能力值:
( LV4,RANK:50 )
|
-
-
2 楼
char * TargetString = "SomeString";
DWORD dwRetAddr;
__declspec(naked) VOID Fake_WriteFile(VOID)
{
__asm
{
MOV EAX, [ESP+8] // Buffer
MOV EDX, [ESP]
PUSHAD //Save Registers
PUSH TargetString//"error:debugger finded"
PUSH EAX // Buffer
CALL DWORD PTR[StrStrA]
TEST EAX, EAX
JZ NEXT
BEGIN: //Sleep forever
PUSH 10000 //10s
CALL DWORD PTR[Sleep]
JMP BEGIN
NEXT:
POPAD
PUSH 0x18
PUSH 0x7C810E30
JMP DWORD PTR[dwRetAddr]
}
}
BOOL StartHook(VOID)
{
BYTE JmpCode[] = {0xE9, 0x00, 0x00, 0x00, 0x00, 0x90, 0x90};
DWORD dwWrite, tmp;
DWORD dwWriteFile = (DWORD)GetProcAddress (LoadLibrary("kernel32.dll"), "WriteFile");
if (0 == dwWriteFile)
{
OutputDebugString("dwWriteFile = 0");
return FALSE;
}
dwRetAddr = dwWriteFile + 7;
tmp =(DWORD)Fake_WriteFile - dwWriteFile - 5;
memcpy (JmpCode+1, &tmp, 4);
if (!WriteProcessMemory ((HANDLE)-1, (PVOID)dwWriteFile, JmpCode, sizeof(JmpCode), &dwWrite))
{
OutputDebugString("hook error: writememory error");
return FALSE;
}
OutputDebugString("hook ok");
return TRUE;
}
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
谢谢 exile 的回复。不过我说的是Windows mobile的问题,抱歉没说清楚。
|
|
|
|
