如何防止在SEH中探测drx 寄存器

long scratch;

EXCEPTION_DISPOSITION __cdecl _kkexcept_handler(
struct _EXCEPTION_RECORD *ExceptionRecord,
void * EstablisherFrame,
struct _CONTEXT *ContextRecord,
void * DispatcherContext )
{
unsigned i;
// printf( "Hello from an exception handler\n" );
// ContextRecord->Eax = (DWORD)&scratch;
if (ContextRecord->Dr0!=0 || ContextRecord->Dr1!=0 || ContextRecord->Dr2!=0 || ContextRecord->Dr3!=0){
::MessageBox(0,"drx",0,0);
}
return ExceptionContinueExecution;
}

int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
DWORD handler = (DWORD)_kkexcept_handler;
__asm
{ // Build EXCEPTION_REGISTRATION record:
push handler // Address of handler function
push FS:[0] // Address of previous handler
mov FS:[0],ESP // Install new EXECEPTION_REGISTRATION
}
__asm {
mov eax,0 // Zero out EAX
mov [eax], 1 // Write to EAX to deliberately cause a fault
}
printf( "After writing!\n" );
__asm { // Remove our EXECEPTION_REGISTRATION record
mov eax,[ESP] // Get pointer to previous record
mov FS:[0], EAX // Install previous record
add esp, 8 // Clean our EXECEPTION_REGISTRATION off stack
}
return 0;
}
本文出自 “坐坐吧” 博客，谢绝转载！