小菜学习in3断点之余,感觉封装为两个函数调用有点方便。小白分享,大神飘过
插入代码
```void SetInt3Breakpoint(HANDLE hProcess, DWORD SetInt3address)
{
DWORD oldProtect;
VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
originalByte = *(BYTE*)SetInt3address;
BOOL VirtualProtectResult = VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if (VirtualProtectResult)
{
MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作成功"), TEXT("提示"), NULL);
}
else
{
MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作失败"), TEXT("提示"), NULL);
DWORD dwError = GetLastError();
VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if (VirtualProtectExResult)
{
MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作成功"), TEXT("提示"), NULL);
}
else
{
MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作失败"), TEXT("提示"), NULL);
DWORD dwError = GetLastError();
}
}
//WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);
memcpy((LPVOID)SetInt3address, KeyInfo, sizeof(KeyInfo));
//BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);
//if (writeResult)
//{
// MessageBox(NULL, TEXT("SetInt3_address Int3写入成功"), TEXT("提示"), NULL);
//}
//else
//{
// MessageBox(NULL, TEXT("SetInt3_address Int3写入失败"), TEXT("提示"), NULL);
// DWORD dwError = GetLastError();
//}
VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), oldProtect, &oldProtect);
wsprintf(szBuffer, TEXT("Int3设置完成 *(BYTE*)SetInt3address= %#I32x"), *(BYTE*)SetInt3address);
OutputDebugString(szBuffer);
if (*(BYTE*)SetInt3address == 0xCC)
{
MessageBox(NULL, TEXT("Int3设置成功"), TEXT("提示"), NULL);
}
}
void RemoveInt3Breakpoint(HANDLE hProcess, DWORD RemoveInt3address)
{
DWORD oldProtect;
VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
BOOL VirtualProtectResult = VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if (VirtualProtectResult)
{
MessageBox(NULL, TEXT("Remove_VirtualProtect操作成功"), TEXT("提示"), NULL);
}
else
{
MessageBox(NULL, TEXT("Remove_VirtualProtect操作失败"), TEXT("提示"), NULL);
DWORD dwError = GetLastError();
VirtualProtectEx(hProcess, (LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if (VirtualProtectExResult)
{
MessageBox(NULL, TEXT("Remove_VirtualProtectEx操作成功"), TEXT("提示"), NULL);
}
else
{
MessageBox(NULL, TEXT("Remove_VirtualProtectEx操作失败"), TEXT("提示"), NULL);
DWORD dwError = GetLastError();
}
}
memcpy((LPVOID)RemoveInt3address, &originalByte, sizeof(originalByte));
//WriteProcessMemory(hProcess, (LPVOID)RemoveInt3address, &originalByte, sizeof(BYTE), NULL);
/* BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)RemoveInt3address, &originalByte, sizeof(BYTE), NULL);
if (writeResult)
{
MessageBox(NULL, TEXT("SetInt3address Int3还原成功"), TEXT("提示"), NULL);
}
else
{
MessageBox(NULL, TEXT("SetInt3address Int3还原失败"), TEXT("提示"), NULL);
DWORD dwError = GetLastError();
}*/
VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), oldProtect, &oldProtect);
wsprintf(szBuffer, TEXT("Int3执行完成 *(BYTE*)RemoveInt3address= %#I32x"), *(BYTE*)RemoveInt3address);
OutputDebugString(szBuffer);
}
插入代码
```void SetInt3Breakpoint(HANDLE hProcess, DWORD SetInt3address)
{
DWORD oldProtect;
VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
originalByte = *(BYTE*)SetInt3address;
BOOL VirtualProtectResult = VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if (VirtualProtectResult)
{
MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作成功"), TEXT("提示"), NULL);
}
else
{
MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作失败"), TEXT("提示"), NULL);
DWORD dwError = GetLastError();
VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
if (VirtualProtectExResult)
{
MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作成功"), TEXT("提示"), NULL);
}
else
{
MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作失败"), TEXT("提示"), NULL);
DWORD dwError = GetLastError();
}
}
//WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);
memcpy((LPVOID)SetInt3address, KeyInfo, sizeof(KeyInfo));
//BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);
//if (writeResult)
//{
// MessageBox(NULL, TEXT("SetInt3_address Int3写入成功"), TEXT("提示"), NULL);
//}
//else
//{
// MessageBox(NULL, TEXT("SetInt3_address Int3写入失败"), TEXT("提示"), NULL);
// DWORD dwError = GetLastError();
//}
VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), oldProtect, &oldProtect);
wsprintf(szBuffer, TEXT("Int3设置完成 *(BYTE*)SetInt3address= %#I32x"), *(BYTE*)SetInt3address);
OutputDebugString(szBuffer);
if (*(BYTE*)SetInt3address == 0xCC)
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
最后于 2023-10-2 21:26
被daohaodaye编辑
,原因:
