Advertisement
waliedassar

Resume Flag Support

Oct 14th, 2012
331
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 1.77 KB | None | 0 0
  1. //http://waleedassar.blogspot.com (@waleedassar)
  2. //Use this code to test if OS supports the RF (Resume Flag).
  3. #include "stdafx.h"
  4. #include "windows.h"
  5. #include "stdio.h"
  6.  
  7. #define CONTEXT_ALL 0x1003F
  8.  
  9. int dummy(int);
  10. unsigned long gf=0;
  11.  
  12. int __cdecl Handler(EXCEPTION_RECORD* pRec,void* est,unsigned char* pContext,void* disp)
  13. {
  14.     if(pRec->ExceptionCode==0xC0000096)  //Privileged instruction
  15.     {
  16.         //---------------------Installing the trick--------------------------------------
  17.         *(unsigned long*)(pContext)=CONTEXT_ALL;/*CONTEXT_DEBUG_REGISTERS|CONTEXT_FULL*/
  18.         *(unsigned long*)(pContext+0x4)=(unsigned long)(&dummy);
  19.         *(unsigned long*)(pContext+0x8)=(unsigned long)(&dummy);
  20.         *(unsigned long*)(pContext+0xC)=(unsigned long)(&dummy);
  21.         *(unsigned long*)(pContext+0x10)=(unsigned long)(&dummy);
  22.         *(unsigned long*)(pContext+0x14)=0;
  23.         *(unsigned long*)(pContext+0x18)=0x155; //Enable the four DRx On-Execute
  24.         //---------------------------------------------------------------------------------
  25.         (*(unsigned long*)(pContext+0xB8))++;
  26.         return ExceptionContinueExecution;
  27.     }
  28.     else if(pRec->ExceptionCode==EXCEPTION_SINGLE_STEP)
  29.     {
  30.         //*(unsigned long*)(pContext+0x14)=0;  //Clear DR6
  31.         if(gf==1)
  32.         {
  33.             MessageBox(0,"RF not used","waliedassar",0);
  34.             ExitProcess(0);
  35.         }
  36.         gf++;
  37.         (*(unsigned long*)(pContext+0xC0))|=0x00010000; //Set the RF (Resume Flag)
  38.         return ExceptionContinueExecution;
  39.     }
  40.     return ExceptionContinueSearch;
  41. }
  42.  
  43. int dummy(int x)
  44. {
  45.     x+=0x100;
  46.     return x;
  47. }
  48. int main(int argc, char* argv[])
  49. {
  50.     unsigned long x=0;
  51.     __asm
  52.     {
  53.         push offset Handler
  54.         push dword ptr fs:[0x0]
  55.         mov dword ptr fs:[0x0],esp
  56.         STI; Triggers an exception(privileged instruction)
  57.     }  
  58.     dummy(0xFF);
  59.     MessageBox(0,"RF used","waliedassar",0);
  60.     return 0;
  61. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement