win7下面按你的方法试了,无效
int _tmain(int argc, _TCHAR* argv[])
{
PIMAGE_DOS_HEADER pDosHeader = NULL;
PIMAGE_NT_HEADERS pNtHeader = NULL;
PIMAGE_SECTION_HEADER pSecHeader = NULL;
DWORD ImageBase, OriginalCRC32;
ImageBase = (DWORD)GetModuleHandle(NULL);//取基址,其实本例也可直接用0x4000000这个值
pDosHeader = (PIMAGE_DOS_HEADER)ImageBase;
pNtHeader = (PIMAGE_NT_HEADERS32)((DWORD)pDosHeader + pDosHeader->e_lfanew);
//定位到PE文件头(即字串“PE\0\0”处)前4个字节处,并读出储存在这里的CRC-32值:
//OriginalCRC32 = *((DWORD *)((DWORD)pNtHeader - 4));
pSecHeader = IMAGE_FIRST_SECTION(pNtHeader); //得到第一个区块的起始地址
DWORD address1 = 0, address2 = 0, size = 0;
TCHAR tch1[20] = TEXT("Hello world!");
TCHAR tch2[20] = TEXT("OK");
_asm mov address1, offset begindecrypt;
_asm mov address2, offset enddecrypt;
begindecrypt: //标记代码的起妈地址
MessageBox(NULL, tch1, tch2, MB_ICONEXCLAMATION);
enddecrypt://标记代码的结束地址
DWORD dw = CRC32((BYTE*)(address1), size); // ! 这个 address1 在不断变化 !
if (CRC32((BYTE*)address1, size) == 0xe6efb0db)
MessageBox(NULL,TEXT ("Breakpoint not found!"),TEXT ("Breakpoint detection by CRC"),MB_ICONEXCLAMATION);
else
MessageBox(NULL,L"Breakpoint or a change in the program found !",L"Breakpoint detection by CRC",MB_ICONEXCLAMATION);
return 0;
}