able ptr ebx.LinkPtr ebx mov LinkTable ptr ebx.NextLinkPtr 0 invoke ShowLinkTableInfo ebx 把新的链表项添加到链表中 .if eax 1 如果链表为空直接加在表头 mov threadCxtLink ebx .else 如果链表不为空则加到末尾 mov eax threadCxtLink : 指向下一个元素 mov ecx LinkTable ptr eax.NextLinkPtr test ecx ecx je F mov eax ecx jmp B : mov LinkTable ptr eax.NextLinkPtr ebx .endif .else 申请内存失败 pop eax pushad invoke DbgPrint CTA0quotnAlloc Memory Faild.nquot popad jmp F .endif .endif : popad ret AddLinkTable endp 判断进程是否过虑进程 如果是需要过虑的进程返回值为1否则返回0 IsFilterProcess proc pushad 获取当前进程名 invoke PsGetCurrentProcess mov ebx eax add ebx nameOffset invoke DbgPrint CTA0quotns: Call NtGetContextThread nquot ebx invoke strncmp CTA0quotDNF.exequot ebx 7 test eax eax jne F popad mov eax 1 ret : popad xor eax eax ret IsFilterProcess endp 显示Context的调试寄存器 ShowDrRegInfo proc ptrContext pushad invoke DbgPrint CTA0quotnThe Context Info:nquot mov ebx ptrContext mov eax DWORD ptr ebx 4 invoke DbgPrint CTA0quotDr0:0Xnquot eax mov ebx ptrContext mov eax DWORD ptr ebx 8 invoke DbgPrint CTA0quotDr1:0Xnquot eax mov ebx ptrContext mov eax DWORD ptr ebx 0ch invoke DbgPrint CTA0quotDr2:0Xnquot eax mov ebx ptrContext mov eax DWORD ptr ebx 10h invoke DbgPrint CTA0quotDr3:0Xnquot eax mov ebx ptrContext mov eax DWORD ptr ebx 14h invoke DbgPrint CTA0quotDr6:0Xnquot eax mov ebx ptrContext mov eax DWORD ptr ebx 18h invoke DbgPrint CTA0quotDr7:0Xnquot eax popad ret ShowDrRegInfo endp 恢复被隐藏的dr寄存器 RecoveryDrReg proc ptrContext pHandle pushad 定位到LinkTable mov ebx threadCxtLink NEXT: test ebx ebx jne F 如果没有遍历完 popad ret : mov eax LinkTable ptr ebx.ThreadHandle cmp eax pHandle je F 如果找到匹配项 mov ebx LinkTable ptr ebx.NextLinkPtr jmp NEXT : 拷贝完毕后立即结束 invoke CopyContextToLinkTable ebx ptrContext xor ebx ebx jmp NEXT RecoveryDrReg endp 清空Context的dr寄存器 ClearDrReg proc ptrContext pushad mov ebx ptrContext mov ecx 4 : mov DWORD ptr ebx ecx 0 add ecx 4 cmp ecx 18h jbe B pushad invoke DbgPrint CTA0quotn-------------ClearDrReg-------------nquot popad invoke ShowDrRegInfo ptrContext popad ret ClearDrReg endp .
上一篇:
VC++基于微软语音引擎开发语音识别总结
下一篇:
经典感言