ÆËã³¤¶ÈÊÇ·ñÎª24  *stack 2
+
+		VM_PUSH, PUSH_NUM, 0x7,			    //push jmp next func(jmpto_fun2)  *stack 3
+		VM_JZ, Jump_From_EIP,				//pop and JZ  (18)	*stack 2
+		VM_PUSH, PUSH_NUM, 0,				//jmp code to Fail   *stack 3
+		VM_JMP, Jump_From_OEP,				//jmp   *stack 2
+		///////////////////////fun2 xor HCTF{//////////////////////////////
+
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä£¨¿ÉÒÔÉ¾³ý£©*Stack 1 topofStack:length of addr 
+		VM_PUSH, PUSH_NUM, 0x5,				//HCTF{ 5¸ö
+		VM_PUSH, PUSH_NUM, 0x0,				//push 0x0 i = 0  *Stack 2
+		VM_CMP,			//cmp <-----
+
+		VM_PUSH, PUSH_NUM, 0x23,	//push NUM3 is jum to exit
+		VM_JZ, Jump_From_EIP,		//pop NUM3 JZ  (18)
+
+		VM_POP, POP_EAX,		//pop eax  ;eax = i
+		VM_PUSH, PUSH_EBX,	//EBX: push addr of input Str
+		VM_PUSH, PUSH_EAX,	//PUSH i
+		VM_ADD,				//Pop i ,add i str
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE, //POP STR, FIND BYTE STR, PUSH result
+		VM_PUSH, PUSH_NUM, 0x33,    //num push 0x33 
+		VM_XOR,					 //pop 0x33,top xor 0x33
+
+		VM_PUSH, PUSH_EBX,			   //EBX: push addr of input Str
+		VM_PUSH, PUSH_EAX,			   //PUSH i
+		VM_ADD,						   //Pop i ,add i str
+		VM_POP, POP_MEM | POP_MEM_BYTE,//pop addr,pop result, Set That addr     
+
+		VM_PUSH, PUSH_EAX,	//EAX = i
+		VM_PUSH, PUSH_NUM, 0x1,	//NUM = 1
+		VM_ADD,			//I = I+1
+		VM_POP, POP_EAX,		//eax = i
+		VM_PUSH, PUSH_EAX,	//
+
+		VM_PUSH, PUSH_NUM, -0x29,	//NUM5  jmp code
+		VM_JMP, Jump_From_EIP,		//circle jmp
+		////////////////func check last '}'///////////////////////////
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä *Stack 2 topofStack:length of addr X 2
+		VM_PUSH, PUSH_EBX,					//EBX: push addr of input Str
+		VM_ADD,								 //Pop STR ,add 24  str
+		VM_PUSH, PUSH_NUM, 0x1,
+		VM_SUB,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+	
+		VM_PUSH, PUSH_NUM, 0x33,		//num push 0x33 
+		VM_XOR,							//pop 0x33,top xor 0x33
+		VM_PUSH, PUSH_NUM, 0x4E,		//num push 0x4e
+		VM_CMP,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0,				//jmp code to Fail   *stack 3
+		VM_JMP, Jump_From_OEP,
+		///////////////////func push HCTF{ xor 0x33////////////////////////////////
+
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä 
+		
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_SUB,
+		VM_POP, POP_EAX,
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH,PUSH_NUM,0x5,		//Jmp to next Fun
+		VM_JZ, Jump_From_EIP,
+		
+		VM_PUSH,PUSH_NUM, -0x23,	//Circle Jmp
+		VM_JMP, Jump_From_EIP,
+		///////////////////fun check HCTF{/////////////////////////////////////
+
+
+		VM_PUSH,PUSH_NUM,0,
+		VM_POP,POP_EBX,				//EBX = i		
+		VM_PUSH, PUSH_NUM, (DWORD)Check_HCTF,
+		VM_POP,POP_EAX,				//EAX = ADDR Check_HCTF
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_EAX,			//EAX = EAX+i
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_CMP,
+		VM_PUSH,PUSH_NUM,0x5,  // <------ok
+		
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_JMP,Jump_From_OEP,  //  <----- Fail
+
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä 
+		
+		VM_PUSH,PUSH_EBX,
+		VM_PUSH,PUSH_NUM,1,
+
+		VM_ADD,
+		VM_POP,POP_EBX,
+
+		VM_PUSH,PUSH_EBX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_CMP,
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä 
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, -0x36,
+		VM_JMP,Jump_From_EIP,
+
+		///////////////////fun Ñ¹ËõÈëÕ»Ä£¿é//////////////////////////////
+
+		
+		VM_POP,POP_EAX,					//EAX = strlen(Input Str)
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_POP,POP_EBX,					//EBX = ADDR STR IN
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EAX,
+		VM_XOR,
+		VM_POP,POP_EAX,
+		VM_PUSH, PUSH_EAX,					//Õâ¸ö¿Õ¼ä´æ·Å×ÅÄÇ¸ö½á¹û
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x4,
+		VM_CMP,
+		VM_PUSH,PUSH_NUM,28,//£¡£¡£¡
+		VM_JZ,Jump_From_EIP,
+		VM_POP, POP_DEL,					//Æ½ºâÕ»¿Õ¼ä
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_NUM,0x3,
+		VM_SHL,
+		VM_SHL,
+		VM_OR,
+
+		
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_ADD,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,-39,//£¡£¡£¡
+		VM_JMP,Jump_From_EIP,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_POP,POP_EAX,
+
+		VM_PUSH,PUSH_EBX,
+		VM_STRLEN_CALL,
+
+		VM_PUSH,PUSH_NUM,0x3,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-74,
+		
+		VM_JMP,Jump_From_EIP,
+		VM_POP,POP_DEL,
+
+		//////////////////////FUNC_CHECK_1//////////////////////
+	
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_1,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		
+		/////////////±È½Ï
+		VM_PUSH, PUSH_NUM, (DWORD)Cmp_check_1,
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_POP,POP_EAX,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_XOR,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		+
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_JMP,Jump_From_OEP,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,13,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_PUSH,PUSH_EAX,
