📄 isdebug.asm
字号:
mov eax, origin
; Menu creation is very simple. You just fill in data with menu pattern.
; Some examples:
; 0 Aaa,2 Bbb|3 Ccc|,, - linear menu with 3 items, relative IDs 0, 2 and
; 3, separator between second and third item, last
;
; separator and commas are ignored;
; #A{0Aaa,B{1Bbb|2Ccc}} - unconditional separator, followed by popup menu
; A with two elements, second is popup with two
; elements and separator inbetween.
.IF eax == PM_MAIN ; Plugin menu in main window
invoke lstrcpy, data, CTEXT("0 &Hide,1 &Restore,2 &Option|3 &About|4 &Dumper")
;invoke lstrcpy, data, CTEXT("0 &Hide,1 &Restore|2 &About|3 &Dumper,4 &Initier")
; If your plugin is more than trivial, I also recommend to include Help.
return 1
.ENDIF
return 0
ODBG_Pluginmenu endp
; This optional function receives commands from plugin menu in window of type
; origin. Argument action is menu identifier from ODBG_Pluginmenu(). If user
; activates automatically created entry in main menu, action is 0.
ODBG_Pluginaction proc C origin:dword, action:dword, item:dword
mov eax, origin
.IF eax == PM_MAIN
mov eax, action
.IF !eax
call get_byte_location
mov byte_location,eax
;1==Debugger 0==Clean ;)
invoke Writememory,addr null_byte,byte_location,1,MM_RESTORE
.if (eax!=1)
;ooopps
invoke Error,CTEXT("Error WriteMemory failed")
.elseif
invoke Addtolist, 0, -1, CTEXT(" IsDebugPresent hidden")
.endif
.ELSEIF eax == 1
call get_byte_location
mov byte_location,eax
;resore original code
invoke Writememory,addr the_byte,byte_location,1,MM_RESTORE
.if (eax!=1)
;ooopps
invoke Error,CTEXT("Error WriteMemory failed")
.elseif
invoke Addtolist, 0, -1, CTEXT(" IsDebugPresent restored")
.endif
.ELSEIF eax == 2
invoke DialogBoxParam, hinst, IDD_OPTION, hwmain, addr DlgOptionProc, NULL
.ELSEIF eax == 3
; Menu item "About", displays plugin info.
invoke MessageBox, hwmain, CTEXT("IsDebuggerPresent plugin v1.3",13,10,"(IsDebuggerPresent byte Patcher)",13,10,"Copyright (C) 2oo3 SV",13,10,"MASM32 version"),\
CTEXT("IsDebuggerPresent plugin"),MB_OK or MB_ICONINFORMATION
.ELSEIF eax == 4
invoke DialogBoxParam, hinst, IDD_DUMP, hwmain, addr DlgDumpProc, NULL
.ENDIF
.ENDIF
ret
ODBG_Pluginaction endp
get_byte_location proc
push ebx
invoke Getcputhreadid
invoke Findthread,eax ;retreive thread info
assume eax:ptr t_thread
push [eax].reg.base[4*4] ;base of FS
pop ebx
add ebx,30h
invoke Readmemory,addr dw_buffer,ebx,4,MM_RESTORE
mov eax,dw_buffer
add eax,2h
pop ebx
ret
get_byte_location endp
DlgDumpProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
LOCAL dump_start:DWORD
LOCAL dump_size:DWORD
.IF uMsg == WM_INITDIALOG
mov ofn.lStructSize,SIZEOF ofn
push hWnd
pop ofn.hWndOwner
push hinst
pop ofn.hInstance
mov ofn.nMaxFile,MAXSIZE
.ELSEIF uMsg == WM_CLOSE
invoke SendMessage, hWnd, WM_COMMAND, IDC_BTCANCEL, 0
.ELSEIF uMsg==WM_COMMAND
mov eax,wParam
mov edx,wParam
shr edx,16
.IF dx==BN_CLICKED
.IF ax==IDC_BTCANCEL
invoke EndDialog, hWnd, NULL
.ELSEIF ax==IDC_BTDUMP
invoke Plugingetvalue,VAL_PROCESSID ;is something loaded ??
