- //加密解密技术内幕,示例,asm转delphi
- unit Unit1;
- interface
- uses
- Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
- Dialogs, StdCtrls, DB, ADODB;
- type
- TForm1 = class(TForm)
- OpenDialog1: TOpenDialog;
- Button1: TButton;
- Memo1: TMemo;
- ADOConnection1: TADOConnection;
- procedure Button1Click(Sender: TObject);
- private
- { Private declarations }
- procedure getREGISTER(handle:THandle);
- public
- { Public declarations }
- end;
- var
- Form1: TForm1;
- implementation
- {$R *.dfm}
- procedure TForm1.Button1Click(Sender: TObject);
- const
- APPNAME = 'Win32 Debug Example no.1';
- NEWTHREAD = 'A new thread is created';
- ENDTHREAD = 'A thread is destroyed';
- var
- startinfo :STARTUPINFO;
- pi:PROCESS_INFORMATION;
- DBEvent :DEBUG_EVENT;
- filename :string;
- buffer : string;
- ProcessInfo :string;
- begin
- ProcessInfo := 'File Handle : %x '+#13#10+'Process Handle: %x' + #13#10+'Thread Handle : %x'+#13#10+'Image Base : %x'+#13#10+'Start Address : %x';
- if OpenDialog1.Execute then
- begin
- filename := OpenDialog1.FileName;
- GetStartupInfo(startinfo); //填充startinfo结构
- createprocess(PAnsiChar(filename),nil,nil,nil,False,DEBUG_PROCESS + DEBUG_ONLY_THIS_PROCESS,nil,nil,startinfo,pi); //调试模式加载进程
- while True do
- begin
- WaitForDebugEvent(DBEvent,INFINITE) ; //等待调试事件
- if DBEvent.dwDebugEventCode = EXIT_PROCESS_DEBUG_EVENT THEN //进程退出
- begin
- MessageBox(0,'The debuggee exits','Win32 Debug Example no.1',mb_ok + MB_ICONINFORMATION);
- Exit;
- end
- else if DBEvent.dwDebugEventCode = create_process_debug_event then //进程被创建
- begin
- buffer := Format(ProcessInfo,[DBEvent.CreateProcessInfo.hFile,DBEvent.CreateProcessInfo.hProcess,DBEvent.CreateProcessInfo.hThread,integer(DBEvent.CreateProcessInfo.lpBaseOfImage),Integer(DBEvent.CreateProcessInfo.lpStartAddress)]);
- MessageBox(0,PAnsiChar(buffer),'Win32 Debug Example no.1',MB_OK + mb_iconinformation);
- getREGISTER(DBEvent.CreateProcessInfo.hThread);
- end
- else if DBEvent.dwDebugEventCode = exception_debug_event then
- begin
- if DBEvent.Exception.ExceptionRecord.ExceptionCode = exception_breakpoint then
- begin
- ContinueDebugEvent(DBEvent.dwProcessId,DBEvent.dwThreadId,DBG_CONTINUE); //继续运行
- Continue;
- end;
- end
- else if DBEvent.dwDebugEventCode = create_thread_debug_event then //线程被创建
- MessageBox(0,NEWTHREAD,APPNAME,MB_OK+MB_ICONINFORMATION)
- else if DBEvent.dwDebugEventCode = exit_thread_debug_event then //线程退出
- MessageBox(0,ENDTHREAD,APPNAME,MB_OK+MB_ICONINFORMATION);
- ContinueDebugEvent(DBEvent.dwProcessId,DBEvent.dwThreadId,DBG_EXCEPTION_NOT_HANDLED);
- end;
- CloseHandle(pi.hProcess);
- CloseHandle(pi.hThread);
- end;
- end;
- procedure TForm1.getREGISTER(handle:THandle);
- var
- ctext : CONTEXT;
- begin
- Memo1.Clear;
- ctext.ContextFlags := CONTEXT_FULL;
- GetThreadContext(handle,ctext); //获得进程上下文内容
- Memo1.Lines.Add(Format('DR0 : %x',[ctext.Dr0]));
- Memo1.Lines.Add(Format('DR1 : %x',[ctext.Dr1]));
- Memo1.Lines.Add(Format('DR2 : %x',[ctext.Dr2]));
- Memo1.Lines.Add(Format('DR3 : %x',[ctext.Dr3]));
- Memo1.Lines.Add(Format('EDI : %x',[ctext.Edi]));
- Memo1.Lines.Add(Format('Esi : %x',[ctext.Esi]));
- Memo1.Lines.Add(Format('Ebx : %x',[ctext.Ebx]));
- Memo1.Lines.Add(Format('Edx : %x',[ctext.Edx]));
- Memo1.Lines.Add(Format('Ecx : %x',[ctext.Ecx]));
- Memo1.Lines.Add(Format('Eax : %x',[ctext.Eax]));
- Memo1.Lines.Add(Format('Ebp : %x',[ctext.Ebp]));
- Memo1.Lines.Add(Format('Eip : %x',[ctext.Eip]));
- Memo1.Lines.Add(Format('Esp : %x',[ctext.Esp]));
- end;
- end.
6114
“相关推荐”对你有帮助么?
-
非常没帮助 -
没帮助 -
一般 -
有帮助 -
非常有帮助
提交
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
