myntc.h

Cracker终结者——提供最优秀的软件保护技术

VOID WINAPI MyNtContinue(PCONTEXT pcntx) {
  TCHAR Msg[2088/sizeof(TCHAR)];
  PTSTR Info = Msg;
  DWORD i;

  Info += _stprintf(Info,
    _T("%08X=Continue==%08X\r\n"),
    GetTickCount(), GetCurrentThreadId()); 

  if(pcntx) {
    if(pcntx->ContextFlags & (CONTEXT_CONTROL ^ CONTEXT_i386)) {
      Info += _stprintf(Info,
        _T("EIP = %08X\r\n")
        _T("CS  = %08X\r\n")
        _T("EFL = %08X\r\n")
        _T("ESP = %08X\r\n")
        _T("SS  = %08X\r\n")
        _T("EBP = %08X\r\n"),
        pcntx->Eip, pcntx->SegCs, pcntx->EFlags, pcntx->Esp, pcntx->SegSs, pcntx->Ebp);
    }
    if(pcntx->ContextFlags & (CONTEXT_INTEGER ^ CONTEXT_i386)) {
      Info += _stprintf(Info,
        _T("EAX = %08X\r\nECX = %08X\r\nEDX = %08X\r\n")
        _T("ESI = %08X\r\nEDI = %08X\r\n"),
        pcntx->Eax, pcntx->Ecx, pcntx->Edx, pcntx->Esi, pcntx->Edi);
    }
    if(pcntx->ContextFlags & (CONTEXT_SEGMENTS ^ CONTEXT_i386)) {
      Info += _stprintf(Info,
        _T("DS  = %08X\r\nES  = %08X\r\nFS  = %08X\r\nGS  = %08X\r\n"),
        pcntx->SegDs, pcntx->SegEs, pcntx->SegFs, pcntx->SegGs);
    }
    if(pcntx->ContextFlags & (CONTEXT_DEBUG_REGISTERS ^ CONTEXT_i386)) {
      Info += _stprintf(Info,
        _T("DR0 = %08X\r\nDR1 = %08X\r\nDR2 = %08X\r\n")
        _T("DR3 = %08X\r\nDR6 = %08X\r\nDR7 = %08X\r\n"),
        pcntx->Dr0, pcntx->Dr1, pcntx->Dr2, pcntx->Dr3, pcntx->Dr6, pcntx->Dr7);
    }
  }

  Info += _stprintf(Info,
    _T("\r\n\r\n"));

  if(hLogFile != INVALID_HANDLE_VALUE)
    WriteFile(hLogFile, Msg, (Info - Msg)*sizeof(TCHAR), &i, NULL);
}