寻找0XCC软件断点

配合反汇编引擎效果出奇;

Here is what I see in hacker defense testing 0xCC software breakpoints

;I write it with FASM assembler

include 'win32ax.inc'

use32

entry start

section '.text' code readable executable

start:

push ebp

mov ebp,esp

mov eax,[fs:30h] ;peb

mov ebx, dword[eax+08h] ;Imagebase

mov dword [imagebassaddress],ebx

mov eax,[eax+0ch]

mov eax,[eax+0ch]

mov ebx, dword [eax+20h] ;sizeofimage

mov dword [sizeofimage],ebx

invoke CreateThread,NULL,NULL,fuckocc,NULL,0,NULL

fucknima:

mov ecx,10

loop fucknima

mov esp,ebp

pop ebp

invoke exit,NULL

fuckocc:

;Function implementation

push ebp

mov ebp,esp

fuckcc_loop:

mov al,0xcc

mov edi,dword [imagebaseaddress];get imagebaseaddress

mov ecx,dword [sizeofimage];get imagesize

repne scasb

sub edi,1;get address 0XCC=1BYTE so sub

mov dword [fuckcc],edi ;write 0xcc address to .data

;mov dword [edi],0x90

jmp fuckcc_loop

mov esp,ebp

pop ebp

section '.data' data readable writeable

imagebaseaddress dd 00

sizeofimage dd 00

fuckcc dd 00

section '.idata' import data readable

library kernel,'KERNEL32.DLL'

import kernel,CreateThread,'CreateThread',

       exit,'ExitProcess'

最后

以上就是开心帽子为你收集整理的寻找0XCC软件断点的全部内容，希望文章能够帮你解决寻找0XCC软件断点所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错，欢迎将靠谱客网站推荐给程序员好友。