dbh
var MutexName
var count
var check
var breakpoint
var codebase
var csize
mov count,0
gmi eip, CODEBASE
cmp $RESULT, 0
je err
mov codebase, $RESULT
gmi codebase, CODESIZE
cmp $RESULT, 0
je err
mov csize, $RESULT
gpa "OpenMutexA", "kernel32.dll"
bp $RESULT
lab1:
esto
cmp eip, $RESULT
jne lab1
mov MutexName, esp
add MutexName, 0C
mov MutexName,[MutexName]
begin:
exec
PUSHAD
PUSH {MutexName}
PUSH 0
PUSH 0
CALL kernel32.CreateMutexA
POPAD
JMP kernel32.OpenMutexA
ende
bc $RESULT
//Clear bp OpenMutexA//
loop2:
gpa "OutputDebugStringA", "kernel32.dll"
bphws $RESULT, "x"
mov breakpoint, $RESULT
eob doc
esto
doc:
cmp eip, breakpoint
jne err
inc count
cmp count,2 // I just passed 2 times in one app
jne loop2