.if (eax!=0)
pushad
invoke GetDlgItemText,hWnd,IDC_EDTOFFSET,addr textbuffer,10
invoke htodw,addr textbuffer
mov dump_start,eax
invoke GetDlgItemText,hWnd,IDC_EDTSIZE,addr textbuffer,10
invoke htodw,addr textbuffer
mov dump_size,eax
.if dump_start!=0 && dump_size!=0
;Alloc Mem
invoke GlobalAlloc,GMEM_MOVEABLE or GMEM_ZEROINIT,dump_size
mov hMemory_code,eax
invoke GlobalLock,hMemory_code
mov pMemory_code,eax
;Read in Mem
invoke Readmemory,pMemory_code,dump_start,dump_size,MM_RESTORE
.if (eax==dump_size)
push hWnd
pop ofn.hWndOwner
mov ofn.Flags,OFN_OVERWRITEPROMPT
mov ofn.lpstrFilter, OFFSET FilterString
mov ofn.lpstrDefExt, OFFSET bin_extend
mov ofn.lpstrFile, OFFSET textbuffer
mov ofn.nMaxFile,MAXSIZE
mov [textbuffer],0 ;filename buffer a vide
invoke GetSaveFileName, ADDR ofn
.if eax==TRUE
invoke CreateFile,ADDR textbuffer,\
GENERIC_READ or GENERIC_WRITE ,\
FILE_SHARE_READ or FILE_SHARE_WRITE,\
NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,\
NULL
mov hFileWrite,eax
;Save mem in file
invoke WriteFile,hFileWrite,pMemory_code,dump_size,ADDR SizeWritten,NULL
invoke CloseHandle,hFileWrite
invoke Flash,CTEXT("File successfully writted !!")
.endif
.endif
;Free Mem
invoke GlobalUnlock,pMemory_code
invoke GlobalFree,hMemory_code
.endif
popad
.else
invoke Error,CTEXT("Error Nothing loaded")
.endif
.ENDIF
.ENDIF
.ELSE
mov eax, FALSE
ret
.ENDIF
mov eax, TRUE
ret
DlgDumpProc endp
DlgOptionProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
.IF uMsg == WM_INITDIALOG
;read params from ini & update windows
invoke Pluginreadintfromini,hinst,addr str_idb_Autoload,0
mov auto_load,eax
invoke Pluginreadintfromini,hinst,addr str_idb_Sleeptime,1000
mov sleep_time,eax
invoke wsprintf,addr textbuffer,offset template,sleep_time
invoke SetDlgItemText,hWnd,IDC_SLEEPTIME,addr textbuffer
.if (auto_load!=0)
invoke GetDlgItem,hWnd,IDC_CHK1
invoke SendMessage,eax,BM_SETCHECK,BST_CHECKED,0
.endif
.ELSEIF uMsg == WM_CLOSE
invoke SendMessage, hWnd, WM_COMMAND, IDC_BTCANCEL, 0
.ELSEIF uMsg==WM_COMMAND
mov eax,wParam
mov edx,wParam
shr edx,16
.IF dx==BN_CLICKED
.IF ax==IDC_BTN2 ;CANCEL
invoke EndDialog, hWnd, NULL
.ELSEIF ax==IDC_BTN1 ;SAVE
invoke GetDlgItemText,hWnd,IDC_SLEEPTIME,addr textbuffer,10
invoke atodw,addr textbuffer
mov sleep_time,eax
;save params to ini
invoke Pluginwriteinttoini,hinst,addr str_idb_Sleeptime,sleep_time
invoke GetDlgItem,hWnd,IDC_CHK1
invoke SendMessage,eax,BM_GETSTATE,0,0
.if eax==BST_CHECKED
invoke Pluginwriteinttoini,hinst,addr str_idb_Autoload,1
.elseif
invoke Pluginwriteinttoini,hinst,addr str_idb_Autoload,0
.endif
invoke Flash,CTEXT("Option saved !!")
.ENDIF
.ENDIF
.ELSE
mov eax, FALSE
ret
.ENDIF
mov eax, TRUE
ret
DlgOptionProc endp
end DllEntryPoint
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -