寻找0XCC软件断点
配合反汇编引擎效果出奇;
Here is what I see in hacker defense testing 0xCC software breakpoints
;I write it with FASM assembler
include 'win32ax.inc'
use32
entry start
section '.text' code readable executable
start:
push ebp
mov ebp,esp
mov eax, ;peb
mov ebx, dword ;Imagebase
mov dword ,ebx
mov eax,
mov eax,
mov ebx, dword ;sizeofimage
mov dword ,ebx
invoke CreateThread,NULL,NULL,fuckocc,NULL,0,NULL
fucknima:
mov ecx,10
loop fucknima
mov esp,ebp
pop ebp
invoke exit,NULL
fuckocc:
;Function implementation
push ebp
mov ebp,esp
fuckcc_loop:
mov al,0xcc
mov edi,dword ;get imagebaseaddress
mov ecx,dword ;get imagesize
repne scasb
sub edi,1;get address 0XCC=1BYTE so sub
mov dword ,edi ;write 0xcc address to .data
;mov dword ,0x90
jmp fuckcc_loop
mov esp,ebp
pop ebp
section '.data' data readable writeable
imagebaseaddress dd 00
sizeofimage dd 00
fuckcc dd 00
section '.idata' import data readable
library kernel,'KERNEL32.DLL'
import kernel,CreateThread,'CreateThread',\
exit,'ExitProcess'
页:
[1]