配合反汇编引擎效果出奇;

发布于 2014-04-28  200 次阅读


配合反汇编引擎效果出奇;
Here is what I see in hacker defense testing 0xCC software breakpoints
;I write it with FASM assembler
include 'win32ax.inc'
use32
entry start
section '.text' code readable executable
start:
push ebp
mov ebp,esp
mov eax,[fs:30h] ;peb
mov ebx, dword[eax+08h] ;Imagebase
mov dword [imagebassaddress],ebx
mov eax,[eax+0ch] mov eax,[eax+0ch] mov ebx, dword [eax+20h] ;sizeofimage
mov dword [sizeofimage],ebx
invoke CreateThread,NULL,NULL,fuckocc,NULL,0,NULL

fucknima:
mov ecx,10
loop fucknima
mov esp,ebp
pop ebp
invoke exit,NULL
fuckocc:
;Function implementation
push ebp
mov ebp,esp
fuckcc_loop:
mov al,0xcc
mov edi,dword [imagebaseaddress];get imagebaseaddress
mov ecx,dword [sizeofimage];get imagesize
repne scasb
sub edi,1;get address 0XCC=1BYTE so sub
mov dword [fuckcc],edi ;write 0xcc address to .data
;mov dword [edi],0x90
jmp fuckcc_loop
mov esp,ebp
pop ebp
section '.data' data readable writeable
imagebaseaddress dd 00
sizeofimage dd 00
fuckcc dd 00
section '.idata' import data readable
library kernel,'KERNEL32.DLL'
import kernel,CreateThread,'CreateThread',\
exit,'ExitProcess'

本站文章基于国际协议BY-NA-SA 4.0协议共享;
如未特殊说明,本站文章皆为原创文章,请规范转载。

0

博客管理员