From a1034258e5d62985e1bc08aabfef51f25e30d55a Mon Sep 17 00:00:00 2001 From: Yuto Otsuki Date: Thu, 28 Aug 2014 18:40:34 +0900 Subject: [PATCH] fix bugs of softice.ASM, "Execution Timing", and "Guard Pages". I fixed the following problems. - softice.ASM does not set a exception handler. And, Flat Assembler generates "icebp" from "int1" mnemonic. - Execution Timing tests calculate "initial - end". - Guard Pages test does not jump to the allocated pages. --- ASMsrc/guardpage.ASM | 26 +++++++++++++++++++ ASMsrc/softice.ASM | 3 ++- .../fcall_examples/fcall_examples.cpp | 18 ++++++------- 3 files changed, 37 insertions(+), 10 deletions(-) create mode 100644 ASMsrc/guardpage.ASM diff --git a/ASMsrc/guardpage.ASM b/ASMsrc/guardpage.ASM new file mode 100644 index 0000000..1c99ebe --- /dev/null +++ b/ASMsrc/guardpage.ASM @@ -0,0 +1,26 @@ +include 'win32ax.inc' + +.code + + start: + xor ebx, ebx + invoke VirtualAlloc,ebx,1,1000h,40h + mov byte [eax], 0c3h + push eax + xchg ebp, eax + invoke VirtualProtect,ebp,1,140h,esp + push .exit + push dword [fs:ebx] + mov [fs:ebx], esp + push .being_debugged + ;execution resumes at being_debugged + ;if ret instruction is executed + jmp ebp + .being_debugged: + invoke MessageBox,HWND_DESKTOP,"Debugger Found!",invoke GetCommandLine,MB_OK + invoke ExitProcess, 0 + .exit: + invoke MessageBox,HWND_DESKTOP,"Debugger Not Found!",invoke GetCommandLine,MB_OK + invoke ExitProcess,0 + +.end start diff --git a/ASMsrc/softice.ASM b/ASMsrc/softice.ASM index a746415..eb947f1 100644 --- a/ASMsrc/softice.ASM +++ b/ASMsrc/softice.ASM @@ -16,9 +16,10 @@ include 'win32ax.inc' start: xor eax, eax + push .exception push dword [fs:0] mov [fs:0],esp - int1 + int 1 .exception: mov eax,[esp+0x4] cmp dword[eax], 0x80000004 diff --git a/Csrc/fcall_examples/fcall_examples/fcall_examples.cpp b/Csrc/fcall_examples/fcall_examples/fcall_examples.cpp index 31346f2..c110f3e 100644 --- a/Csrc/fcall_examples/fcall_examples/fcall_examples.cpp +++ b/Csrc/fcall_examples/fcall_examples/fcall_examples.cpp @@ -578,7 +578,7 @@ void sGetTickCount() { initial = GetTickCount(); end = GetTickCount(); - if ((initial - end) >= 10) + if ((end - initial) >= 10) printf("Debugger detected\n"); else printf("Debugger not detected\n"); @@ -592,7 +592,7 @@ void stimeGetTime() { initial = timeGetTime(); end = timeGetTime(); - if ((initial - end) >= 10) + if ((end - initial) >= 10) printf("Debugger detected\n"); else printf("Debugger not detected\n"); @@ -608,7 +608,7 @@ void sGetSystemTime() { GetSystemTime(&end); SystemTimeToFileTime(&initial, &finitial); SystemTimeToFileTime(&end, &fend); - if (((finitial.dwHighDateTime - fend.dwHighDateTime) > 10) || ((finitial.dwLowDateTime - fend.dwLowDateTime) > 10)) + if (((fend.dwHighDateTime - finitial.dwHighDateTime) > 10) || ((fend.dwLowDateTime - finitial.dwLowDateTime) > 10)) printf("Debugger detected\n"); else printf("Debugger not detected\n"); @@ -624,7 +624,7 @@ void sGetLocalTime() { GetLocalTime(&end); SystemTimeToFileTime(&initial, &finitial); SystemTimeToFileTime(&end, &fend); - if (((finitial.dwHighDateTime - fend.dwHighDateTime) > 10) || ((finitial.dwLowDateTime - fend.dwLowDateTime) > 10)) + if (((fend.dwHighDateTime - finitial.dwHighDateTime) > 10) || ((fend.dwLowDateTime - finitial.dwLowDateTime) > 10)) printf("Debugger detected\n"); else printf("Debugger not detected\n"); @@ -641,7 +641,7 @@ void sQueryPerformanceCounter() { if (QueryPerformanceCounter(&end)) { printf("\ninitial.LowPart %02d \n" , initial.LowPart); printf("\nend.LowPart %02d \n" , end.LowPart); - if ((initial.QuadPart - end.QuadPart) > 0x10) + if ((end.QuadPart - initial.QuadPart) > 0x10) printf("Debugger detected\n"); else printf("Debugger not detected\n"); @@ -750,7 +750,7 @@ int _tmain(int argc, _TCHAR* argv[]) printf("19 - 3.19 FindWindow\n"); printf("20 - 3.20 SuspendThread\n"); printf("21 - 3.23 UnhandledExceptionFilter\n"); - printf("22 - 3.24 Guard Pages\n"); + //printf("22 - 3.24 Guard Pages\n"); printf("23 - 3.25 Execution Timing - GetTickCount()\n"); printf("24 - 3.25 Execution Timing - timeGetTime\n"); printf("25 - 3.25 Execution Timing - GetSystemTime()\n"); @@ -825,9 +825,9 @@ int _tmain(int argc, _TCHAR* argv[]) case 21: fSetUnhandledExceptionFilter(); break; - case 22: - ret = psVirtuaAlloc_VirtualProtect(); - break; + // case 22: + // ret = psVirtuaAlloc_VirtualProtect(); + // break; case 23: sGetTickCount(); break;