hying的单步陷阱,陷阱,反跟踪技术 2008年06月23日 星期一 下午 01:57 Opcode很乱,具体我也不清楚,但可以用 .586P .Model Flat,StdCall Option CaseMap:None Assume Fs:Nothing .Code Start: call _push_handler mov eax, [esp 4] mov eax, [eax] cmp eax, 80000004h jnz short _live_or_dead 1 ; to see my god... mov esp, [esp 8] jmp short _restore_stack _junk_1: pop eax _live_or_dead: jmp short _trap_end db 0E9h _restore_stack: pop fs:0 jz short _junk_1 jnz short _junk_1 _trap_end: jmp short _out _push_handler: push fs:0 jmp short _set_seh_1 db 0FFh _make_exception: pushf jz short _junk_2 jnz short _junk_2 _bad_address: db 0E9h _junk_2: or dword ptr [esp], 100h popf nop jmp short _bad_address _set_seh_1: mov fs:0, esp jmp short _make_exception _out: ret End Start 宏,随便放 _Trap MACRO Junkcode LOCAL _push_handler, _live_or_dead, _restore_stack, _junk_1,_junk_2,_trap_end, _make_exception, _bad_address,_set_seh_1,_out call _push_handler mov eax, [esp 4] mov eax, [eax] cmp eax, 80000004h jnz short _live_or_dead 1 ; skip mov esp, [esp 8] jmp short _restore_stack _junk_1: pop eax _live_or_dead: jmp short _trap_end db 0E9h ; jmp -> _restore_stack: pop fs:0 jz short _junk_1 jnz short _junk_1 _trap_end: jmp short _out _push_handler: push fs:0 jmp short _set_seh_1 db Junkcode _make_exception: pushfd jz short _junk_2 jnz short _junk_2 _bad_address: db 0E9h _junk_2: or dword ptr [esp], 100h popfd nop jmp short _bad_address _set_seh_1: mov fs:0, esp jmp short _make_exception _out: ret ENDM |
|小黑屋|最新主题|手机版|微赢网络技术论坛
( 苏ICP备08020429号 )
GMT+8, 2024-9-30 01:42 , Processed in 0.121238 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.
