Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //http://waleedassar.blogspot.com - (@waleedassar)
- //Code to show how to use the "PAGE_GUARD" anti-dumping trick.
- #include "stdafx.h"
- #include "windows.h"
- #pragma data_seg("walied4")
- int x=1;
- #pragma data_seg()
- unsigned long touch;
- int __cdecl Handler(EXCEPTION_RECORD* pRec,void* est,CONTEXT* pContext,void* disp)
- {
- unsigned long old;
- if(pRec->ExceptionCode==0x80000001)
- {
- touch=0;
- VirtualProtect(&x,0x1000,PAGE_READWRITE|PAGE_GUARD,&old); //restore PAGE_GUARD
- *(unsigned long*)((unsigned char*)pContext+0xB8)=((unsigned long)(pRec->ExceptionAddress))+10;
- return ExceptionContinueExecution;
- }
- return ExceptionContinueSearch;
- }
- void __stdcall watch()
- {
- __asm
- {
- push offset Handler
- push dword ptr fs:[0]
- mov dword ptr fs:[0],esp
- }
- while(1)
- {
- touch=1;
- __asm
- {
- mov dword ptr[x],1 ; //Should trigger 0x80000001
- }
- if(touch) break;
- }
- ExitProcess(0);
- }
- int main(int argc, char* argv[])
- {
- unsigned long fake_base=(unsigned long)(&x); //the page is initially PAGE_COPYWRITE
- *(unsigned long*)fake_base=0xCECECECE; //Now it is PAGE_READWRITE
- unsigned long old;
- VirtualProtect((void*)fake_base,0x1000,PAGE_READWRITE|PAGE_GUARD,&old);
- unsigned long tid;
- CreateThread(0,0x1000,(LPTHREAD_START_ROUTINE)&watch,0,0,&tid);
- //---------------Useless stuff--------------
- MessageBox(0,"Try to dump me","waliedassar",0);
- ExitProcess(0);
- return 0;
- }
Add Comment
Please, Sign In to add comment
