“INT3”断点指令的机器码是 “0xcch”
检测思路,取函数地址,判断第一个字节是不是 “CCh”
BYTE bFirst = ;
ProcAddres = GetProcAddress(LoadLibrary("user32.dll","MessageBox"));
bFirst = *((BYTE*)ProcAddress);
if(bFirst == 0xCC)
{
return TRUE;
}
“INT3”断点指令的机器码是 “0xcch”
检测思路,取函数地址,判断第一个字节是不是 “CCh”
BYTE bFirst = ;
ProcAddres = GetProcAddress(LoadLibrary("user32.dll","MessageBox"));
bFirst = *((BYTE*)ProcAddress);
if(bFirst == 0xCC)
{
return TRUE;
}