+		VM_ADD,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,-50,
+		VM_JMP,Jump_From_EIP,
+
+		/////////////////////fun_check_2////////////////////////
+		//////Ò»´ÎÂÒÐò
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,0xFDB97531,
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_2,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_EAX,
+		////////////////////Ñ­»·Î»ÒÆ//////
+		VM_PUSH,PUSH_NUM,0xE0000000,
+		VM_AND,
+		VM_PUSH,PUSH_NUM,29,
+		VM_SHR,
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,3,
+		VM_SHL,
+		VM_OR,
+
+		//////////////////2´ÎÂÒÐò/////
+		VM_PUSH, PUSH_NUM, 0xFDB97531,
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_2,
+		VM_FAKE_CALL,
+		VM_POP, POP_DEL,
+		VM_POP, POP_EAX,
+		VM_PUSH, PUSH_EAX,
+		
+		//////////Ò»´ÎÑ¡Ôñ
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_1,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		
+		/////////×îÖÕ±È½Ï
+		VM_PUSH, PUSH_NUM, (DWORD)Cmp_check_2,
+		VM_POP, POP_EBX,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_POP, POP_EAX,
+
+		VM_PUSH, PUSH_EAX,
+		VM_PUSH, PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_XOR,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_JMP, Jump_From_OEP,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 13,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0x1,
+		VM_PUSH, PUSH_EAX,
+		VM_ADD,
+		VM_POP, POP_EAX,
+		VM_PUSH, PUSH_NUM, -50,
+		VM_JMP, Jump_From_EIP,
+		VM_POP,POP_DEL,
+
+		///
+		////////////////////////FUN_CHECK_3,HARD////////////////////////////
+		/////
+		//1´ÎÂÒÐò
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_3X1,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		//À¬»øÖ¸Áî//
+		VM_PUSH,0x1000,
+		VM_POP,0x1000,
+		//end//
+		//1´ÎÑ­»·ÒÆÎ»
+		VM_PUSH, PUSH_NUM, (DWORD)FUNC_CHECK_3X2,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		//1´ÎÑ¡Ôñ
+		VM_POP,POP_EAX,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x1F,
+		VM_AND,
+		VM_PUSH,PUSH_NUM,0x30,
+		VM_ADD,
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_SHR,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,-34,
+		VM_JMP,Jump_From_EIP,
+		/////////×Ô½âÃÜÑ­»·±È½Ï´úÂë//////
+		
+	
+		VM_PUSH, PUSH_NUM, (DWORD)CALL_END_4,
+		VM_FAKE_CALL,
+		VM_POP,POP_DEL,
+		///////////////////×îºóÒ»ÂÖÒà»ò±È½Ï£¬·À×÷±×¡£
+		VM_PUSH,PUSH_NUM,12,
+		VM_ADD,
+		VM_POP,POP_EAX,
+		VM_PUSH,PUSH_NUM,0,
+		VM_POP,POP_EBX,//EBX = i,
+
+		VM_PUSH,PUSH_EAX,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,17,//1
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x22,
+		VM_XOR,
+		VM_PUSH,PUSH_NUM,0x1,
+		VM_PUSH,PUSH_EBX,
+		VM_ADD,
+		VM_POP,POP_EBX,
+		VM_PUSH,PUSH_NUM,-35,//1
+		VM_JMP,Jump_From_EIP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_DEL,
+		//////
+		VM_PUSH,PUSH_NUM,0x1b,//@1
+		VM_CMP,
+		VM_POP,POP_DEL,
+		VM_POP,POP_DEL,
+		VM_PUSH,PUSH_NUM,0x5,
+		VM_JZ,Jump_From_EIP,
+		VM_PUSH,PUSH_NUM,0x0,
+		VM_JMP,Jump_From_OEP,
+		/////
+		VM_PUSH, PUSH_NUM, 0x1A,//@2
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_JMP, Jump_From_OEP,
+		/////
+		VM_PUSH, PUSH_NUM, 0x16,//@3
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_JMP, Jump_From_OEP,
+		///
+		VM_PUSH, PUSH_NUM, 0x11,//@4
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_JMP, Jump_From_OEP,
+		///
+		VM_PUSH, PUSH_NUM, 0x10,//@5
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_JMP, Jump_From_OEP,
+		////
+		VM_PUSH, PUSH_NUM, 0x13,//@6
+		VM_CMP,
+		VM_POP, POP_DEL,
+		VM_POP, POP_DEL,
+		VM_PUSH, PUSH_NUM, 0x5,
+		VM_JZ, Jump_From_EIP,
+		VM_PUSH, PUSH_NUM, 0x0,
+		VM_JMP, Jump_From_OEP,
+
+		VM_EXIT_SUCCESS,
+	};
+	
+	VM_Function Fun1(64);
+	Fun1.StartVM(CODE+2);
+	/*printf("VM_2:%x\n", (int*)*(int*)(&Fun1));
+	
+	if (!strcmp(stringIn, "745230"))
+	{
+		printf("YOU GOT IT\n");
+	}
+	else
+	{
+		printf("SORRY FAIL\n");
+	}*/
+#ifdef _DEBUG
+	printf("%s\n", stringIn);
+	for (int i = 0; i < strlen(stringIn); i++)
+	{
+		printf("%3d  ( %3x ) ( %3c )\n", i, stringIn[i], stringIn[i]);
+	}
+#endif
+	printf("====================================\n");
+	printf("============YOU GOT IT!=============\n");
+	printf("====================================\n");
+	return 0;
+}
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/Stack.cpp b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/Stack.cpp
new file mode 100644
index 0000000..2a5cbf2
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/Stack.cpp
@@ -0,0 +1,31 @@
+#include "Stack.h"
+
+//¼ÇµÃfree
+VM_STACK::VM_STACK(int MaxSize)
+{
+	if (MaxSize < 1)
+		Error("Error the Stack is too small\n");
+	S = (VM_Stack *)malloc(sizeof(struct VM_Stack));
+	if (S == NULL)
+		Error("Create Stack Malloc Fail CODE 1");
+	S->vmStack = (PDWORD)malloc(sizeof(DWORD)*MaxSize);
+	if (S->vmStack == NULL)
+		Error("Create Stack Malloc Fail CODE 2");
+	memset(S->vmStack, sizeof(DWORD)*MaxSize, 0);
+	S->capacity = MaxSize;
+	S->TopOfStack = 0;
+
+}
+void VM_STACK::Stack_Push(DWORD xxx)
+{
+	S->vmStack[++S->TopOfStack] = xxx;
+}
+void VM_STACK::Stack_Pop(PDWORD xxx)
+{
+	*xxx = S->vmStack[S->TopOfStack--];
+}
+void VM_STACK::Error(char* xxx)
+{
+	printf("%s,LastError = %d", xxx, GetLastError());
+	exit(-1);
+}
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/Stack.h b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/Stack.h
new file mode 100644
index 0000000..4c75167
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/Stack.h
@@ -0,0 +1,40 @@
+#include <Windows.h>
+#include <stdio.h>
+#pragma once
+class VM_STACK
+{
+	struct VM_Stack
+	{
+		int capacity;
+		int TopOfStack;
+		PDWORD vmStack;
+	};
+	typedef struct VM_Stack *Stack;
+protected:
+	Stack S;
+	
+	//BOOL StartVM(PBYTE vmCode, PDWORD vmData);
+	
+public:
+	VM_STACK(int MaxSize);//CreateStack
+	void Stack_Push(DWORD xxx);
+	void Stack_Pop(PDWORD xxx);
+#ifdef _DEBUG
+	void Debug_PrintStack()
+	{
+		printf("\n");
+		for (int i = 0; i <= S->TopOfStack; i++)
+			printf("Stack :  %d   ( %x )\n",i,S->vmStack[i]);
+		printf("\n");
+	}
+#endif
+	~VM_STACK()
+	{
+		free(S->vmStack);
+		free(S);
+	}
+private:
+	
+	void Error(char* xxx);
+
+};
diff --git a/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/VM.h b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/VM.h
new file mode 100644
index 0000000..b30ef88
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/VM.h
@@ -0,0 +1,63 @@
+#include <map>
+#include <cstdio>
+#include "Stack.h"
+#include "Code_Define.h"
+class VM_Function:public VM_STACK
+{
+	typedef struct _VMDATA
+	{
+
+		DWORD EAX;
+		DWORD EBX;
+
+		DWORD OEP;
+		PDWORD CODE;
+		PDWORD DATA;
+
+		BOOL  SFLAG;		//·ûºÅ±êÖ¾
+		BOOL  ZFLAG;		//Áã±êÖ¾
+
+	} VMDATA, *PVMDATA;
+
+	typedef void(VM_Function::*ProcessFuncPtr)(PVMDATA);
+
+	//typedef void(VM_Function::*ProcessTest)();
+	//ProcessTest calltest;
+
+	std::map<int, ProcessFuncPtr> ControlTable;
+	ProcessFuncPtr callname;
+	
+public:
+	VM_Function(int datax) ;
+	BOOL StartVM(PDWORD vmCode);
+
+private:
+	virtual void CODE_X00_START();
+	void CODE_PUSH(PVMDATA vm_data);
+	void CODE_POP(PVMDATA vm_data);
+
+	
+	void CODE_ADD(PVMDATA vm_data);
+	void CODE_SUB(PVMDATA vm_data);
+	void CODE_XOR(PVMDATA vm_data);
+	void CODE_JMP(PVMDATA vm_data);
+	void CODE_JZ(PVMDATA vm_data);
+	void CODE_CMP(PVMDATA vm_data);
+	//Âß¼­Ö¸Áî
+	void CODE_SHR(PVMDATA vm_data);
+	void CODE_SHL(PVMDATA vm_data);
+	void CODE_AND(PVMDATA vm_data);
+	void CODE_OR(PVMDATA vm_data);
+
+	//CALLÖ¸Áî
+	void CODE_STRLEN_CALL(PVMDATA vm_data);
+	void CODE_FAKE_CALL(PVMDATA vm_data);
+	//ÐéÄâ»·¾³±ä»¯Ö¸Áî
+	void CODE_EXIT_SUCCESS(PVMDATA vm_data);
+	void CODE_EXIT_FAIL(PVMDATA vm_data);
+#ifdef _DEBUG
+	void CODE_DBG_BREAK(PVMDATA vm_data);
+#endif
+	//×Óº¯Êý·µ»ØÖµ
+	DWORD VM_RET;
+};
\ No newline at end of file
diff --git a/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/VMmain.cpp b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/VMmain.cpp
new file mode 100644
index 0000000..af66002
--- /dev/null
+++ b/RE-HCTF_450/C_easy_VMP_5/C_easy_VMP/VMmain.cpp
@@ -0,0 +1,303 @@
+#include "VM.h"
+VM_Function::VM_Function(int datax) :VM_STACK(datax)
+{
+	ControlTable[VM_X00_START] = 0x00;
+	ControlTable[VM_PUSH]	   = &VM_Function::CODE_PUSH;
+
+	ControlTable[VM_POP]	  = &VM_Function::CODE_POP;
+	ControlTable[VM_ADD]	  = &VM_Function::CODE_ADD;
+	ControlTable[VM_SUB]	  = &VM_Function::CODE_SUB;
+	ControlTable[VM_XOR]	  = &VM_Function::CODE_XOR;
+	ControlTable[VM_JMP]	  = &VM_Function::CODE_JMP;
+	ControlTable[VM_JZ]		  = &VM_Function::CODE_JZ;
+	ControlTable[VM_CMP]	  = &VM_Function::CODE_CMP;
+
+	ControlTable[VM_SHR] = &VM_Function::CODE_SHR;
+	ControlTable[VM_SHL] = &VM_Function::CODE_SHL;
+	ControlTable[VM_AND] = &VM_Function::CODE_AND;
+	ControlTable[VM_OR] = &VM_Function::CODE_OR;
+
+	ControlTable[VM_STRLEN_CALL]  = &VM_Function::CODE_STRLEN_CALL;
+	ControlTable[VM_FAKE_CALL] = &VM_Function::CODE_FAKE_CALL;
+	ControlTable[VM_EXIT_SUCCESS] = &VM_Function::CODE_EXIT_SUCCESS;
+	ControlTable[VM_EXIT_FAIL] = &VM_Function::CODE_EXIT_FAIL;
+
+#ifdef _DEBUG
+	ControlTable[VM_DEBUG_BREAK] = &VM_Function::CODE_DBG_BREAK;
+#endif
+
+}
+#ifdef _DEBUG
+void VM_Function::CODE_DBG_BREAK(PVMDATA vm_data)
+{
+	printf("\n===== VM Debug BreakPoint  =====\n");
+	Debug_PrintStack();
+	printf(" EAX:  %x\n EBX:  %x\n Zflag: %d\n Sflag: %d\n", vm_data->EAX, vm_data->EBX, vm_data->ZFLAG, vm_data->SFLAG);
+	getchar();
+}
+#endif
+void VM_Function::CODE_X00_START()
+{
+	printf("VM_Start\n");
+}
+void VM_Function::CODE_PUSH(PVMDATA vm_data)
+{
+	DWORD reg = *((vm_data->CODE)+2);
+	switch ((*(++vm_data->CODE))&0x70)
+	{
+	case PUSH_EAX:
+		Stack_Push(vm_data->EAX);
+		break;
+	case PUSH_EBX:
+		Stack_Push(vm_data->EBX);
