分类
无聊代码

配合反汇编引擎效果出奇;

配合反汇编引擎效果出奇;
Here is what I see in hacker defense testing 0xCC software breakpoints
;I write it with FASM assembler
include 'win32ax.inc'
use32
entry start
section '.text' code readable executable
start:
push ebp
mov ebp,esp
mov eax,[fs:30h] ;peb
mov ebx, dword[eax+08h] ;Imagebase
mov dword [imagebassaddress],ebx
mov eax,[eax+0ch]
mov eax,[eax+0ch]
mov ebx, dword [eax+20h] ;sizeofimage
mov dword [sizeofimage],ebx
invoke CreateThread,NULL,NULL,fuckocc,NULL,0,NULL

fucknima:
mov ecx,10
loop fucknima
mov esp,ebp
pop ebp
invoke exit,NULL
fuckocc:
;Function implementation
push ebp
mov ebp,esp
fuckcc_loop:
mov al,0xcc
mov edi,dword [imagebaseaddress];get imagebaseaddress
mov ecx,dword [sizeofimage];get imagesize
repne scasb
sub edi,1;get address 0XCC=1BYTE so sub
mov dword [fuckcc],edi ;write 0xcc address to .data
;mov dword [edi],0x90
jmp fuckcc_loop
mov esp,ebp
pop ebp
section '.data' data readable writeable
imagebaseaddress dd 00
sizeofimage dd 00
fuckcc dd 00
section '.idata' import data readable
library kernel,'KERNEL32.DLL'
import kernel,CreateThread,'CreateThread',
       exit,'ExitProcess'

FAKE

研究商业反作弊.

发表评论

邮箱地址不会被公开。 必填项已用*标注