📄 trackit.asm
字号:
YES EQU 1
NO EQU 0
SET_BP_CODE EQU 1
CLEAR_BP_CODE EQU 2
Enter_OP_CODE EQU 3
;============================================================================
;Title TRACKIT.ASM
;============================================================================
;ddk中的nmake.exe 编译
;============================================================================
; I N C L U D E S
;============================================================================
.486p
.xlist
MASM=1
include vmm.inc
include vwin32.inc
include shell.inc
include ifsmgr.inc
include ifs.inc
.list
;============================================================================
; D E V I C E I N I T I A L I Z A T I O N C O D E
;============================================================================
;----------------------------------------------------------------------------
; Hook interrupts 30
;----------------------------------------------------------------------------
VXD_Icode_Seg
BeginProc TRACKIT_Device_Init
mov eax, 30h
mov esi, OFFSET32 Hookint30
VMMCall Hook_VMM_Fault
mov eax, 30h
mov esi, OFFSET32 Hookint30
VMMCall Hook_PM_Fault
clc
ret
EndProc TRACKIT_Device_Init
VXD_Icode_Ends
;============================================================================
; D E V I C E D E C L A R A T I O N
;============================================================================
VXD_Locked_Code_Seg
Declare_Virtual_Device TRACKIT,0,0,TRACKIT_Control,Undefined_Device_ID, \
Undefined_Init_Order,,
;----------------------------------------------------------------------------
; Device control procedure for the VxD.
;----------------------------------------------------------------------------
BeginProc TRACKIT_Control
Control_Dispatch SYS_DYNAMIC_DEVICE_INIT, TRACKIT_Device_Init
Control_Dispatch SYS_DYNAMIC_DEVICE_EXIT, TRACKIT_Device_Exit
Control_Dispatch W32_DEVICEIOCONTROL, TRACKIT_ioctl
clc
ret
TRACKIT_Control ENDP
;----------------------------------------------------------------------------
; Get IOcontrol code
;----------------------------------------------------------------------------
BeginProc TRACKIT_ioctl
mov ecx,[esi].dwIoControlCode
cmp ecx,SET_BP_CODE ;设置 HOOK_API
jz Set_bpoint
cmp ecx,CLEAR_BP_CODE
jz Clear_bpoint ;清除 HOOK_API
cmp ecx,Enter_OP_CODE
jz Enter_OP ;OP 查询
xor eax, eax
clc
ret
EndProc TRACKIT_ioctl
;-----------------------------------------------------------------------------
; Save the code which will be restored
;-----------------------------------------------------------------------------
BeginProc Set_bpoint
pushad
mov eax,[esi].lpvInBuffer
mov eax,[eax]
mov bpoint_addr1,eax
mov bx,30cdh
xchg bx,[eax]
mov hook_api1_code,bx ;HOOK 第1个API
mov eax,[esi].lpvInBuffer
mov eax,[eax+4]
mov bpoint_addr2,eax
mov bx,30cdh
xchg bx,[eax]
mov hook_api2_code,bx ;HOOK 第2个API
mov eax,[esi].lpvInBuffer
mov eax,[eax+8]
mov bpoint_addr3,eax
mov bx,30cdh
xchg bx,[eax]
mov hook_api3_code,bx ;HOOK 第3个API
popad
xor eax, eax
clc
ret
EndProc Set_bpoint
BeginProc Clear_bpoint
pushad
mov eax,bpoint_addr1
mov bx,hook_api1_code
mov [eax],bx ;恢复 第1个API代码
mov eax,bpoint_addr2
mov bx,hook_api2_code
mov [eax],bx ;恢复 第2个API代码
mov eax,bpoint_addr3
mov bx,hook_api3_code
mov [eax],bx ;恢复 第3个API代码
popad
xor eax, eax
clc
ret
EndProc Clear_bpoint
BeginProc Enter_OP
pushad
mov eax,[esi].lpvOutBuffer
mov ebx,enter_eip
mov [eax],ebx ;放入enter_eip
mov [esi].cbOutBuffer,4 ;放入out buff size
popad
xor eax, eax
clc
ret
EndProc Enter_OP
;----------------------------------------------------------------------------
; UnHook all interrupts and services hooked
;----------------------------------------------------------------------------
BeginProc TRACKIT_Device_Exit
mov eax, 30h
mov esi, OFFSET32 Hookint30
VMMCall UnHook_VMM_Fault
mov eax, 30h
mov esi, OFFSET32 Hookint30
VMMCall UnHook_PM_Fault ;解除 hook
clc
ret
EndProc TRACKIT_Device_Exit
;============================================================================
; V A R I A B L E S
;============================================================================
hook_api1_code dw 0
hook_api2_code dw 0
hook_api3_code dw 0
call_ret_code dw 0
bpoint_addr1 dd 0
bpoint_addr2 dd 0
bpoint_addr3 dd 0
call_inapi db NO
enter_eip dd 0h
