-
-
[求助]第二章程式请教
-
2010-1-4 13:28 3786
-
BOOL IsCC()
{
FARPROC Uaddr ;
BYTE Mark = 0;
(FARPROC&) Uaddr =GetProcAddress ( LoadLibrary("user32.dll"),"MessageBoxA");
Mark = *((BYTE*)Uaddr); // 取MessageBoxA函数第一字节
if(Mark ==0xCC) // 如该字节为CC,则认为MessageBoxA函数被下断
return TRUE;
else
return FALSE;
}
(FARPROC&) Uaddr =GetProcAddress ( LoadLibrary("user32.dll"),"MessageBoxA");
00411482 mov esi,esp
00411484 push offset string "MessageBoxA" (415774h)
00411489 mov edi,esp
0041148B push offset string "user32.dll" (415764h)
00411490 call dword ptr [__imp__LoadLibraryA@4 (4181ECh)]
00411496 cmp edi,esp
00411498 call @ILT+320(__RTC_CheckEsp) (411145h)
0041149D push eax
0041149E call dword ptr [__imp__GetProcAddress@8 (4181E8h)]
004114A4 cmp esi,esp
004114A6 call @ILT+320(__RTC_CheckEsp) (411145h)
004114AB mov dword ptr [Uaddr],eax
Mark = *((BYTE*)Uaddr); // 取MessageBoxA函数第一字节
004114AE mov eax,dword ptr [Uaddr]
004114B1 mov cl,byte ptr [eax]
004114B3 mov byte ptr [Mark],cl
Mark = *((BYTE*)Uaddr);
这一句不懂,请帮忙解释一下
谢谢!!
{
FARPROC Uaddr ;
BYTE Mark = 0;
(FARPROC&) Uaddr =GetProcAddress ( LoadLibrary("user32.dll"),"MessageBoxA");
Mark = *((BYTE*)Uaddr); // 取MessageBoxA函数第一字节
if(Mark ==0xCC) // 如该字节为CC,则认为MessageBoxA函数被下断
return TRUE;
else
return FALSE;
}
(FARPROC&) Uaddr =GetProcAddress ( LoadLibrary("user32.dll"),"MessageBoxA");
00411482 mov esi,esp
00411484 push offset string "MessageBoxA" (415774h)
00411489 mov edi,esp
0041148B push offset string "user32.dll" (415764h)
00411490 call dword ptr [__imp__LoadLibraryA@4 (4181ECh)]
00411496 cmp edi,esp
00411498 call @ILT+320(__RTC_CheckEsp) (411145h)
0041149D push eax
0041149E call dword ptr [__imp__GetProcAddress@8 (4181E8h)]
004114A4 cmp esi,esp
004114A6 call @ILT+320(__RTC_CheckEsp) (411145h)
004114AB mov dword ptr [Uaddr],eax
Mark = *((BYTE*)Uaddr); // 取MessageBoxA函数第一字节
004114AE mov eax,dword ptr [Uaddr]
004114B1 mov cl,byte ptr [eax]
004114B3 mov byte ptr [Mark],cl
Mark = *((BYTE*)Uaddr);
这一句不懂,请帮忙解释一下
谢谢!!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工 作,每周日13:00-18:00直播授课
赞赏
他的文章
看原图