只是修改了bool InstallAntiAttach() { HMODULE ntDll; void *pDbgUiRemoteBreakin; //函数头 DWORD dwOldProtect; DWORD dwCodeSize; ntDll = GetModuleHandle("ntdll.dll"); if (ntDll) { pDbgUiRemoteBreakin = GetProcAddress(ntDll,"DbgUiRemoteBreakin"); if (pDbgUiRemoteBreakin) { __asm { //get code size lea eax,__CodeToCopyStart lea ecx,__CodeToCopyEnd sub ecx,eax mov dwCodeSize,ecx } //Make sure that we have write right if (VirtualProtect(pDbgUiRemoteBreakin,dwCodeSize,PAGE_EXECUTE_READWRITE, &dwOldProtect)) { __asm { mov edi,pDbgUiRemoteBreakin lea esi,__CodeToCopyStart mov ecx,dwCodeSize rep movsb jmp __CodeEnd __CodeToCopyStart: lea eax,__CodeToCopyEnd jmp eax __CodeToCopyEnd: } __asm { xor eax,eax pushfd mov [esp],eax popfd xor ebx,ebx xor ecx,ecx xor edx,edx xor edi,edi xor esi,esi xor esp,esp xor ebp,ebp jmp eax } __CodeEnd: return true; } } } return false; }
防OD附加的代码
最新推荐文章于 2023-03-05 15:44:00 发布