; by forgot[uPaCkING SaGa]:)
call Delta ; 重定位
Delta:pop ebp
lea eax, SEH_Handler - Delta[ebp]
push eax
xor eax, eax
push fs:[eax]
mov fs:[eax], esp ; 建立 SEH 链表
int 3 ; EXCEPTION_BREAKPOINT
nop
mov eax, eax
Dr3: stc
nop
lea eax, ds:1234h[ebx*2]
Dr2: clc
nop
shr ebx, 5
Dr1: cld
nop
rol eax, 7
Dr0: nop
nop
xor ebx, ebx
div ebx ; 除 0 异常
pop fs:0 ; 恢复 SEH 链表
add esp, 4
mov si, 'FG' ; SoftICE Magic
mov di, 'JM'
mov al, Counter - Delta[ebp] ; DRx 中断计数器
.IF FALSE
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SEH_Handler PROC C pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD
mov eax, pExcept
mov ecx, pContext ; ECX -> CONTEXT
ASSUME ECX:PTR CONTEXT
inc [ecx].regEip ; CONTEXT.regEip++
mov eax, [eax] ; EAX -> 异常类型
.IF eax == EXCEPTION_INT_DIVIDE_BY_ZERO
inc [ecx].regEip ; CONTEXT.regEip++
xor eax, eax ; EAX = 0
and [ecx].iDr0, eax
and [ecx].iDr1, eax ; CONTEXT.iDr1 = 0
and [ecx].iDr2, eax ; CONTEXT.iDr2 = 0
and [ecx].iDr3, eax ; CONTEXT.iDr3 = 0
and [ecx].iDr6, 0FFFF0FF0h ; CONTEXT.iDr6 = 0FFFF0FF0h
and [ecx].iDr7, 0DC00h ; CONTEXT.iDr7 = 0DC00h
.ELSEIF eax == EXCEPTION_SINGLE_STEP
call @F
Counter db 0 ; DRx 中断计数器
@@:pop eax ; EAX -> Counter
inc byte ptr [eax] ; 计数器++
sub eax, eax ; EAX = 0
.ELSEIF eax == EXCEPTION_BREAKPOINT
mov eax, [ecx].regEbp
lea eax, Dr0 - Delta[eax]
mov [ecx].iDr0, eax
mov eax, [ecx].regEbp
lea eax, Dr1 - Delta[eax]
mov [ecx].iDr1, eax
mov eax, [ecx].regEbp
lea eax, Dr2 - Delta[eax]
mov [ecx].iDr2, eax
mov eax, [ecx].regEbp
lea eax, Dr3 - Delta[eax]
mov [ecx].iDr3, eax
xor eax, eax
and [ecx].iDr6, 0FFFF0FF0h
mov [ecx].iDr7, 155h
.ELSE
push EXCEPTION_NONCONTINUABLE
pop eax
.ENDIF
ASSUME ECX:NOTHING
ret
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
.ENDIF
sub al, 4
mov Counter - Delta[ebp], al ; DRx 中断计数器
mov edx, [ebp+1BAFh]
and edx, 0FFFF0000h
mov eax, esp
xor esp, esp
mov esp, eax
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)