看流星社区

 找回密码
 注册账号
查看: 3054|回复: 0

[汇编] 寻找0XCC软件断点

[复制链接]

该用户从未签到

发表于 2017-6-3 11:10:58 | 显示全部楼层 |阅读模式

配合反汇编引擎效果出奇;
Here is what I see in hacker defense testing 0xCC software breakpoints
;I write it with FASM assembler
include 'win32ax.inc'
use32
entry start
section '.text' code readable executable
start:
push ebp
mov ebp,esp
mov eax,[fs:30h] ;peb
mov ebx, dword[eax+08h] ;Imagebase
mov dword [imagebassaddress],ebx
mov eax,[eax+0ch]
mov eax,[eax+0ch]
mov ebx, dword [eax+20h] ;sizeofimage
mov dword [sizeofimage],ebx
invoke CreateThread,NULL,NULL,fuckocc,NULL,0,NULL


fucknima:
mov ecx,10
loop fucknima
mov esp,ebp
pop ebp
invoke exit,NULL
fuckocc:
;Function implementation
push ebp
mov ebp,esp
fuckcc_loop:
mov al,0xcc
mov edi,dword [imagebaseaddress];get imagebaseaddress
mov ecx,dword [sizeofimage];get imagesize
repne scasb
sub edi,1;get address 0XCC=1BYTE so sub
mov dword [fuckcc],edi ;write 0xcc address to .data
;mov dword [edi],0x90
jmp fuckcc_loop
mov esp,ebp
pop ebp
section '.data' data readable writeable
imagebaseaddress dd 00
sizeofimage dd 00
fuckcc dd 00
section '.idata' import data readable
library kernel,'KERNEL32.DLL'
import kernel,CreateThread,'CreateThread',\
   exit,'ExitProcess'
点击按钮快速添加回复内容: 支持 高兴 激动 给力 加油 苦寻 生气 回帖 路过 感恩
您需要登录后才可以回帖 登录 | 注册账号

本版积分规则

小黑屋|手机版|Archiver|看流星社区 |网站地图

GMT+8, 2024-3-19 12:12

Powered by Kanliuxing X3.4

© 2010-2019 kanliuxing.com

快速回复 返回顶部 返回列表