c语言花指令怎么去除,[原创]去除花指令的代码

最新推荐文章于 2024-02-29 14:57:43 发布

bgwsoye

最新推荐文章于 2024-02-29 14:57:43 发布

阅读量375

点赞数

文章标签： c语言花指令怎么去除

2008-10-3 05:46

// A Test Simple

#define WIN32_LEAN_AND_MEAN

#include "windows.h"

//找出花指令的位置并去掉花指令

void FindFlowerCodeAndRemove2(LPVOID src, LPVOID flw, int nSrcLen,int nflwLen)

{

__asm

{

xor eax,eax

push esi

push edi

push ecx

cld

mov esi,flw

mov edi,src

mov ecx,nSrcLen

lodsb

Start:

repnz scasb

or ecx,ecx

jz NotFindFlower

push eax

push ecx

push esi

push edi

lea edi,[edi - 1]

mov ecx,nflwLen

mov esi,flw

repz cmpsb

// or ecx,ecx // comment this BUG line

jnz MYLOOP

mov ecx,nflwLen

sub edi,nflwLen

mov al,0x90

rep stosb

MYLOOP:

pop edi

pop esi

pop ecx

pop eax

jmp Start

NotFindFlower:

pop ecx

pop edi

pop esi

}

void FindFlowerCodeAndRemove(LPVOID src, LPVOID flw, int nSrcLen,int nflwLen)

{

__asm

{

xor eax,eax

push esi

push edi

push ecx

cld

mov esi,flw

mov edi,src

mov ecx,nSrcLen

lodsb

Start:

repnz scasb

or ecx,ecx

jz NotFindFlower

push eax

push ecx

push esi

push edi

lea edi,[edi - 1]

mov ecx,nflwLen

mov esi,flw

repz cmpsb

or ecx,ecx

jnz MYLOOP

mov ecx,nflwLen

sub edi,nflwLen

mov al,0x90

rep stosb

MYLOOP:

pop edi

pop esi

pop ecx

pop eax

jmp Start

NotFindFlower:

pop ecx

pop edi

pop esi

}

BYTE flowCode1[] = {0x30, 0x31, 0x32}; // ......表示你的花指令组合，这个需要你自己替换了。

BYTE src[14] = {'a', 'b', 'c', '0', '1', 'd', 'e', 'f', '0', '1', '2', 'g', 'h', 'i' };

BYTE expect_result[14] = {'a', 'b', 'c', '0', '1', 'd', 'e', 'f', 0x90, 0x90, 0x90, 'g', 'h', 'i' };

void hex_print(BYTE *buf, size_t size)

{

while(size --)

printf("%.2x ", *buf++);

printf("\n");

}

void check_it(BYTE *result)

{

if (0 == memcmp(result, expect_result, 14))

printf("Right!\n");

else

printf("Wrong!\n");

}

int main(int argc, char* argv[])

{

BYTE buf[14];

// method 1: test ecx

memcpy(buf, src, sizeof(buf));

printf("src is :");

hex_print(buf, sizeof(buf));

printf("flower is:");

hex_print(flowCode1, sizeof(flowCode1));

printf("FindFlowerCodeAndRemove with test ecx>>>>>>\n");

FindFlowerCodeAndRemove(buf, flowCode1, sizeof(buf),sizeof(flowCode1));

printf("now src is:");

hex_print(buf, sizeof(buf));

check_it(buf);

// again

printf("\n\nAnother test\n\n\n");

// method 2: test flag

memcpy(buf, src, sizeof(buf));

printf("src is :");

hex_print(buf, sizeof(buf));

printf("flower is:");

hex_print(flowCode1, sizeof(flowCode1));

printf("FindFlowerCodeAndRemove with test flag>>>>>>\n");

FindFlowerCodeAndRemove2(buf, flowCode1, sizeof(buf),sizeof(flowCode1));

printf("now src is:");

hex_print(buf, sizeof(buf));

check_it(buf);

return 0;

}

bgwsoye

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
c语言花指令怎么去除,[原创]去除花指令的代码

52008-10-3 05:46// A Test Simple#define WIN32_LEAN_AND_MEAN#include "windows.h"//找出花指令的位置并去掉花指令void FindFlowerCodeAndRemove2(LPVOID src, LPVOID flw, int nSrcLen,int nflwLen){__asm{xor eax,eaxpush esip...
复制链接

扫一扫