Уроки Iczelion'а



         

Урок 29. Win32 Debug ApI II - часть 4


.386 .model flat,stdcall option casemap:none include \masm32\include\windows.inc

include \masm32\include\kernel32.inc include \masm32\include\comdlg32.inc include \masm32\include\user32.inc includelib \masm32\lib\kernel32.lib

includelib \masm32\lib\comdlg32.lib includelib \masm32\lib\user32.lib

.data AppName db "Win32 Debug Example no.2",0

ClassName db "SimpleWinClass",0 SearchFail db "Cannot find the target process",0 Targetpatched db "Target patched!",0 buffer dw 9090h

.data? DBEvent DEBUG_EVENT <> processId dd ? ThreadId dd ?

align dword context CONTEXT <>

.code start:

invoke FindWindow, addr ClassName, NULL .if eax!=NULL invoke GetWindowThreadprocessId, eax, addr processId mov ThreadId, eax

invoke DebugActiveprocess, processId .while TRUE invoke WaitForDebugEvent, addr DBEvent, INFINITE .break .if DBEvent.dwDebugEventCode==EXIT_pROCESS_DEBUG_EVENT

.if DBEvent.dwDebugEventCode==CREATE_pROCESS_DEBUG_EVENT mov context.ContextFlags, CONTEXT_CONTROL invoke GetThreadContext,DBEvent.u.CreateprocessInfo.hThread, addr context

invoke WriteprocessMemory, DBEvent.u.CreateprocessInfo.hprocess, \ context.regEip ,addr buffer, 2, NULL

invoke MessageBox, 0, addr Targetpatched, addr AppName, \ MB_OK+MB_ICONINFORMATION

.elseif DBEvent.dwDebugEventCode==EXCEpTION_DEBUG_EVENT .if DBEvent.u.Exception.pExceptionRecord.ExceptionCode==EXCEpTION_BREAKpOINT invoke ContinueDebugEvent, DBEvent.dwprocessId, \ DBEvent.dwThreadId, DBG_CONTINUE .continue .endif .endif

invoke ContinueDebugEvent, DBEvent.dwprocessId, DBEvent.dwThreadId, \ DBG_EXCEpTION_NOT_HANDLED .endw .else invoke MessageBox, 0, addr SearchFail, addr AppName,MB_OK+MB_ICONERROR .endif invoke Exitprocess, 0 end start

;-------------------------------------------------------------------- ; Частичный исходный код win.asm, отлаживаемого нами процесса. Это ; копия примера простого окна из 2-го туториала с добавленным бесконечным ; циклом перед циклом обработки сообщений. ;----------------------------------------------------------------------




Содержание  Назад  Вперед