Ksbunker
Advanced Cheater
![]() Reputation: 0
Joined: 18 Oct 2006
Posts: 88
|
 Posted: Wed Aug 01, 2007 6:35 pm Post subject: [MASM32] BASIC Int3 (breakpoint) checker... |
 |
|
Only contains the code segment, I left out the strings and what have you as it's fairly straightforward. As the title says it is only very basic, however I dont see why it would be useful for small trainers or small misc apps. Scans every bytes for 0CCh, if found.. it's being debugged. Now there was an obvious problem, that being, 0CCh will be in the code because of "cmp byte ptr [eax], 0CCh"...
At the start of the loop there's a placeholder (123456h) so that you cna modify the address to where the 0cch is located so that it skips and does not set off a false alarm. Just dissasemble post compiling and modify the address. The other thing is... it add 0Ch or 12d to ebx which is the end of the code section. The reason being, one could place a bpm on the IAT and it wouldn't be picked up. All the Calls in the IAT are 6 bytes. So if you have a basic trainer with say 7 API. Just add 7x6=48 to ebx. It will now scan whole IAT.
I think that's all. As mentioned only basic... but I thought a handy reference, should anyone want to get an idea of how to check for bpm's.
BTW, x0r's method is superior to this, but just 'another (better) way to skin the cat' as the saying goes.
| Code: | .code
start:
mov eax, start
mov ebx, @end
add ebx, 0Ch ;add 12bytes - 2 API in IAT, therefore 6 bytes per call i.e. (FF25 00 00 00 00), 6x2 = 12d/0Ch
@@:
cmp eax, 123456h ;placeholder, change manually to address where there 0CCh resides below so it skips...
JE @_skip_CC
cmp byte ptr [eax], 0CCh
JE @debugger
cmp eax, ebx
JE @NoDebugger
@_skip_CC:
inc eax
JMP @B
@debugger:
Invoke MessageBox, 0, ADDR szDebugText, ADDR szDebugCapt, MB_OK
JMP @F
@NoDebugger:
Invoke MessageBox, 0, ADDR szNoBpmText, ADDR szNoBpmCapt, MB_OK
@@:
Invoke ExitProcess, 0
@end:
end start |
Ksbunker (!= megafag!)
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
