Flag: Tornado!
Hurricane!
|
|
SoftIce WinICE.dat Detection |
Debugging |
ap0x |
|
March 17 2006 |
March 18 2006 |
|
; #########################################################################
.586
.model flat, stdcall
option casemap :none ; case sensitive
; #########################################################################
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\comdlg32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\comdlg32.lib
; #########################################################################
.data
DbgNotFoundTitle db "Debugger status:",0h
DbgFoundTitle db "Debugger status:",0h
DbgNotFoundText db "Debugger or other vice tool not found!",0h
DbgFoundText db "Debugger or other vice tool found!",0h
WinICE db "\system32\drivers\WINICE.dat",0h
.data?
Windows db 512 dup(?)
.code
start:
PUSH 512
PUSH offset Windows
CALL GetWindowsDirectory
PUSH offset WinICE
PUSH offset Windows
CALL lstrcat
PUSH 0h ;hTemplateFile
PUSH FILE_ATTRIBUTE_NORMAL ;Hidden/Normal
PUSH OPEN_EXISTING ;OPEN_EXISTING
PUSH 0h ;pSecurity
PUSH FILE_SHARE_READ ;ShareMode = File Share Write
PUSH FILE_FLAG_WRITE_THROUGH ;Access
PUSH offset Windows ;Path
CALL CreateFileA ;CreateFileA
CMP EAX,-1
JNE @ToolFound
PUSH 40h
PUSH offset DbgNotFoundTitle
PUSH offset DbgNotFoundText
PUSH 0
CALL MessageBox
@Exit:
PUSH 0
CALL ExitProcess
@ToolFound:
PUSH 30h
PUSH offset DbgFoundTitle
PUSH offset DbgFoundText
PUSH 0
CALL MessageBox
JMP @Exit
end start
|
|
|
|
There are 31,320 total registered users.
|
|