Why does this code enable me to detect a debugger?
上面的链接告诉我使用预取队列进行反调试的方法,然后我尝试使用下面的代码进行测试,但是我失败了 . 任何人都可以帮我指出我的代码是错误的 . 我的cpu是Intel(R)Core(TM)i7-2630QM 2.00GHz . 非常感谢
ML :D:\ Programs \ masm32 \ Bin \ ML.EXE / c / coff / Cp / nologo / I "D:\Programs\masm32\Include" "AntiDebug.asm"
Link :D:\ Programs \ masm32 \ Bin \ LINK.EXE /SECTION:.text,RWE / SUBSYSTEM:WINDOWS / RELEASE /VERSION:4.0 / LIBPATH:"D:\Programs\masm32\Lib" / OUT:"AntiDebug.exe" "AntiDebug.obj"
无论我是否正在调试它总是执行调试标签,它永远不会执行'jmp normal' .
.386
.model flat, stdcall ;32 bit memory model
option casemap :none ;case sensitive
include windows.inc
include kernel32.inc
include user32.inc
includelib kernel32.lib
includelib user32.lib
.data
szDebug db 'Hey, you are debugging!!!',0
szError db 'Error',0
szNormal db 'You are running it without debugging',0
szPrompt db 'Prompt',0
.code
start:
call IsDebug
debug:
invoke MessageBox, NULL, addr szDebug, addr szError, MB_OK
invoke ExitProcess, -1
normal:
invoke MessageBox, NULL, addr szNormal, addr szPrompt, MB_OK
invoke ExitProcess, 0
IsDebug:
mov al, 0c3h
mov edi, offset IsDebug
mov cx, 20h
rep stosb
jmp normal
end start
1 回答
我不知道你的isdebug proc做了什么 .
这是我的代码,它在我的电脑上工作正常 .