+		break;
+	case PUSH_MEM:
+		Stack_Pop(&reg);
+	
+		switch ((*vm_data->CODE) & 0x7)
+		{
+		case PUSH_MEM_BYTE:
+			reg = *(BYTE*)reg;
+			break;
+		case PUSH_MEM_WORD:
+			reg = *(WORD*)reg;
+			break;
+		case PUSH_MEM_DWORD:
+			reg = *(DWORD*)reg;
+			break;
+		default:
+			break;
+		}
+		Stack_Push(reg);
+		break;
+	case PUSH_NUM:
+		Stack_Push(reg);
+		(vm_data->CODE)++;
+		break;
+	default:
+		break;
+	}
+	
+}
+
+void VM_Function::CODE_POP(PVMDATA vm_data)
+{
+	DWORD reg = 0;
+	BYTE DataB = 0;
+	WORD DataW = 0;
+	DWORD DataDW = 0;
+	DWORD Addr = 0;
+	switch ((*(++vm_data->CODE)) & 0x70)
+	{
+	case POP_EAX:
+		Stack_Pop(&(vm_data->EAX));
+		break;
+	case POP_EBX:
+		Stack_Pop(&(vm_data->EBX));
+		break;
+	case POP_MEM:
+		
+		Stack_Pop(&Addr);
+		Stack_Pop(&reg);
+		
+		switch ((*vm_data->CODE) & 0x7)
+		{
+		case POP_MEM_BYTE:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataB, al
+				pop eax
+			}
+			*(BYTE*)Addr = DataB;
+			break;
+		case POP_MEM_WORD:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataW, ax
+				pop eax
+			}
+			*(WORD*)Addr = DataW;
+			break;
+		case POP_MEM_DWORD:
+			
+			_asm
+			{
+				push eax
+				xor eax, eax
+				mov eax, reg
+				mov DataDW,eax
+				pop eax
+			}
+			*(DWORD*)Addr = DataDW;
+			break;
+		default:
+			break;
+		}
+		//(vm_data->CODE)++;
+		break;
+	case POP_DEL:
+		Stack_Pop(&reg);
+		break;
+	default:
+		break;
+	}
+
+}
+
+void VM_Function::CODE_ADD( PVMDATA vm_data)
+{
+	
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] += reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((S->vmStack[S->TopOfStack]) == 0);
+	vm_data->SFLAG = ((S->vmStack[S->TopOfStack]) < 0);
+}
+void VM_Function::CODE_SUB(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] -= reg;
+	//FLAG¸Ä±ä
+	vm_data->ZFLAG = ((S->vmStack[S->TopOfStack]) == 0);
+	vm_data->SFLAG = ((S->vmStack[S->TopOfStack]) & 0x80000000);
+}
+void VM_Function::CODE_XOR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] ^= reg;
+	
+}
+void VM_Function::CODE_SHR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] = S->vmStack[S->TopOfStack] >> reg;
+}
+void VM_Function::CODE_SHL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] = S->vmStack[S->TopOfStack] << reg;
+}
+void VM_Function::CODE_OR(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] |= reg;
+}
+void VM_Function::CODE_AND(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	S->vmStack[S->TopOfStack] &= reg;
+}
+void VM_Function::CODE_JMP( PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg );
+	(vm_data->CODE)++;
+	if (Jump_From_EIP == *(vm_data->CODE))
+		vm_data->CODE = (vm_data->CODE) + (reg);
+	else if (Jump_From_OEP == *(vm_data->CODE))
+		vm_data->CODE = (PDWORD)(vm_data->OEP) + (reg);
+	
+}
+void VM_Function::CODE_JZ( PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	(vm_data->CODE)++;
+	if (vm_data->ZFLAG)
+	{
+		if (Jump_From_EIP == *(vm_data->CODE))
+			vm_data->CODE = (vm_data->CODE) + (reg);
+		else if (Jump_From_OEP == *(vm_data->CODE))
+			vm_data->CODE = (PDWORD)(vm_data->OEP) + (reg);
+
+		vm_data->ZFLAG = 0;
+	}
+	
+}
+void VM_Function::CODE_CMP(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	reg = (S->vmStack[(S->TopOfStack) - 1]) - (S->vmStack[S->TopOfStack]);
+	vm_data->ZFLAG = (reg == 0);
+	
+}
+
+void VM_Function::CODE_STRLEN_CALL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	DWORD STRLEN_RET = 0;
+	Stack_Pop(&reg);
+	STRLEN_RET = strlen((char*)(reg));
+	Stack_Push(STRLEN_RET);
+}
+void VM_Function::CODE_FAKE_CALL(PVMDATA vm_data)
+{
+	DWORD reg = NULL;
+	Stack_Pop(&reg);
+	StartVM((PDWORD)reg+2);
+	Stack_Push(VM_RET);
+}
+void VM_Function::CODE_EXIT_SUCCESS(PVMDATA vm_data)
+{
+	vm_data->CODE = 0x0;
+#ifdef _DEBUG
+	Debug_PrintStack();
+#endif
+}
+void VM_Function::CODE_EXIT_FAIL(PVMDATA vm_data)
+{
+	vm_data->CODE = 0x0;
+	printf("Sorry Fail, Try Again\n");
+	getchar();
+	exit(1);
+#ifdef _DEBUG
+	printf("============END===========\n");
+	printf("============END===========\n");
+	printf("============END===========\n");
+	Debug_PrintStack();
+	exit(1);
+#endif
+}
+//
+BOOL VM_Function::StartVM(PDWORD vmCode)
+{
+	VMDATA vm_data;
+	//Stack vm_Stack = CreateVmStack(64);
+
+	vm_data.OEP = (DWORD)(vmCode-2);
+	vm_data.CODE = vmCode;
+
+	vm_data.EAX = 0;
+	vm_data.EBX = 0;
+	//vm_data.ECX = 0;
+
+	vm_data.SFLAG = FALSE;
+	vm_data.ZFLAG = FALSE;
+	
+	
+	while (vm_data.CODE++)
+	{
+		DWORD XXXX = *(vm_data.CODE);
+		callname = ControlTable[*(vm_data.CODE)];
+		(this->*callname)(&vm_data);
+		
+	
+		
+	}
+	return FALSE;
+}
\ No newline at end of file
diff --git "a/RE-HCTF_450/C_easy_VMP_5/\344\273\243\347\240\201\344\277\256\346\224\271\347\211\210\346\234\2545.txt" "b/RE-HCTF_450/C_easy_VMP_5/\344\273\243\347\240\201\344\277\256\346\224\271\347\211\210\346\234\2545.txt"
new file mode 100644
index 0000000..4b6e857
