首页
社区
课程
招聘
Int3断点设置与移除函数(C++)
发表于: 2023-10-2 21:25 9411

Int3断点设置与移除函数(C++)

2023-10-2 21:25
9411

小菜学习in3断点之余,感觉封装为两个函数调用有点方便。小白分享,大神飘过

插入代码
```void SetInt3Breakpoint(HANDLE hProcess, DWORD SetInt3address)
{
    DWORD oldProtect;
    VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
    originalByte = *(BYTE*)SetInt3address;
    BOOL VirtualProtectResult = VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
    if (VirtualProtectResult)
    {
        MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作成功"), TEXT("提示"), NULL);
    }
    else
    {
        MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作失败"), TEXT("提示"), NULL);
        DWORD dwError = GetLastError();
        VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
        BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
        if (VirtualProtectExResult)
        {
            MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作成功"), TEXT("提示"), NULL);
        }
        else
        {
            MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作失败"), TEXT("提示"), NULL);
            DWORD dwError = GetLastError();
        }
    }
    //WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);
    memcpy((LPVOID)SetInt3address, KeyInfo, sizeof(KeyInfo));
    //BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);
    //if (writeResult)
    //{
    //  MessageBox(NULL, TEXT("SetInt3_address Int3写入成功"), TEXT("提示"), NULL);
 
    //}
    //else
    //{
    //  MessageBox(NULL, TEXT("SetInt3_address Int3写入失败"), TEXT("提示"), NULL);
    //  DWORD dwError = GetLastError();
 
    //}
 
    VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), oldProtect, &oldProtect);
    wsprintf(szBuffer, TEXT("Int3设置完成 *(BYTE*)SetInt3address= %#I32x"), *(BYTE*)SetInt3address);
    OutputDebugString(szBuffer);
    if (*(BYTE*)SetInt3address == 0xCC)
    {
        MessageBox(NULL, TEXT("Int3设置成功"), TEXT("提示"), NULL);
    }
}
 
void RemoveInt3Breakpoint(HANDLE hProcess, DWORD RemoveInt3address)
{
    DWORD oldProtect;
    VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
    BOOL VirtualProtectResult = VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
    if (VirtualProtectResult)
    {
        MessageBox(NULL, TEXT("Remove_VirtualProtect操作成功"), TEXT("提示"), NULL);
    }
    else
    {
        MessageBox(NULL, TEXT("Remove_VirtualProtect操作失败"), TEXT("提示"), NULL);
        DWORD dwError = GetLastError();
 
        VirtualProtectEx(hProcess, (LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
        BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
        if (VirtualProtectExResult)
        {
            MessageBox(NULL, TEXT("Remove_VirtualProtectEx操作成功"), TEXT("提示"), NULL);
        }
        else
        {
            MessageBox(NULL, TEXT("Remove_VirtualProtectEx操作失败"), TEXT("提示"), NULL);
            DWORD dwError = GetLastError();
        }
    }
    memcpy((LPVOID)RemoveInt3address, &originalByte, sizeof(originalByte));
    //WriteProcessMemory(hProcess, (LPVOID)RemoveInt3address, &originalByte, sizeof(BYTE), NULL);
/*      BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)RemoveInt3address, &originalByte, sizeof(BYTE), NULL);
        if (writeResult)
        {
            MessageBox(NULL, TEXT("SetInt3address Int3还原成功"), TEXT("提示"), NULL);
        }
        else
        {
            MessageBox(NULL, TEXT("SetInt3address Int3还原失败"), TEXT("提示"), NULL);
            DWORD dwError = GetLastError();
        }*/
    VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), oldProtect, &oldProtect);
    wsprintf(szBuffer, TEXT("Int3执行完成 *(BYTE*)RemoveInt3address= %#I32x"), *(BYTE*)RemoveInt3address);
    OutputDebugString(szBuffer);
}
插入代码
```void SetInt3Breakpoint(HANDLE hProcess, DWORD SetInt3address)
{
    DWORD oldProtect;
    VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
    originalByte = *(BYTE*)SetInt3address;
    BOOL VirtualProtectResult = VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
    if (VirtualProtectResult)
    {
        MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作成功"), TEXT("提示"), NULL);
    }
    else
    {
        MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作失败"), TEXT("提示"), NULL);
        DWORD dwError = GetLastError();
        VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
        BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
        if (VirtualProtectExResult)
        {
            MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作成功"), TEXT("提示"), NULL);
        }
        else
        {
            MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作失败"), TEXT("提示"), NULL);
            DWORD dwError = GetLastError();
        }
    }
    //WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);
    memcpy((LPVOID)SetInt3address, KeyInfo, sizeof(KeyInfo));
    //BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);
    //if (writeResult)
    //{
    //  MessageBox(NULL, TEXT("SetInt3_address Int3写入成功"), TEXT("提示"), NULL);
 
    //}
    //else
    //{
    //  MessageBox(NULL, TEXT("SetInt3_address Int3写入失败"), TEXT("提示"), NULL);
    //  DWORD dwError = GetLastError();
 
    //}
 
    VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), oldProtect, &oldProtect);
    wsprintf(szBuffer, TEXT("Int3设置完成 *(BYTE*)SetInt3address= %#I32x"), *(BYTE*)SetInt3address);
    OutputDebugString(szBuffer);
    if (*(BYTE*)SetInt3address == 0xCC)

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

最后于 2023-10-2 21:26 被daohaodaye编辑 ,原因:
收藏
免费 2
支持
分享
最新回复 (3)
雪    币: 3070
活跃值: (30876)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
感谢分享
2023-10-2 22:10
1
雪    币: 8904
活跃值: (5131)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
jgs
3
题主是飘云阁的冷月孤心
2023-10-3 09:19
0
雪    币: 3565
活跃值: (3950)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
冷版?厉害了,感谢分享,学习学习。
2023-10-3 15:28
0
游客
登录 | 注册 方可回帖
返回
//