小菜学习in3断点之余,感觉封装为两个函数调用有点方便。小白分享,大神飘过
插入代码
```void SetInt3Breakpoint(HANDLE hProcess, DWORD SetInt3address)
{
DWORD oldProtect;
VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
originalByte
=
*
(BYTE
*
)SetInt3address;
BOOL
VirtualProtectResult
=
VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if
(VirtualProtectResult)
{
MessageBox(NULL, TEXT(
"SetInt3_VirtualProtect操作成功"
), TEXT(
"提示"
), NULL);
}
else
{
MessageBox(NULL, TEXT(
"SetInt3_VirtualProtect操作失败"
), TEXT(
"提示"
), NULL);
DWORD dwError
=
GetLastError();
VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
BOOL
VirtualProtectExResult
=
VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if
(VirtualProtectExResult)
{
MessageBox(NULL, TEXT(
"SetInt3_VirtualProtectEx操作成功"
), TEXT(
"提示"
), NULL);
}
else
{
MessageBox(NULL, TEXT(
"SetInt3_VirtualProtectEx操作失败"
), TEXT(
"提示"
), NULL);
DWORD dwError
=
GetLastError();
}
}
/
/
WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo,
0x1
, NULL);
memcpy((LPVOID)SetInt3address, KeyInfo, sizeof(KeyInfo));
/
/
BOOL
writeResult
=
WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo,
0x1
, NULL);
/
/
if
(writeResult)
/
/
{
/
/
MessageBox(NULL, TEXT(
"SetInt3_address Int3写入成功"
), TEXT(
"提示"
), NULL);
/
/
}
/
/
else
/
/
{
/
/
MessageBox(NULL, TEXT(
"SetInt3_address Int3写入失败"
), TEXT(
"提示"
), NULL);
/
/
DWORD dwError
=
GetLastError();
/
/
}
VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), oldProtect, &oldProtect);
wsprintf(szBuffer, TEXT(
"Int3设置完成 *(BYTE*)SetInt3address= %#I32x"
),
*
(BYTE
*
)SetInt3address);
OutputDebugString(szBuffer);
if
(
*
(BYTE
*
)SetInt3address
=
=
0xCC
)
{
MessageBox(NULL, TEXT(
"Int3设置成功"
), TEXT(
"提示"
), NULL);
}
}
void RemoveInt3Breakpoint(HANDLE hProcess, DWORD RemoveInt3address)
{
DWORD oldProtect;
VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
BOOL
VirtualProtectResult
=
VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if
(VirtualProtectResult)
{
MessageBox(NULL, TEXT(
"Remove_VirtualProtect操作成功"
), TEXT(
"提示"
), NULL);
}
else
{
MessageBox(NULL, TEXT(
"Remove_VirtualProtect操作失败"
), TEXT(
"提示"
), NULL);
DWORD dwError
=
GetLastError();
VirtualProtectEx(hProcess, (LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
BOOL
VirtualProtectExResult
=
VirtualProtectEx(hProcess, (LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if
(VirtualProtectExResult)
{
MessageBox(NULL, TEXT(
"Remove_VirtualProtectEx操作成功"
), TEXT(
"提示"
), NULL);
}
else
{
MessageBox(NULL, TEXT(
"Remove_VirtualProtectEx操作失败"
), TEXT(
"提示"
), NULL);
DWORD dwError
=
GetLastError();
}
}
memcpy((LPVOID)RemoveInt3address, &originalByte, sizeof(originalByte));
/
/
WriteProcessMemory(hProcess, (LPVOID)RemoveInt3address, &originalByte, sizeof(BYTE), NULL);
/
*
BOOL
writeResult
=
WriteProcessMemory(hProcess, (LPVOID)RemoveInt3address, &originalByte, sizeof(BYTE), NULL);
if
(writeResult)
{
MessageBox(NULL, TEXT(
"SetInt3address Int3还原成功"
), TEXT(
"提示"
), NULL);
}
else
{
MessageBox(NULL, TEXT(
"SetInt3address Int3还原失败"
), TEXT(
"提示"
), NULL);
DWORD dwError
=
GetLastError();
}
*
/
VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), oldProtect, &oldProtect);
wsprintf(szBuffer, TEXT(
"Int3执行完成 *(BYTE*)RemoveInt3address= %#I32x"
),
*
(BYTE
*
)RemoveInt3address);
OutputDebugString(szBuffer);
}
插入代码
```void SetInt3Breakpoint(HANDLE hProcess, DWORD SetInt3address)
{
DWORD oldProtect;
VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
originalByte
=
*
(BYTE
*
)SetInt3address;
BOOL
VirtualProtectResult
=
VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if
(VirtualProtectResult)
{
MessageBox(NULL, TEXT(
"SetInt3_VirtualProtect操作成功"
), TEXT(
"提示"
), NULL);
}
else
{
MessageBox(NULL, TEXT(
"SetInt3_VirtualProtect操作失败"
), TEXT(
"提示"
), NULL);
DWORD dwError
=
GetLastError();
VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
BOOL
VirtualProtectExResult
=
VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if
(VirtualProtectExResult)
{
MessageBox(NULL, TEXT(
"SetInt3_VirtualProtectEx操作成功"
), TEXT(
"提示"
), NULL);
}
else
{
MessageBox(NULL, TEXT(
"SetInt3_VirtualProtectEx操作失败"
), TEXT(
"提示"
), NULL);
DWORD dwError
=
GetLastError();
}
}
/
/
WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo,
0x1
, NULL);
memcpy((LPVOID)SetInt3address, KeyInfo, sizeof(KeyInfo));
/
/
BOOL
writeResult
=
WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo,
0x1
, NULL);
/
/
if
(writeResult)
/
/
{
/
/
MessageBox(NULL, TEXT(
"SetInt3_address Int3写入成功"
), TEXT(
"提示"
), NULL);
/
/
}
/
/
else
/
/
{
/
/
MessageBox(NULL, TEXT(
"SetInt3_address Int3写入失败"
), TEXT(
"提示"
), NULL);
/
/
DWORD dwError
=
GetLastError();
/
/
}
VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), oldProtect, &oldProtect);
wsprintf(szBuffer, TEXT(
"Int3设置完成 *(BYTE*)SetInt3address= %#I32x"
),
*
(BYTE
*
)SetInt3address);
OutputDebugString(szBuffer);
if
(
*
(BYTE
*
)SetInt3address
=
=
0xCC
)
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
最后于 2023-10-2 21:26
被daohaodaye编辑
,原因: