-
-
[讨论]分析卡巴这段代码有意义没有?
-
发表于:
2013-3-13 10:35
3585
-
#include <Windows.h>
#include <stdio.h>
DWORD __stdcall ThreadProc(LPVOID lpParamer)
{
unsigned int i;
while ( 1 )
{
Sleep(60000);
i = 0;
do
{
if ( *((DWORD *)lpParamer + i) != 0x0AAAAAAAA )
{
_asm
{
mov dword ptr ds:[0], 0
}
}
++i;
}
while ( i < 0x8000 );
}
}
void main()
{
LPVOID lpBuffer=NULL;
HANDLE hTread=NULL;
DWORD ThreadId=NULL;
lpBuffer = VirtualAlloc(0, 0x20000, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
if ( lpBuffer )
{
memset(lpBuffer, 0xAA, 0x20000);
VirtualProtect(lpBuffer, 0x20000, PAGE_READONLY, &ThreadId);
hTread = CreateThread(0, 0, ThreadProc, lpBuffer, 0, &ThreadId);
SetThreadPriority(hTread, -15);
CloseHandle(hTread);
}
getchar();
}
个人觉得没有什么意义,如果内存溢出不在你这个范围内了?这么片面检测有意义吗?
大家认为呢?
但是我为什么要发出来?因为我觉得这么一个大公司,又不应该写这样的代码,所以就发出来,一起分析一下啊
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
