*/
include c:\hd\hhd.h
include c:\hd\drx.h
ASSUME FS:NOTHING
;~~~~~~~~~~~~~~~~~~~
.CODE
_StArT:
int 3
SLDT cx
JCXZ isNT
JMP @F
isNT:
MsgBox CTEXT("NT Series Not Work! only 9X!")
JMP _XXX_
@@:
call instSEH
XH01 PROC C pExcept,pFrame,pContext,pDispatch Not minimal form
ASSUME ESI:PTR EXCEPTION_RECORD,EDI:PTR CONTEXT
MOV ESI,pExcept
MOV EDI,pContext
MOV EAX,1
TEST [ESI].ExceptionFlags,7
JNZ @@Not_handled
cmp [esi].ExceptionCode,STATUS_ILLEGAL_INSTRUCTION
jz illegal_instr
cmp [esi].ExceptionCode,STATUS_SINGLE_STEP
JZ BPM0_ISOK
jmp @@Not_handled
BPM0_ISOK:
MOV [EDI].regEip,OFFSET MSGbpmOK
JMP SEHexit
//Set the Dr0 bpm Global BreakPoint
illegal_instr:
MOV [EDI].ContextFlags,CONTEXT_DEBUG_REGISTERS or CONTEXT_FULL
MOV [EDI].iDr7,M_INSTR0 or M_GDR0 or M_BYTE0
MOV [EDI].iDr0,OFFSET bpm01
//ByPASS the INVALID INSTRS
ADD [EDI].regEip,2
SEHexit:
DEC EAX
@@Not_handled:
ret
XH01 ENDP
instSEH:
LEA eax,[esp-4]
XCHG eax,fs:[0]
push eax
NOP
DB 0Fh,0Bh INVALID INSTRS ON ALL PLATFORMS =UD2
bpm01: SIMPLE ANTI DEBUGER
NOP
jmp bpm01
_XXX_:
POP fs:[0]
pop EAX
invoke ExitProcess,0
MSGbpmOK:
MsgBox CTEXT("Hello BPM01 TEST SUC,Prepare TO EXIT")
JMP _XXX_
END _StArT
_StArT:
SLDT CX
JCXZ @F
MsgBox CTEXT("9x Not supported")
JMP pExit
@@:
invoke GetStartupInfo,addr sif
SUB EAX,EAX
invoke CreateProcess,0,CTEXT("target01.exe"),EAX,EAX,EAX,\
DEBUG_PROCESS or DEBUG_ONLY_THIS_PROCESS,EAX,EAX,addr sif,addr pi
JEAXZ crp_fail
//some basic text macro
//why so many ppl use long names,aren't they tired ?
wmDevent EQU Dev.dwDebugEventCode
excCode EQU Dev.u.Exception.pExceptionRecord.ExceptionCode
excAddr EQU Dev.u.Exception.pExceptionRecord.ExceptionAddress
pDllName EQU Dev.u.LoadDll.lpImageName
lpBase EQU Dev.u.LoadDll.lpBaseOfDll
//
.WHILE TRUE
invoke WaitForDebugEvent,addr Dev,INFINITE
mov
.IF wmDevent==EXIT_PROCESS_DEBUG_EVENT
MsgBox CTEXT("target Exit...")
.break
.ELSEIF wmDevent==LOAD_DLL_DEBUG_EVENT
//to see how many DLLS were LOADED
invoke wsprintf,addr buf,CTEXT("DLL BASE =: %08X"),lpBase
invoke MessageBox,0,addr buf,0,0
JMP DBG_con
.ELSEIF wmDevent==EXCEPTION_DEBUG_EVENT