gpt4 book ai didi

windows - 使用预取队列的反调试不适用于我的 cpu

转载 作者:可可西里 更新时间:2023-11-01 10:48:57 25 4
gpt4 key购买 nike

Why does this code enable me to detect a debugger?

上面的链接告诉我使用prefetch queue反调试的方法,然后我尝试使用下面的代码进行测试,但是我失败了。谁能帮我指出我的代码是否有误。我的 cpu 是 Intel(R) Core(TM) i7-2630QM 2.00GHz。非常感谢

ML: D:\Programs\masm32\Bin\ML.EXE/c/coff/Cp/nologo/I"D:\Programs\masm32\Include""AntiDebug.asm"

链接:D:\Programs\masm32\Bin\LINK.EXE/SECTION:.text,RWE/SUBSYSTEM:WINDOWS/RELEASE/VERSION:4.0/LIBPATH:"D:\Programs\masm32\Lib"/OUT:"AntiDebug.exe""AntiDebug.obj"

无论我是否在调试,它总是执行调试标签,它永远不会执行'jmp normal'。

.386
.model flat, stdcall ;32 bit memory model
option casemap :none ;case sensitive

include windows.inc
include kernel32.inc
include user32.inc

includelib kernel32.lib
includelib user32.lib

.data
szDebug db 'Hey, you are debugging!!!',0
szError db 'Error',0
szNormal db 'You are running it without debugging',0
szPrompt db 'Prompt',0

.code
start:
call IsDebug
debug:
invoke MessageBox, NULL, addr szDebug, addr szError, MB_OK
invoke ExitProcess, -1
normal:
invoke MessageBox, NULL, addr szNormal, addr szPrompt, MB_OK
invoke ExitProcess, 0
IsDebug:
mov al, 0c3h
mov edi, offset IsDebug
mov cx, 20h
rep stosb
jmp normal
end start

最佳答案

我不知道你的 isdebug proc 在做什么。

这是我的代码,它在我的电脑上运行良好。

.386
.model flat, stdcall ;32 bit memory model
option casemap :none ;case sensitive

include c:\masm32\include\windows.inc
include c:\masm32\include\kernel32.inc
include c:\masm32\include\user32.inc

includelib C:\masm32\lib\kernel32.lib
includelib C:\masm32\lib\user32.lib

.data
szDebug db 'Hey, you are debugging!!!',0
szError db 'Error',0
szNormal db 'You are running it without debugging',0
szPrompt db 'Prompt',0

.code
start:
call IsDebug
debug:
invoke MessageBox, NULL, addr szDebug, addr szError, MB_OK
invoke ExitProcess, -1
normal:
invoke MessageBox, NULL, addr szNormal, addr szPrompt, MB_OK
invoke ExitProcess, 0
IsDebug:
invoke IsDebuggerPresent
test eax,eax
je normal
ret
end start

关于windows - 使用预取队列的反调试不适用于我的 cpu,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12633599/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com