Flag: Tornado!
Hurricane!
|
|
| Detecting SoftICE by searching for the Int 3h in UnhandledExceptionFilter |
Debugging |
halsten |
|
July 10 2007 |
July 10 2007 |
|
; ----------------------------------------------------------------------
;
; Author: halsten
; E-mail: halsten [at] gmail [dot] com
; Website: http://iamhalsten.thecoderblogs.com/
;
; -----------------------------------------------------------------------
.386p
model flat
locals
jumps
UNICODE=0
include w32.inc
extrn SetUnhandledExceptionFilter :PROC
extrn UnhandledExceptionFilter :PROC
.data
szMsgTitle db "Detecting SoftICE by searching for the Int 3h instruction in UnhandledExceptionFilter", 00h
szDebuggerFound db "SoftICE found", 00h
szDebuggerNotFound db "SoftICE not found", 00h
DelayESP dd 0
PreviousSEH dd 0
.code
EntryPoint PROC
mov [DelayESP], esp
push offset @@Error
call SetUnhandledExceptionFilter
mov [PreviousSEH], eax
mov eax, offset UnhandledExceptionFilter
mov eax, [eax + 2]
mov eax, [eax]
push eax
push dword ptr [PreviousSEH]
call SetUnhandledExceptionFilter
pop eax
cmp byte ptr [eax], 0cch
jz @@DebuggerFound
@@DebuggerNotFound:
push 0
push offset szMsgTitle
push offset szDebuggerNotFound
push 0
call MessageBoxA
push -1
call ExitProcess
@@DebuggerFound:
push 0
push offset szMsgTitle
push offset szDebuggerFound
push 0
call MessageBoxA
push -1
call ExitProcess
@@Error:
mov esp, [DelayESP]
push offset @@DebuggerNotFound
ret
EntryPoint ENDP
ends
end EntryPoint
|
|
|
|
|
There are 31,320 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}