[求助]双进程保护的壳-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

最新回复 (1)
luckxiao 雪币： 279 活跃值： (14) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 284 粉丝 1 关注私信	luckxiao 2 楼 procedure TForm1.FormCreate(Sender: TObject); const sMutx:string = '%sMUTEX'; sPreFix:String = 'MAMA'; //this is a custom name var sBuffer:array[0..511] of Byte; hHandle:Cardinal; pPointer:Pointer; si:TStartupInfo; Pi:TProcessInformation; dDebug:TDebugEvent; begin //The whole following code is a recode of ARMadillo's Debug Blocker //====================================================================== //Couldnt managee to get it work with Delphi Code so used Inline ASM asm push sPreFix push sMutx lea eax, sBuffer[0] push eax call wsprintf end; //Use OpenMutex to check if Mutex is existing hHandle := OpenMutex(MUTEX_ALL_ACCESS,False,@sBuffer[0]); if hHandle <> 0 then CloseHandle(hHandle) else begin CreateMutex(nil,False,@sBuffer[0]); //Create Mutex to show that we are the parentprocess pPointer := GetCommandLine; //Get own File Path ZeroMemory(@si,SizeOf(si)); //Needed for CreateProcess if CreateProcess(nil,pPointer,nil,nil,False,DEBUG_PROCESS,nil,nil,si,Pi) then begin //Create own Process with Debug-Access repeat WaitForDebugEvent(dDebug,INFINITE); //Needed for Debugee if dDebug.dwDebugEventCode = EXIT_PROCESS_DEBUG_EVENT then begin ExitProcess(0); //Exit own Process if the Debugged Process exists end; ContinueDebugEvent(dDebug.dwProcessId,dDebug.dwThreadId,DBG_CONTINUE); until 1 = 3; end; end; //Add here your Code (Start of the Code) end; delphi 的双进程 2011-10-19 09:26 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (1)

luckxiao

雪币： 279

活跃值： (14)

能力值：

( LV2，RANK：10 )

在线值：

发帖

回帖

284

粉丝

关注

私信

luckxiao: 2 楼

procedure TForm1.FormCreate(Sender: TObject);
const
  sMutx:string = '%sMUTEX';
  sPreFix:String = 'MAMA';  //this is a custom name
var
  sBuffer:array[0..511] of Byte;
  hHandle:Cardinal;
  pPointer:Pointer;
  si:TStartupInfo;
  Pi:TProcessInformation;
  dDebug:TDebugEvent;
begin
  //The whole following code is a recode of ARMadillo's Debug Blocker
  //======================================================================
  //Couldnt managee to get it work with Delphi Code so used Inline ASM
  asm
    push sPreFix
    push sMutx
    lea eax, sBuffer[0]
    push eax
    call wsprintf
  end;
  //Use OpenMutex to check if Mutex is existing
  hHandle := OpenMutex(MUTEX_ALL_ACCESS,False,@sBuffer[0]);
  if  hHandle <> 0 then
    CloseHandle(hHandle)
  else begin
    CreateMutex(nil,False,@sBuffer[0]); //Create Mutex to show that we are the parentprocess
    pPointer := GetCommandLine; //Get own File Path
    ZeroMemory(@si,SizeOf(si)); //Needed for CreateProcess
    if CreateProcess(nil,pPointer,nil,nil,False,DEBUG_PROCESS,nil,nil,si,Pi) then begin  //Create own Process with Debug-Access
      repeat
        WaitForDebugEvent(dDebug,INFINITE);  //Needed for Debugee
        if dDebug.dwDebugEventCode = EXIT_PROCESS_DEBUG_EVENT then begin
          ExitProcess(0);   //Exit own Process if the Debugged Process exists
        end;
        ContinueDebugEvent(dDebug.dwProcessId,dDebug.dwThreadId,DBG_CONTINUE);
      until 1 = 3;
    end;
  end;
  //Add here your Code (Start of the Code)
end;

delphi 的双进程

2011-10-19 09:26