--- /dev/null
+++ "b/RE-HCTF_450/C_easy_VMP_5/\344\273\243\347\240\201\344\277\256\346\224\271\347\211\210\346\234\2545.txt"
@@ -0,0 +1,10 @@
+ºËÐÄÔ­ÀíÏàÍ¬¡£
+¸Ä±ä£º
+Ö÷ÒªÈÎÎñ£º
+.ÍêÈ«ÐéÄâ»¯´ó²¿·Öµ÷ÓÃº¯Êý£¨ÊÇ·ñÊ¹ÓÃnativeº¯Êý£©
+.Ìí¼Ó×Ô½âÃÜ²¿·Ö
+.³¢ÊÔÊ¹ÓÃ×Ö½ÚÂë¸´ÓÃ¼¼Êõ
+.Ç¿»¯¼Ó½âÃÜÐ£Ñé¹¦ÄÜ
+.Ð´³öflag¡¶==¡·exeÉú³É³ÌÐò
+
+	//ÕâÓ¦¸ÃÊÇÍê³É°æÁË£¬²»»áÓÐ¸ü´óµÄ¸Ä¶¯ÁË
\ No newline at end of file
diff --git "a/RE-HCTF_450/C_easy_VMP_5/\344\273\243\347\240\201\350\231\232\346\213\237\347\272\246\345\256\232.txt" "b/RE-HCTF_450/C_easy_VMP_5/\344\273\243\347\240\201\350\231\232\346\213\237\347\272\246\345\256\232.txt"
new file mode 100644
index 0000000..f3c488a
--- /dev/null
+++ "b/RE-HCTF_450/C_easy_VMP_5/\344\273\243\347\240\201\350\231\232\346\213\237\347\272\246\345\256\232.txt"
@@ -0,0 +1,28 @@
+×Ô¼ºÎ¬»¤Ò»¸öÕ»Óë¼¸¸ö¼Ä´æÆ÷£¬±êÖ¾Î»ÓÃÓÚÐéÄâ»¯´úÂë¡£
+¢ÙÐéÄâ»¯ºËÐÄÔ­Àí
+´úÂë²ð½â£º
+mov-->push,pop
+add-->push,push,VM_add,pop
+jmp-->push Á¢¼´Êý,jmp ¼ÆËãcode
+
+cmpÖ¸ÁîÓësubÖ¸ÁîÓÃadd´úÌæ£¿
+
+Ë«²Ù×÷ÊýÖ¸ÁîÔ¼¶¨£º
+pop³öÒ»¸öÓëÕ»ÖÐºóÒ»¸ö²Ù×÷¡£ËùÒÔÏÈÈëÕ»µÄÓÃÓÚ´¢´æ½á¹û
+
+Î±Ö¸ÁîÓë×Ô¶¨ÒåÖ¸Áî£º
+¿¼ÂÇÌâÄ¿ÄÑ¶È½øÐÐÐÞ¸Ä¡£
+
+callÖ¸Áî£º
+¿¼ÂÇ×Ô¼º·â×°ÖÐ¡£¡£¡£
+
+²»¿ÉÐéÄâÖ¸Áî£º
+ÔÝÎÞ´úÂë¡£ÐèÒªÔÝÊ±ÍË³öÐéÄâ»¯£¬»¹Ô­»·¾³µ÷ÓÃ¡£
+
+
+
+
+¢ÚÐéÄâ»¯»ìÏý£º
+Ë¼Â·1£¬ret´úÂë»ìÏý¡£
+Ë¼Â·2£¬ÂÒÐòÕûÀí¡£
+Ë¼Â·3£¬Ö¸ÁîÅòÕÍ¡£
\ No newline at end of file
diff --git a/RE-HCTF_450/ReadMe.txt b/RE-HCTF_450/ReadMe.txt
new file mode 100644
index 0000000..e954319
--- /dev/null
+++ b/RE-HCTF_450/ReadMe.txt
@@ -0,0 +1,186 @@
+/*¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª*/
+//ÌâÄ¿Ãû£ºÀ´¿´¿´³öÌâÈË·èÁËÃ»ÓÐ
+//¿ª·¢»·¾³:VS2013
+/*¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª*/
+/////////////////////////////////////////////////////////////////////
+
+ËµÉù±§Ç¸£¬±¾À´ÕâÌâÃ»ÄÇÃ´±äÌ¬µÄ£¬ÓÉÓÚ×Ô¼º³öÌâµÄÊ±ºò²»¶ÏÓÐÐÂµÄÏë·¨£¬²»¶ÏÍùÀïÃæ¼ÓËùÒÔ³öÁË6¸ö°æ±¾£¬µ¼ÖÂÁËÕâÌâ´úÂëÉÏÇ§£¬¼¸ºõ²»¿ÉÄÜÔÚ¼¸¸öÐ¡Ê±ÄÚÄæ³öÀ´¡£
+
+////////////////////////////////////////////////////////////////////
+¼ò½é£º
+¸ß·ÖÄæÏòÌâÄ¿£¬Ô­À´ÕâµÀÌâÃ»ÄÇÃ´ÄÑµÄ£¬µ«ÊÇÔ½³öÔ½²»¶Ô¾¢£¬ÄãÃÇ×Ô¼º¿´°É¡£
+×î³õË¼Â·À´Ô´ÓÚBCTFµÄRE300Âëº£Ñ°×Ù£¬×Ô¼ºÎ¬»¤Ò»¸ö¶ÑÕ»ÐéÄâ»ú£¬±àÂëÒ»Ì××Ô¼ºµÄ×Ö½ÚÂë²Ù×÷Ö¸Áî¡£
+²Î¿¼×ÊÁÏ£º¼ÓÃÜÓë½âÃÜÐéÄâ»ú¼ÓÃÜ²¿·Ö¡£
+////////////////////////////////////////////////////////////////////
+ÎÄ¼þ£º
+C_easy_VMP,Ê¹ÓÃcÓïÑÔ±àÐ´µÄ×î¼òµ¥demon
+C_easy_VMP_2,¸ÄÓÃc++ÁË£¬½«Ô­À´µÄswitchcase±äÎªÒ»¸öÌø×ª±í¡£
+C_easy_VMP_3,ÓÅ»¯ºó½«Êý¾ÝÓë²Ù×÷»ìºÏÁË£¬Ê¹ÓÃµ¥±íÐÎÊ½¡£
+C_easy_VMP_4,Ìí¼ÓÁË¸ü¶àµÄÖ¸Áî¡£¡£¡£¡£µÚËÄ°æµÄÍê³É°æÔÚÒ»´ÎÐÞ¸ÄµÄÊ±ºò²»Ð¡ÐÄ±»¸²¸ÇÁË£¬¾Í±ð¿´ÁË¡£
+C_easy_VMP_5,Ö¸ÁîÍê³É£¬²Î¿¼x86¡£
+Íê³É°æ£º¾ÍÊÇÌâÄ¿ÁË£¬Ìí¼ÓÐéÄâcallÖ¸Áî£¬²¿·Ö»ìÏý´úÂë
+///////////////////////////////////////////////////////////////////
+///////////////////////////////////////////////////////////////////
+
+
+×Ö½ÚÂëÖ¸Áî£º
+Ìø×ª±í¡£
+	ControlTable[VM_X00_START] = 0x00;			
+	ControlTable[VM_PUSH]	   = &VM_Function::CODE_PUSH;
+
+	ControlTable[VM_POP]	  = &VM_Function::CODE_POP;
+	ControlTable[VM_ADD]	  = &VM_Function::CODE_ADD;
+	ControlTable[VM_SUB]	  = &VM_Function::CODE_SUB;
+	ControlTable[VM_XOR]	  = &VM_Function::CODE_XOR;
+	ControlTable[VM_JMP]	  = &VM_Function::CODE_JMP;
+	ControlTable[VM_JZ]		  = &VM_Function::CODE_JZ;
+	ControlTable[VM_CMP]	  = &VM_Function::CODE_CMP;
+
+	ControlTable[VM_SHR] = &VM_Function::CODE_SHR;
+	ControlTable[VM_SHL] = &VM_Function::CODE_SHL;
+	ControlTable[VM_AND] = &VM_Function::CODE_AND;
+	ControlTable[VM_OR] = &VM_Function::CODE_OR;
+
+	ControlTable[VM_STRLEN_CALL]  = &VM_Function::CODE_STRLEN_CALL;
+	ControlTable[VM_FAKE_CALL] = &VM_Function::CODE_FAKE_CALL;
+	ControlTable[VM_EXIT_SUCCESS] = &VM_Function::CODE_EXIT_SUCCESS;
+	ControlTable[VM_EXIT_FAIL] = &VM_Function::CODE_EXIT_FAIL;
+
+#ifdef _DEBUG
+	ControlTable[VM_DEBUG_BREAK] = &VM_Function::CODE_DBG_BREAK;
+#endif
+
+
+
+[VM_X00_START] Ã»ÓÃµÄ±êÖ¾£¬±íÊ¾Ò»¸ö´úÂëµÄÆðÊ¼¡£
+
+[VM_PUSH]	   
+enum Code_Push_Parameter
+{
+	PUSH_EAX = 0x10,
+	PUSH_EBX = 0x20,
+	PUSH_MEM = 0x30,
+	PUSH_NUM = 0x40,
+	PUSH_MEM_BYTE = 0x1,
+	PUSH_MEM_WORD = 0x2,
+	PUSH_MEM_DWORD= 0x4
+
+};
+ÏòÕ»ÖÐPUSHÒ»¸öÊý¾Ý£¬²Ù×÷ÊýÎª2Ôª»ò3Ôª£¬Ê¾Àý£º
+1.VM_PUSH, PUSH_MEM | PUSH_MEM_BYTE,³öÕ»Ò»¸öµØÖ·£¬È¡BYTEµØÖ·£¬ÈëÕ»¡£
+2.VM_PUSH,PUSH_NUM,0x0,ÈëÕ»0
+
+[VM_POP]	
+enum Code_Pop_Parameter
+{
+	POP_EAX = 0x10,
+	POP_EBX = 0x20,
+	POP_MEM = 0x30,
+	POP_DEL = 0x40,
+	POP_MEM_BYTE = 0x1,
+	POP_MEM_WORD = 0x2,
+	POP_MEM_DWORD= 0x4
+};Í¬ÉÏ¡£
+
+[VM_ADD]	
+³öÕ»2¸öÊý¾Ý£¬Ïà¼ÓÖ®ºó£¬ÈëÕ»
+
+	  
+[VM_SUB]	  
+Í¬ÉÏ
+
+
+[VM_XOR]	  
+Í¬ÉÏ
+
+[VM_JMP]	  
+¶þÔª²Ù×÷
+³öÕ»Ò»¸öÌø×ª³¤¶È
+enum Code_JumpFun
+{
+	Jump_From_EIP = 0x10,	//ÏÂÒ»¸öµØÖ·ÎªÌø×ª»ùµØÖ·
+	Jump_From_OEP = 0X20	//Èë¿ÚµãÎªÌø×ª»ùµØÖ·
+};
+ÀýÈç£º
+VM_PUSH,PUSH_NUM,0x0,
+VM_JMP,Jump_From_OEP,
+±íÊ¾µ÷µ½¿ªÍ·¡£
+
+[VM_JZ]		  
+Í¬ÉÏ£¬²»¹ýÒªÅÐ¶ÏZ±êÖ¾Î»ÊÇ·ñÌø×ª¡£
+
+
+[VM_CMP]	  
+±È½ÏÕ»¶¥µÄ2¸öÖµ£¬ÉèÖÃZÓëS flag£¬Í¬x86
+
+
+[VM_SHR] 
+¶þÔª²Ù×÷£¬³öÒ»¸öÓÒÒÆÎ»Êý£¬ÔÙ³öÒ»¸öÊýÖµ£¬ÓÒÒÆºó·Å»ØÕ»ÖÐ¡£
+
+
+[VM_SHL] 
+Í¬ÉÏ¡£
+
+[VM_AND] 
