log2.cpp

Cracker终结者——提供最优秀的软件保护技术

#include "BASEFUNC.H"

/*
	log2 c:\trw.log		#begin log
	g if (eip>401000)	#run a soft breakpoint, TRW2000 will log all instructions
	log2 off			#end log, and close file
*/

void	Log_DoIt2();
void	log2_write();
BOOL	hook_log2();
BOOL	cmd_LOG2	( int argc, PSTR* argv );

BOOL	fLog2 = FALSE;

class CLog2
{
public:
	CLog2();
	~CLog2();
};
CLog2 cinit;	//must have a instance data

CLog2::~CLog2()
{
	unhook( &hh_IntObj_01,hook_log2 );	//unhook twice is no problem
}	

CLog2::CLog2()
{
	Add_Command ( "LOG2", "filename | off",
		"Log instruction to file",
		0,
		cmd_LOG2 );

	msgl ( "LOG2 Plugs Initialized..." ) ;
}
// ---------------------------------------
void	Log2_Begin()
{
	if( fLog2 != 0 )
		return;
	fLog2 = TRUE;
	hook( &hh_IntObj_01,hook_log2, 255 );
}

void	Log2_End()
{
	if( fLog2 == 0 )
		return;
	if( fLog2==2 )
		log2_write();
	unhook( &hh_IntObj_01,hook_log2 );
	fLog2 = 0;
}
BOOL	hook_log2()
{
	if( fLog2 == FALSE )
		return FALSE;
	Log_DoIt2();
	return FALSE;	//must return FALSE
}

// ----------------------------------
char log2_fname[80];
DWORD	log2_buf[0x400];
DWORD	log2_top;

void Log_DoIt2()
{
	log2_buf[log2_top++] = User_EIP;
	if( log2_top==0x400 )
	{
		log2_write();
		log2_top = 0;		
	}
}

void	log2_write()
{
	Begin_Nest_VMM_Exec();
	HANDLE h = fopen_append( log2_fname );
	fwrite(h,log2_buf,log2_top*4);
	fclose(h);
	End_Nest_VMM_Exec();
}
BOOL cmd_LOG2	( int argc, PSTR* argv )
{
	if( argc==0 )
	{
		if( fLog2== 0 )
			msgl( "log2 is off" );
		else
			prtl( "log2 is logging to %s",log2_fname );
		return TRUE;
	}
	if( arg1[0]=='O' && arg1[1]=='F' && arg1[2]=='F' )
	{
		Log2_End();
		return TRUE;
	}
	strcpy(	log2_fname, arg1 );
	log2_top = 0;
	Log2_Begin();
	
	return TRUE;
}