寻找0XCC软件断点

配合反汇编引擎效果出奇;

Here is what I see in hacker defense testing 0xCC software breakpoints

;I write it with FASM assembler

include 'win32ax.inc'

use32

entry start

section '.text' code readable executable

start:

push ebp

mov ebp,esp

mov eax,[fs:30h] ;peb

mov ebx, dword[eax+08h] ;Imagebase

mov dword [imagebassaddress],ebx

mov eax,[eax+0ch]

mov eax,[eax+0ch]

mov ebx, dword [eax+20h] ;sizeofimage

mov dword [sizeofimage],ebx

invoke CreateThread,NULL,NULL,fuckocc,NULL,0,NULL

fucknima:

mov ecx,10

loop fucknima

mov esp,ebp

pop ebp

invoke exit,NULL

fuckocc:

;Function implementation

push ebp

mov ebp,esp

fuckcc_loop:

mov al,0xcc

mov edi,dword [imagebaseaddress];get imagebaseaddress

mov ecx,dword [sizeofimage];get imagesize

repne scasb

sub edi,1;get address 0XCC=1BYTE so sub

mov dword [fuckcc],edi ;write 0xcc address to .data

;mov dword [edi],0x90

jmp fuckcc_loop

mov esp,ebp

pop ebp

section '.data' data readable writeable

imagebaseaddress dd 00

sizeofimage dd 00

fuckcc dd 00

section '.idata' import data readable

library kernel,'KERNEL32.DLL'

import kernel,CreateThread,'CreateThread',

       exit,'ExitProcess'

最后

以上就是开心帽子最近收集整理的关于寻找0XCC软件断点的全部内容，更多相关寻找0XCC软件断点内容请搜索靠谱客的其他文章。