函数Int3断点检测

00D94F70    55              push ebp
00D94F71    8BEC            mov ebp,esp
00D94F73    51              push ecx
00D94F74    53              push ebx
00D94F75    56              push esi
00D94F76    57              push edi
00D94F77    60              pushad
00D94F78    8B15 B834E200   mov edx,dword ptr ds:[0xE234B8]          ; USER32.77D2A569
00D94F7E    83C2 64         add edx,0x64                             ; 此处是edx=GetWindowTextW
00D94F81    B9 05000000     mov ecx,0x5
00D94F86    803A CC         cmp byte ptr ds:[edx],0xCC               ;这句话作用是GetWindowTextW是否被下了int3断点如果下了就跳过
00D94F89    74 0D           je X00D94F98                             ;如果有int3断点就跳跳过了
00D94F8B  ^ E2 F9           loopd X00D94F86
00D94F8D    FF75 10         push dword ptr ss:[ebp+0x10]
00D94F90    FF75 0C         push dword ptr ss:[ebp+0xC]
00D94F93    FF75 08         push dword ptr ss:[ebp+0x8]
00D94F96    FFD2            call edx
00D94F98    8945 FC         mov dword ptr ss:[ebp-0x4],eax
00D94F9B    61              popad
00D94F9C    8B45 FC         mov eax,dword ptr ss:[ebp-0x4]
00D94F9F    5F              pop edi
00D94FA0    5E              pop esi
00D94FA1    5B              pop ebx
00D94FA2    8BE5            mov esp,ebp
00D94FA4    5D              pop ebp
00D94FA5    C2 0C00         retn 0xC

 

posted @ 2012-06-08 19:52  瓜蛋  阅读(911)  评论(0编辑  收藏  举报