Int3断点设置与移除函数（C++）-编程技术-看雪-安全社区|安全招聘|kanxue.com

Int3断点设置与移除函数（C++）

发表于: 2023-10-2 21:25 9392

Int3断点设置与移除函数（C++）

daohaodaye 活跃值

2023-10-2 21:25

9392

小菜学习in3断点之余，感觉封装为两个函数调用有点方便。小白分享，大神飘过
插入代码
```void SetInt3Breakpoint(HANDLE hProcess, DWORD SetInt3address)
{

    DWORD oldProtect;

    VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

    originalByte = *(BYTE*)SetInt3address;

    BOOL VirtualProtectResult = VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

    if (VirtualProtectResult)

    {

        MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作成功"), TEXT("提示"), NULL);

    }

    else

    {

        MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作失败"), TEXT("提示"), NULL);

        DWORD dwError = GetLastError();

        VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

        BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

        if (VirtualProtectExResult)

        {

            MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作成功"), TEXT("提示"), NULL);

        }

        else

        {

            MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作失败"), TEXT("提示"), NULL);

            DWORD dwError = GetLastError();

        }

    }

    //WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);

    memcpy((LPVOID)SetInt3address, KeyInfo, sizeof(KeyInfo));

    //BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);

    //if (writeResult)

    //{

    //  MessageBox(NULL, TEXT("SetInt3_address Int3写入成功"), TEXT("提示"), NULL);
 
    //}

    //else

    //{

    //  MessageBox(NULL, TEXT("SetInt3_address Int3写入失败"), TEXT("提示"), NULL);

    //  DWORD dwError = GetLastError();
 
    //}
 
    VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), oldProtect, &oldProtect);

    wsprintf(szBuffer, TEXT("Int3设置完成 *(BYTE*)SetInt3address＝ %#I32x"), *(BYTE*)SetInt3address);

    OutputDebugString(szBuffer);

    if (*(BYTE*)SetInt3address == 0xCC)

    {

        MessageBox(NULL, TEXT("Int3设置成功"), TEXT("提示"), NULL);

    }
}
 
void RemoveInt3Breakpoint(HANDLE hProcess, DWORD RemoveInt3address)
{

    DWORD oldProtect;

    VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

    BOOL VirtualProtectResult = VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

    if (VirtualProtectResult)

    {

        MessageBox(NULL, TEXT("Remove_VirtualProtect操作成功"), TEXT("提示"), NULL);

    }

    else

    {

        MessageBox(NULL, TEXT("Remove_VirtualProtect操作失败"), TEXT("提示"), NULL);

        DWORD dwError = GetLastError();
 
        VirtualProtectEx(hProcess, (LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

        BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

        if (VirtualProtectExResult)

        {

            MessageBox(NULL, TEXT("Remove_VirtualProtectEx操作成功"), TEXT("提示"), NULL);

        }

        else

        {

            MessageBox(NULL, TEXT("Remove_VirtualProtectEx操作失败"), TEXT("提示"), NULL);

            DWORD dwError = GetLastError();

        }

    }

    memcpy((LPVOID)RemoveInt3address, &originalByte, sizeof(originalByte));

    //WriteProcessMemory(hProcess, (LPVOID)RemoveInt3address, &originalByte, sizeof(BYTE), NULL);

/*      BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)RemoveInt3address, &originalByte, sizeof(BYTE), NULL);

        if (writeResult)

        {

            MessageBox(NULL, TEXT("SetInt3address Int3还原成功"), TEXT("提示"), NULL);

        }

        else

        {

            MessageBox(NULL, TEXT("SetInt3address Int3还原失败"), TEXT("提示"), NULL);

            DWORD dwError = GetLastError();

        }*/

    VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), oldProtect, &oldProtect);

    wsprintf(szBuffer, TEXT("Int3执行完成 *(BYTE*)RemoveInt3address＝ %#I32x"), *(BYTE*)RemoveInt3address);

    OutputDebugString(szBuffer);
}
插入代码
```void SetInt3Breakpoint(HANDLE hProcess, DWORD SetInt3address)
{

    DWORD oldProtect;

    VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

    originalByte = *(BYTE*)SetInt3address;

    BOOL VirtualProtectResult = VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

    if (VirtualProtectResult)

    {

        MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作成功"), TEXT("提示"), NULL);

    }

    else

    {

        MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作失败"), TEXT("提示"), NULL);

        DWORD dwError = GetLastError();

        VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

        BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);

        if (VirtualProtectExResult)

        {

            MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作成功"), TEXT("提示"), NULL);

        }

        else

        {

            MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作失败"), TEXT("提示"), NULL);

            DWORD dwError = GetLastError();

        }

    }

    //WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);

    memcpy((LPVOID)SetInt3address, KeyInfo, sizeof(KeyInfo));

    //BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);

    //if (writeResult)

    //{

    //  MessageBox(NULL, TEXT("SetInt3_address Int3写入成功"), TEXT("提示"), NULL);
 
    //}

    //else

    //{

    //  MessageBox(NULL, TEXT("SetInt3_address Int3写入失败"), TEXT("提示"), NULL);

    //  DWORD dwError = GetLastError();
 
    //}
 
    VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), oldProtect, &oldProtect);

    wsprintf(szBuffer, TEXT("Int3设置完成 *(BYTE*)SetInt3address＝ %#I32x"), *(BYTE*)SetInt3address);

    OutputDebugString(szBuffer);

    if (*(BYTE*)SetInt3address == 0xCC)

				登录后可查看完整内容
			
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

		最后于  2023-10-2 21:26		
				被daohaodaye编辑
				
		，原因： 		
	
		#基础知识

收藏・5

免费・2

支持

最新回复 (3)
秋狝雪币： 2915 活跃值： (30836) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 1568 粉丝 38 关注私信	秋狝 2 楼感谢分享 2023-10-2 22:10 1
jgs 雪币： 8854 活跃值： (5086) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 447 粉丝 7 关注私信	jgs 3 楼题主是飘云阁的冷月孤心 2023-10-3 09:19 0
院士雪币： 3516 活跃值： (3898) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 176 粉丝 2 关注私信	院士 4 楼冷版？厉害了，感谢分享，学习学习。 2023-10-3 15:28 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

daohaodaye

发帖

103

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (3)
秋狝雪币： 2915 活跃值： (30836) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 1568 粉丝 38 关注私信	秋狝 2 楼感谢分享 2023-10-2 22:10 1
jgs 雪币： 8854 活跃值： (5086) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 447 粉丝 7 关注私信	jgs 3 楼题主是飘云阁的冷月孤心 2023-10-3 09:19 0
院士雪币： 3516 活跃值： (3898) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 176 粉丝 2 关注私信	院士 4 楼冷版？厉害了，感谢分享，学习学习。 2023-10-3 15:28 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复