+Í¬XOR
+
+[VM_OR] 
+Í¬XOR
+
+[VM_STRLEN_CALL]  
+·â×°strlen
+
+[VM_FAKE_CALL] 
+ÆôÓÃÒ»¶ÎÐÂµÄÐéÄâ×Ö½ÚÂë£¬ÓëÔ­×Ö½ÚÂëÊ¹ÓÃ²»Í¬µÄ¼Ä´æÆ÷£¬ÏàÍ¬µÄÕ»¡£
+
+
+[VM_EXIT_SUCCESS] 
+·µ»Ø³É¹¦£¨you got it£©
+
+
+[VM_EXIT_FAIL] 
+·µ»ØÊ§°Ü£¨Try again£©
+
+
+[VM_DEBUG_BREAK] 
+ÔÚDebugÊ±ÓÃÓÚdebug×Ö½ÚÂëµÄÖ¸Áî£¬»áÏÔÊ¾¶ÑÕ»Óë¼Ä´æÆ÷¡£
+
+
+////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////
+
+»ìÏý·½Ê½£º
+1.À¬»øÖ¸Áî¡£
+ÀýÈç£º
+		//À¬»øÖ¸Áî//
+		VM_PUSH,0x1000,
+		VM_POP,0x1000,
+²»»á±»×Ö½ÚÂë½âÊÍÆ÷Ö´ÐÐ»òÕßÖ´ÐÐºóÃ»ÓÐÈÎºÎÒâÒåµÄÖ¸Áî¡£
+
+2.×Ö½ÚÂë×Ô½âÃÜ
+ÀýÈç£º
+		////ÐèÒª½âÃÜµÄ´úÂë//////////////
+		VM_X00_START ^ 0x28,
+		VM_PUSH ^ 0x28,
+		PUSH_NUM ^ 0x28,
+		(DWORD)FUN_CHECK_3_FUN_2 ^ 0x28,
+		VM_FAKE_CALL ^ 0x28,
+		VM_PUSH ^ 0x28,
+		PUSH_NUM ^ 0x28,
+		58 ^ 0x28,
+		VM_JMP ^ 0x28,
+		Jump_From_EIP ^ 0x28,
+		0xFFFFAAAA,
+
+Õâ¶Î´úÂëÈ«²¿Òà»òÁË0x28£¬ÔÚÔËÐÐÊ±×Ô½âÃÕÈ»ºóÔÙÔËÐÐ¡£
+
+
+3.ÂÒÐò
+³öÌâÈËÀÁµÃÐ´ÁË¡£
+
+4.Ñ­»·Î»ÒÆ
+ºÃÂé·³°¡£¬²»Ð´ÁË¡£
+
+/////////////////////////////////////////////////////////////////////////////////
+Ô´Âë¶¼¸øÄãÃÇÁË¡£¡£¡£¡£¡£×Ô¼º°É
+/////////////
diff --git a/RE-HCTF_450/git_fire.bat b/RE-HCTF_450/git_fire.bat
new file mode 100644
index 0000000..8ee872b
--- /dev/null
+++ b/RE-HCTF_450/git_fire.bat
@@ -0,0 +1,4 @@
+git add -A
+git commit
+git push origin master
+pause
\ No newline at end of file
diff --git a/re150/Debug/re200.exe b/re150/Debug/re200.exe
new file mode 100644
index 0000000..bb2cf52
Binary files /dev/null and b/re150/Debug/re200.exe differ
diff --git a/re150/Release/re200.exe b/re150/Release/re200.exe
new file mode 100644
index 0000000..9251e8d
Binary files /dev/null and b/re150/Release/re200.exe differ
diff --git a/re150/re200.sln b/re150/re200.sln
new file mode 100644
index 0000000..f1a8537
--- /dev/null
+++ b/re150/re200.sln
@@ -0,0 +1,22 @@
+ï»¿
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "re200", "re200\re200.vcxproj", "{7F28123C-1A59-410D-A160-83A9A7889FE7}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{7F28123C-1A59-410D-A160-83A9A7889FE7}.Debug|Win32.ActiveCfg = Debug|Win32
+		{7F28123C-1A59-410D-A160-83A9A7889FE7}.Debug|Win32.Build.0 = Debug|Win32
+		{7F28123C-1A59-410D-A160-83A9A7889FE7}.Release|Win32.ActiveCfg = Release|Win32
+		{7F28123C-1A59-410D-A160-83A9A7889FE7}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/re150/re200.v12.suo b/re150/re200.v12.suo
new file mode 100644
index 0000000..109e7f3
Binary files /dev/null and b/re150/re200.v12.suo differ
diff --git a/re150/re200/9.bmp b/re150/re200/9.bmp
new file mode 100644
index 0000000..1654753
Binary files /dev/null and b/re150/re200/9.bmp differ
diff --git a/re150/re200/9.jpg b/re150/re200/9.jpg
new file mode 100644
index 0000000..40c7e9b
Binary files /dev/null and b/re150/re200/9.jpg differ
diff --git a/re150/re200/IncludeAll.h b/re150/re200/IncludeAll.h
new file mode 100644
index 0000000..e7fe879
--- /dev/null
+++ b/re150/re200/IncludeAll.h
@@ -0,0 +1,8 @@
+#include <Windows.h>
+#include <cstdio>
+#include <ctime>
+#include <iostream>
+
+#include <process.h>
+
+#include "resource1.h"
diff --git a/re150/re200/Main.cpp b/re150/re200/Main.cpp
new file mode 100644
index 0000000..fa003bf
--- /dev/null
+++ b/re150/re200/Main.cpp
@@ -0,0 +1,85 @@
+#include "IncludeAll.h"
+
+int rou = 0;
+
+LRESULT CALLBACK DlgProc(HWND hDlg, UINT Message, WPARAM wParam, LPARAM lParam);
+
+unsigned _stdcall Make_HunTun1(void* param);
+
+unsigned _stdcall Make_HunTun2(void* param);
+
+int WINAPI WinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPSTR lpCmdLine, _In_ int nShowCmd)
+{
+#ifdef _DEBUG
+	FILE *stream;	//debugÏÂÐèÒªÒ»¸ö¿ØÖÆÌ¨Êä³öµ÷ÊÔÐÅÏ¢
+	AllocConsole();
+	freopen_s(&stream, "CONOUT$", "w", stdout);
+#endif
+	srand((int)time(NULL));
+
+	//·´µ÷ÊÔ¼ì²é1
+	//CheckRemoteDebuggerPresent
+	if (OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId()) == NULL)
+		printf("Ìðµ³ÍòËê\n");
+	else
+	{
+		BOOL judge;
+
+		if (0 == CheckRemoteDebuggerPresent(OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId()), &judge))
+			printf("Ìðµ³ÍòËê\n");
+		else
+		{
+			if (judge == TRUE)
+			{
+				//
+				exit(-1);
+			}
+			else
+			{
+				//
+			}
+		}
+	}
+	//
+
+	HANDLE handle_huntun1 = (HANDLE)_beginthreadex(NULL, 0, Make_HunTun1, NULL, NULL, NULL);
+	if (NULL == handle_huntun1)
+	{
+		printf("Ìðµ³ÍòËê\n");
+	}
+	HANDLE handle_huntun2 = (HANDLE)_beginthreadex(NULL, 0, Make_HunTun2, NULL, NULL, NULL);
+	if (NULL == handle_huntun2)
+	{
+		CloseHandle(handle_huntun1);
+		printf("Ìðµ³ÍòËê\n");
+	}
+
+	DialogBoxW(hInstance, MAKEINTRESOURCE(IDD_DIALOG1), NULL, (DLGPROC)DlgProc);
+
+	CloseHandle(handle_huntun1);
+	CloseHandle(handle_huntun2);
+	return 0;
+}
+
+unsigned _stdcall Make_HunTun1(void* param)
+{
+	for (;;)
+	{
+
+		rou = 1;
+		Sleep(10);
+
+	}
+	return 0;
+}
+unsigned _stdcall Make_HunTun2(void* param)
+{
+	for (;;)
+	{
+
+		rou = 2;
+		Sleep(10);
+
+	}
+	return 0;
+}
\ No newline at end of file
diff --git a/re150/re200/MainDlgProc.cpp b/re150/re200/MainDlgProc.cpp
new file mode 100644
index 0000000..cae9dc2
--- /dev/null
+++ b/re150/re200/MainDlgProc.cpp
@@ -0,0 +1,273 @@
+#include "IncludeAll.h"
+unsigned _stdcall Check_ThreadProc(void* param);
+BOOL Main_Check(char *str);
+BOOL CheckHCTF(char *str5,char last);
+int FindSpace_MainCheck(char *str, char x, int num);
+char chaos = 3;
+
+char  SeriesL[] = "abcdefghijklmnopqrstuvwxyz";
+char  SeriesH[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+int Code1[12] = { 0 };
+
+int Maincjeckaaa[] = { 102, 100, 200, 104, 117,117, 20, 11, 104, 21, 104, 18 };
+
+volatile char CHECK_1[] = "\x33\x30\x31\x36";
+
+
+extern int rou;
+LRESULT CALLBACK DlgProc(HWND hDlg_MainProc, UINT Message, WPARAM wParam, LPARAM lParam)
+{
+	static HWND ButtonCheck = NULL;
+	static HWND EditControl = NULL;
+	static HANDLE handle_Check = NULL;
+	static int PS = 0x22;
+
+	char EnterText[30] = { 0 };
+	switch (Message)
+	{
+	case WM_SETCURSOR:
+		if ((DWORD)ButtonCheck == wParam)
+		{
+			
+			if (PS == 0x22)
+			{
+				MoveWindow(ButtonCheck, 10, 10, 80, 35, TRUE);
+				PS = 0x15;
+			}
+			else if (0x15 == PS)
+			{
+				MoveWindow(ButtonCheck, 20, 230, 80, 35, TRUE);
+				PS = 0x18;
+			}
+			else if (0x18 == PS)
+			{
+				MoveWindow(ButtonCheck, 350, 230, 80, 35, TRUE);
+				PS = 0x22;
+			}
+		}
+		break;
+
+	case WM_COMMAND:
+		if (HIWORD(wParam) == 0)
+		{
+			switch (LOWORD(wParam))
+			{
+			case IDC_Button1:
+
+				GetWindowTextA(EditControl, EnterText, 30);
+				
+				//check strlen
+				int x = strlen(EnterText);
+				if (x != 22)
+				{
+					MessageBox(0, L"Try Again", L"Fail", 0);
+					break;
+				}
+				//check HCTF{}
+				if (FALSE == CheckHCTF(EnterText, EnterText[x-1]))
+				{
+					MessageBox(0, L"Try Again", L"Fail", 0);
+					break;
+				}
+				//check¡ª¡ªencode
+				if (FALSE == Main_Check(EnterText))
+				{
+					MessageBox(0, L"Try Again", L"Fail", 0);
+					break;
+				}
+
+				//âÆâ½¼Ó½âÃÜºËÐÄ
+				for (int i = 0; i < 100; i++)
+				{
+					
+					int xor = rou^chaos;
+					if (xor > 0)//È¥µô2¸ö´íÎóÇé¿ö
+					{
+						
+						//½âÃÜx·´×÷±×flag	Òà»ò±È½Ï
+						
+						if ((EnterText[17] ^ xor) == CHECK_1[0] &&
+							(EnterText[18] ^ xor) == CHECK_1[1] &&
+							(EnterText[19] ^ xor) == CHECK_1[2] &&
+							(EnterText[20] ^ xor) == CHECK_1[3])
+						{
+							//ÅÐ¶Ï³É¹¦½øÈëÏÂÒ»½×¶Î£¬ÂÒÐò
+							int exchange = 0;
+							//0Óë6»»Î»
+							exchange = Code1[0];
+							Code1[0] = Code1[6];
+							Code1[6] = exchange;
+							//3Óë8»»Î»
+							exchange = Code1[3];
+							Code1[3] = Code1[8];
+							Code1[8] = exchange;
+							//2Óë5»»Î»
+							exchange = Code1[2];
+							Code1[2] = Code1[5];
+							Code1[5] = exchange;
+							//11Óë4»»Î»
+							exchange = Code1[11];
+							Code1[11] = Code1[4];
+							Code1[4] = exchange;
+							//Ñ­»·½øÐÐ±È½Ï
+
+							for (int a = 0; a < 12; a++)
+							{
+								
+								if (Maincjeckaaa[a] != Code1[a])
+								{
+									MessageBox(0, L"Try Again", L"Fail", 0);
+									exit(-1);
+								}
+							}
+							//×îºóÅÐ¶ÏxorÊÇ·ñÎª2
+							if (xor != 2)
+							{
+								
+								break;
+							}
+							MessageBox(0, L"YOU GOT IT", L"OK", 0);
+							exit(0);
+							break;
+						}
+					}
+					Sleep(20);
+				}
+				MessageBox(0, L"Try Again", L"Fail", 0);
+
+			}
+		}
+		break;
+	case WM_INITDIALOG:
+		ButtonCheck = GetDlgItem(hDlg_MainProc, IDC_Button1);
+		EditControl = GetDlgItem(hDlg_MainProc, IDC_EDIT2);
+		//thread1
+		handle_Check = (HANDLE)_beginthreadex(NULL, 0, Check_ThreadProc, NULL, NULL, NULL);
+		if (NULL == handle_Check)
+		{
+			printf("Ìðµ³ÍòËê\n");
+		}
+		break;
+	case WM_CLOSE:
+		CloseHandle(handle_Check);
+		EndDialog(hDlg_MainProc, 0);
+		DestroyWindow(hDlg_MainProc);
+		break;
+	default:
+		break;
+	}
+	return 0;
+}
+
+unsigned _stdcall Check_ThreadProc(void* param)
+{
+	for (;;)
+	{
+		
+		_asm
+		{
+			push eax
+			xor eax,eax
+			mov al, chaos
+			rol al,2
+			mov chaos,al
+			pop eax
+		}
+		
+		Sleep(10);
+	}
+	return 0;
+}
+
+BOOL Main_Check(char *str)
+{
+	const int count = 12;
+	char *from = str + 5;
+	char t0o[30] = {0};
+	char *to = t0o;
+
+	
+	int n = (count + 7) / 8;
+	switch (count % 8)
+	{
+	case 0:	do{
+				*to++ = *from++;
+	case 7:		*to++ = *from++;
+	case 6:		*to++ = *from++;
+	case 5:		*to++ = *from++;
+	case 4:		*to++ = *from++;
+	case 3:		*to++ = *from++;
+	case 2:		*to++ = *from++;
+	case 1:		*to++ = *from++;
+
+
+	} while (--n > 0);
+	}
+
+	//t0oÒ»´Î±àÂë
+	for (int i = 0; i < count; i++)
+	{
+		char xxxx = t0o[i];
+		int abs = 0;
+		if ((xxxx>0x40) && (xxxx < 0x5B)) 
+		{
+			abs = FindSpace_MainCheck(SeriesH, xxxx, strlen(SeriesH));
+		}
+		else if ((xxxx>0x60) && (xxxx < 0x7B))
+		{
+			abs = FindSpace_MainCheck(SeriesL, xxxx, strlen(SeriesL));
+			abs += 100;
