cmd_breakr3.asm

Cracker终结者——提供最优秀的软件保护技术

%include "util.mac"
%include "vxdn.inc"
%include "icedump.inc"
%include "wiat.inc"


%ifndef MAKEDEP

global Parse_BreakR3
global Service_BreakR3


extern SetCB
extern sdata
extern Parser.error
extern Parser.errorMsg
;extern Error_V86
;extern Error_PM16
;extern Error_PMR0
extern ParseExpression
extern BreakIn.ignore_range


bits 32


segment _LTEXT
;-------------------------------------------------------------------------------
; BREAKR3 <R0TCB>
;-------------------------------------------------------------------------------
Parse_BreakR3:
	mov	edi,Error_BadR0TCB
	call	ParseExpression			; parse <R0TCB>
	jc	near Parser.errorMsg

	mov	[.R0TCB],eax

; save client EAX/CS/EIP
	mov	ebp,[dClient_EAX]
	push	dword [ebp]
	pop	dword [.EAX]

	mov	ebp,[dClient_CS]
	push	dword [ebp]
	pop	dword [.CS]

	mov	ebp,[dClient_EIP]
	push	dword [ebp]
	pop	dword [.EIP]

; set up registers for service
	push	byte SERVICE_BREAKR3
	mov	ebp,[dClient_EAX]
	pop	dword [ebp]

	call	SetCB
	jc	near Parser.error

	mov	ebp,[fExecuteMoreCommands]	; set internal Winice flag to 0
	mov	byte [ebp],0

	popad
	retn


segment _LDATA
	align 4
.EAX:		dd 0
.CS:		dd 0
.EIP:		dd 0
.R0TCB:		dd 0
Error_BadR0TCB:	db 'no R0TCB specified',0


segment _LTEXT
Service_BreakR3:
	push	dword [Parse_BreakR3.EAX]
	pop	dword [ebp+CRS.EAX]

	push	dword [Parse_BreakR3.CS]
	pop	dword [ebp+CRS.CS]

	push	dword [Parse_BreakR3.EIP]
	pop	dword [ebp+CRS.EIP]

	mov	edi,[Parse_BreakR3.R0TCB]
	VMMCall	Validate_Thread_Handle
	jnc	@F

	Trace_Out "ICEDUMP: invalid thread handle, R0TCB: #edi"

	jmp	short .ret

@@
	mov	ebp,[edi+TCB_ClientPtr]

	test	byte [ebp+CRS.EFlags+2],2	; is it in V86 mode?
	jz	@F

	Trace_Out "ICEDUMP: BREAKR3: error, thread is in V86 mode, R0TCB: #edi"
	jmp	short .ret

@@
	call	BreakIn.ignore_range

.ret:
	popfd
	popad
	retn

%endif