如何防止在SEH中探测drx 寄存器
2010-06-22 18:01
197 查看
long scratch;
EXCEPTION_DISPOSITION __cdecl _kkexcept_handler(
struct _EXCEPTION_RECORD *ExceptionRecord,
void * EstablisherFrame,
struct _CONTEXT *ContextRecord,
void * DispatcherContext )
{
unsigned i;
// printf( "Hello from an exception handler\n" );
// ContextRecord->Eax = (DWORD)&scratch;
if (ContextRecord->Dr0!=0 || ContextRecord->Dr1!=0 || ContextRecord->Dr2!=0 || ContextRecord->Dr3!=0){
::MessageBox(0,"drx",0,0);
}
return ExceptionContinueExecution;
}
int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
DWORD handler = (DWORD)_kkexcept_handler;
__asm
{ // Build EXCEPTION_REGISTRATION record:
push handler // Address of handler function
push FS:[0] // Address of previous handler
mov FS:[0],ESP // Install new EXECEPTION_REGISTRATION
}
__asm {
mov eax,0 // Zero out EAX
mov [eax], 1 // Write to EAX to deliberately cause a fault
}
printf( "After writing!\n" );
__asm { // Remove our EXECEPTION_REGISTRATION record
mov eax,[ESP] // Get pointer to previous record
mov FS:[0], EAX // Install previous record
add esp, 8 // Clean our EXECEPTION_REGISTRATION off stack
}
return 0;
}
本文出自 “坐坐吧” 博客,谢绝转载!
EXCEPTION_DISPOSITION __cdecl _kkexcept_handler(
struct _EXCEPTION_RECORD *ExceptionRecord,
void * EstablisherFrame,
struct _CONTEXT *ContextRecord,
void * DispatcherContext )
{
unsigned i;
// printf( "Hello from an exception handler\n" );
// ContextRecord->Eax = (DWORD)&scratch;
if (ContextRecord->Dr0!=0 || ContextRecord->Dr1!=0 || ContextRecord->Dr2!=0 || ContextRecord->Dr3!=0){
::MessageBox(0,"drx",0,0);
}
return ExceptionContinueExecution;
}
int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
DWORD handler = (DWORD)_kkexcept_handler;
__asm
{ // Build EXCEPTION_REGISTRATION record:
push handler // Address of handler function
push FS:[0] // Address of previous handler
mov FS:[0],ESP // Install new EXECEPTION_REGISTRATION
}
__asm {
mov eax,0 // Zero out EAX
mov [eax], 1 // Write to EAX to deliberately cause a fault
}
printf( "After writing!\n" );
__asm { // Remove our EXECEPTION_REGISTRATION record
mov eax,[ESP] // Get pointer to previous record
mov FS:[0], EAX // Install previous record
add esp, 8 // Clean our EXECEPTION_REGISTRATION off stack
}
return 0;
}
本文出自 “坐坐吧” 博客,谢绝转载!
相关文章推荐
- 如何防止文件被备份到iCloud 和iTunes? 推荐
- 如何下载大图片-防止图片00M
- 如何防止页面中的敏感信息被提取
- 如何防止APP被二次打包
- java web sql注入测试(4)--如何防止该类缺陷发生
- ASP.NET程序如何防止被注入(整站通用)
- 如何防止服务器被大流量攻击?
- PHP如何防止注入
- 如何防止IE缓存jsp文件
- 如何防止自己的电脑成为肉鸡?
- 如何防止session超时
- C# 如何防止重放攻击(转载)
- 从别人的一个“如何防止SQL注入“的帖子联想出来的一个有趣的解决方案”
- 如何防止外界入侵自己的电脑方法二
- 调试寄存器(debug registers, DRx)理论及实践
- 如何防止多处使用extern关键字造成程序混乱
- C#编写程序操作数据库如何防止SQL注入漏洞的发生
- 如何直接打开android系统的wifi设置页面,防止intent劫持
- 如何防止头文件被重复包含、嵌套包含
- 如何防止黑客入侵企业邮箱,造成资金损失