+		}
+		else if ((xxxx>0xF) && (xxxx < 0x3A))
+		{
+			abs = xxxx - 0x30 + 200;
+		}
+		else
+		{
+			
+			return FALSE;
+		}
+		Code1[i] = abs;
+	}
+	
+	return TRUE;
+}
+int FindSpace_MainCheck(char *str, char x, int num)
+{
+	if (x == *(str + (num / 2)))
+		return num/2;
+	else if (x > *(str + (num / 2)))
+		return (FindSpace_MainCheck(str + (num / 2), x, num-num / 2) + num / 2);
+	else
+		return FindSpace_MainCheck(str , x, num / 2);
+}
+BOOL CheckHCTF(char *str5, char last)
+{
+	const int strlength = 5;
+	char stringcpy[6] = { 0 };
+	char maomaomao[] = "316754";
+	
+	int cmpxxx[] = { -21, -18, -30, -15, -70, -73 };
+
+	for (int i = 0; i < strlength; i++)
+	{
+		stringcpy[i] = str5[i];
+	}
+
+	for (int i = 0; i < strlength; i++)
+	{
+		stringcpy[i] = maomaomao[i] - stringcpy[i];
+	}
+
+	for (int i = 0; i < strlength; i++)
+	{
+		if (stringcpy[i] != cmpxxx[i])
+		{
+			return FALSE;
+		}
+	}
+	if ((maomaomao[strlength] - last) != cmpxxx[strlength])
+		return FALSE;
+
+	return TRUE;
+}
\ No newline at end of file
diff --git a/re150/re200/Rand.cpp b/re150/re200/Rand.cpp
new file mode 100644
index 0000000..617b6d5
--- /dev/null
+++ b/re150/re200/Rand.cpp
@@ -0,0 +1,11 @@
+#include "IncludeAll.h"
+int M_Rand()
+{
+	const int RandMax = 0x5;
+	const int RandMin = 0x1;
+	int ret = 0;
+
+	for (; ret < RandMin;)
+		ret = (int)(rand() % (RandMax + 1));
+	return ret;
+}
\ No newline at end of file
diff --git a/re150/re200/re200.aps b/re150/re200/re200.aps
new file mode 100644
index 0000000..670cbdf
Binary files /dev/null and b/re150/re200/re200.aps differ
diff --git a/re150/re200/re200.rc b/re150/re200/re200.rc
new file mode 100644
index 0000000..980b348
Binary files /dev/null and b/re150/re200/re200.rc differ
diff --git a/re150/re200/re200.vcxproj b/re150/re200/re200.vcxproj
new file mode 100644
index 0000000..4a9b1ea
--- /dev/null
+++ b/re150/re200/re200.vcxproj
@@ -0,0 +1,104 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{7F28123C-1A59-410D-A160-83A9A7889FE7}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>re200</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="IncludeAll.h" />
+    <ClInclude Include="resource1.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="Main.cpp" />
+    <ClCompile Include="MainDlgProc.cpp" />
+    <ClCompile Include="Rand.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="re200.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <Image Include="9.bmp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+  <ProjectExtensions>
+    <VisualStudio>
+      <UserProperties RESOURCE_FILE="re200.rc" />
+    </VisualStudio>
+  </ProjectExtensions>
+</Project>
\ No newline at end of file
diff --git a/re150/re200/re200.vcxproj.filters b/re150/re200/re200.vcxproj.filters
new file mode 100644
index 0000000..8a6e097
--- /dev/null
+++ b/re150/re200/re200.vcxproj.filters
@@ -0,0 +1,46 @@
+ï»¿<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="æºæ–‡ä»¶">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="å¤´æ–‡ä»¶">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="èµ„æºæ–‡ä»¶">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="IncludeAll.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+    <ClInclude Include="resource1.h">
+      <Filter>å¤´æ–‡ä»¶</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="Main.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="MainDlgProc.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+    <ClCompile Include="Rand.cpp">
+      <Filter>æºæ–‡ä»¶</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="re200.rc">
+      <Filter>èµ„æºæ–‡ä»¶</Filter>
+    </ResourceCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <Image Include="9.bmp">
+      <Filter>èµ„æºæ–‡ä»¶</Filter>
+    </Image>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/re150/re200/resource.h b/re150/re200/resource.h
new file mode 100644
index 0000000..0c87ace
Binary files /dev/null and b/re150/re200/resource.h differ
diff --git a/re150/re200/resource1.h b/re150/re200/resource1.h
new file mode 100644
index 0000000..3c8c65b
Binary files /dev/null and b/re150/re200/resource1.h differ
diff --git a/re150/readme.txt b/re150/readme.txt
new file mode 100644
index 0000000..04b6987
--- /dev/null
+++ b/re150/readme.txt
@@ -0,0 +1,38 @@
+//ÌâÄ¿Ãû£ºÓÑÉÆµÄÄæÏò
+³öÕâÌâÖ»ÊÇÎªÁËºÃÍæ£¬Ò²Ã»Ê²Ã´µØ·½ÌØ±ð¶ñÐÄ¡£
+
+ÕâÊÇÒ»µÀ100~200·ÖµÄwindows¼òµ¥ÄæÏò¡£
+ÕæµÄºÃ¼òµ¥
+FLAG¸ñÊ½£º
+falg£ºHCTF{xxxxxxxxxxxx1234}
+falg£ºHCTF{UareS0cLeVer1234}
+
+
+//
+´úÂëÁ÷³Ì£º
+CheckRemoteDebuggerPresentÒ»¸ö¼òµ¥µÄ·´µ÷ÊÔ¡£
+¿ª2¸öÏß³Ì²»¶ÏµÄÈ¥ÐÞ¸ÄÒ»¸öÓÃÓÚ±È½ÏµÄÊýÖµ¡£
+movewindowÊµÏÖ°´Å¥3µã±ä»»¡£
+ÏÈ¼õÈ¥	char maomaomao[] = "316754"; ÑéÖ¤HCTF{			}
+È»ºó½øÐÐÒ»´Î±àÂë£¬¶þ²æ²éÕÒ±íÖÐÄÚÈÝ£¬ÆäÊµºÜ¼òµ¥¡£
+´úÂë¸øÁËÈ¥¿´°É¡£
+½øÐÐÒ»´ÎÐ´ËÀµÄ»»Î»¡£
+Òà»ò±È½ÏÉÏÃæÏß³ÌÐÞ¸ÄµÄÊýÖµ¡£
+Ð´ËÀµÄÑéÖ¤Ïß³ÌÐÞ¸ÄÖµ
+Ñ­»·100´Î¡£
+then
+·µ»Øyou got it
+
+
+
+
+
+
+
+
+
+
+
+
+
+