;============================================================================
; M A I N C O D E
;============================================================================
;----------------------------------------------------------------------------
; Hook int30
;----------------------------------------------------------------------------
BeginProc Hookint30
;int 3
.if call_inapi==NO
pushad
mov esi,[ebp.Client_EIP]
sub esi,2
mov [ebp.Client_EIP],esi
mov esi,[ebp.Client_ESP]
mov esi,[esi]
mov bx,30cdh
xchg bx,[esi]
mov call_ret_code,bx ;在返回处设置 int 30
mov eax,bpoint_addr1
mov bx,hook_api1_code
mov [eax],bx ;恢复 第1个API代码
mov eax,bpoint_addr2
mov bx,hook_api2_code
mov [eax],bx ;恢复 第2个API代码
mov eax,bpoint_addr3
mov bx,hook_api3_code
mov [eax],bx ;恢复 第3个API代码
mov call_inapi,YES ;设置 标志
popad
clc ;
ret
.else
pushad
mov esi,[ebp.Client_EIP]
sub esi,2
mov [ebp.Client_EIP],esi
mov bx,call_ret_code
mov [esi],bx ;恢复 返回 代码
;----------------------------------------------------
mov eax,[esi-27h] ;BCB 5.0 4.0 (hand)
.if eax==626610ebh
mov enter_eip,esi
sub enter_eip,27h
.endif
;----------------------------------------------------
mov eax,[esi-35h] ;BC 1996 (hand)
.if eax==0a302e0c1h
mov enter_eip,esi
sub enter_eip,35h
sub enter_eip,5h
.endif
;----------------------------------------------------
mov eax,[esi-29h] ;BC 1998 (hand) ;cgichack
.if eax==0a302e0c1h
mov enter_eip,esi
sub enter_eip,29h
sub enter_eip,5h
.endif
;----------------------------------------------------
mov eax,[esi-5Dh] ;BC 1996 (hand) ;dbd32.exe
.if eax==0a302e0c1h
mov enter_eip,esi
sub enter_eip,5Dh
sub enter_eip,5h
.endif
;----------------------------------------------------
mov eax,[esi-0fh] ;WatCom C ? (hand)
and eax,00ffffffh
.if eax==00e80a6ah
mov enter_eip,esi
sub enter_eip,0fh
.endif
;----------------------------------------------------
;DELPHI ;AATOOLS,
mov eax,[esi-8]
cmp eax,0e8006a50h
jnz DELPHI1_END
mov ax,[esi-0ah]
.if ah==0c3h || al==0c3h
mov ebx,[ebp.Client_ESP] ;get esp
mov ebx,[ebx+4]
mov esi,0ah
sub ebx,esi
.while esi !=30h ;(0ch,10h,11h,12h,16h,18h)
mov eax,[ebx]
.if eax==83ec8b55h || eax==0b9ec8b55h
mov enter_eip,ebx
.break
.endif
inc esi
dec ebx
.endw
.endif
DELPHI1_END:
;------------------------------------------------
;DELPHI ;ASPACK
mov eax,[esi-0Fh]
cmp eax,0e800408dh
jnz DELPHI2_END
mov ax,[esi-11h]
.if ah==0c3h || al==0c3h
mov ebx,[ebp.Client_ESP] ;get esp
mov ebx,[ebx]
mov esi,0ah
sub ebx,esi
.while esi !=30h ; (0bh,0eh,16h)
mov eax,[ebx]
.if eax==83ec8b55h
mov enter_eip,ebx
.break
.endif
inc esi
dec ebx
.endw
.endif
DELPHI2_END:
;----------------------------------------------------
mov ax,[esi]
.if ax==0f08bh
mov eax,[esi-0dh] ;VC ? notepad (line)
.if eax==83ec8b55h
mov enter_eip,esi
sub enter_eip,0dh
.endif
.endif
;----------------------------------------------------
mov ax,[esi]
.if ax==0f08bh
mov eax,[esi-2ch] ;VC ? word (line)
.if eax==6aec8b55h
mov enter_eip,esi
sub enter_eip,2ch
.endif
.endif
;----------------------------------------------------
mov eax,[esi]
.if eax==0d48ad233h
mov eax,[esi-2ch] ;VC 5,6 MMBUILDER,OPERA (ver)
.if eax==6aec8b55h
mov enter_eip,esi
sub enter_eip,2ch
.endif
.endif
;----------------------------------------------------
mov al,[esi]
.if al==0a3h
mov eax,[esi-26h] ;VC 6 REGSHOT (ver)
.if eax==6aec8b55h
mov enter_eip,esi
sub enter_eip,26h
sub enter_eip,6h
.endif
.endif
;----------------------------------------------------
mov ax,[esi]
.if ax==0e850h
mov eax,[esi-150h] ;VC 5.0(MFC) CALC,icq (hand)
.if eax==6aec8b55h
mov enter_eip,esi
sub enter_eip,150h
.endif
.endif
;----------------------------------------------------
mov ax,[esi]
.if ax==0e850h
mov eax,[esi-12eh] ;VC 6.0(MFC) CREATECD (hand)
.if eax==6aec8b55h
mov enter_eip,esi
sub enter_eip,12eh
.endif
.endif
;---------------------------------------------------------------
mov eax,bpoint_addr1
mov bx,30cdh
xchg bx,[eax]
mov hook_api1_code,bx ;HOOK 第1个API
mov eax,bpoint_addr2
mov bx,30cdh
xchg bx,[eax]
mov hook_api2_code,bx ;HOOK 第2个API
mov eax,bpoint_addr3
mov bx,30cdh
xchg bx,[eax]
mov hook_api3_code,bx ;HOOK 第3个API
mov call_inapi,NO ;设置标志
popad
clc ;
ret
.endif
EndProc Hookint30
VXD_LOCKED_CODE_ENDS
end
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -