Jump to content
Tuts 4 You

Code one asm thing in cpp

Pancake

By Pancake
in Programming and Coding

Recommended Posts

Pancake

Pancake

Posted
Posted

Hello. I recently started reading about anti debug, found great reference with tons of great ideas, but i cant get one to work.


 


http://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf


 


The one i want to try is "Instruction counting", page 30. Most of them work simply by copying asm code int __declspec(naked) but this oen is different, and i couldnt get it to work this way, and i dont have experience in using structured exceptin handlers.


Could someone try to rewrite this small piece of code? Please? :)


 


Thanks in advance


Link to comment
Insid3Code

Insid3Code

Posted
Posted

Another similar example by Waleed Assar can be used as base to code your snippet.




http://waleedassar.blogspot.com/2012/11/ollydbg-raiseexception-bug.html



//http://waleedassar.blogspot.com

//http://www.twitter.com/waleedassar

//In OllyDbg, upon receiving an EXCEPTION_BREAKPOINT, it checks code in ExceptionAddress to ensure it is

//0xCC or similar. If it is not, the behavior depends on the OllyDbg version.

//In versions prior to 2.01, the exception is swallowed and the exception handler is not called.

//In version 2.01 (alpha 4), several error messages pop up and process terminates.

// Only version 2.01 (beta 2) handles it properly.

//The following is code that exploits this bug to detect the presence of OllyDbg.

#include "stdafx.h"

#include "windows.h"

#include "stdio.h"
int __cdecl Hhandler(EXCEPTION_RECORD* pRec,void*,unsigned char* pContext,void*)

{

        if(pRec->ExceptionCode==EXCEPTION_BREAKPOINT)

        {

                (*(unsigned long*)(pContext+0xB8))++;

                MessageBox(0,"Expected","waliedassar",0);

                ExitProcess(0);

        }

        return ExceptionContinueSearch;

}

void main()

{

        __asm

        {

                push offset Hhandler

                push dword ptr fs:[0x0]

                mov dword ptr fs:[0x0],esp

        }

        RaiseException(EXCEPTION_BREAKPOINT,0,1,0);

        __asm

        {

                pop dword ptr fs:[0x0]

                pop eax

        }

        MessageBox(0,"OllyDbg Detected","waliedassar",0);

}
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...