本帖最后由 ttbbs 于 2021-11-27 16:43 编辑
成功案例(需要控制台运行)
自己觉得有点难,期待大佬来挑战
目前只有人爆破,但希望给出算法
你们要的源码:
[C++] 纯文本查看 复制代码
#include <iostream>
#include <cstdio>
#include <windows.h>
#include <time.h>
typedef NTSTATUS(NTAPI* pfnNtSetInformationThread)(_In_ HANDLE ThreadHandle, _In_ ULONG ThreadInformationClass,
_In_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength);
int tii;
void anti_debug_by_HideFromDebugger(void) {
HMODULE ntdll = LoadLibrary(TEXT("ntdll.dll"));
if (ntdll == NULL) {
abort();
}
pfnNtSetInformationThread ntSetInfoThread = (pfnNtSetInformationThread)GetProcAddress(ntdll, "NtSetInformationThread");
if (ntSetInfoThread == NULL) {
abort();
}
ntSetInfoThread(GetCurrentThread(), 0x11, NULL, 0);
}
void anti_debug_by_CheckRemoteDebuggerPresent(void) {
BOOL isRemoteDebuggerPresent = FALSE;
if (CheckRemoteDebuggerPresent(GetCurrentProcess(), &isRemoteDebuggerPresent)) {
if (isRemoteDebuggerPresent == TRUE) {
ExitProcess(0);
}
}
}
int ti() {
return int(clock());
}
int checker() {
__asm {
call anti_debug_by_CheckRemoteDebuggerPresent
pushad
push s6
mov ecx, s5
mov eax, 0xC3000000
s5:mov ebx, ecx
cmp ecx, 0x0
je junkcode3
sub ecx, 0x1
jmp ebx
junkcode3 :
clc
cmc
mov eax, 0
jmp junkcode4
s6 : add eax, s4 - 0xC3000000
mov ecx, s7
mov edx, 0xD0FF1716
s7 : mov ebx, ecx
sub ebx, 4
cmp ecx, 0x0
je junkcode4
sub ecx, 0x1
jmp ebx
junkcode4 :
clc
cmc
mov eax, 1
jmp junkcode3
s4 : add esp, 0x4
popad
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
shl tii,2
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
clc
cmc
}
anti_debug_by_HideFromDebugger();
}
int main()
{
int ps;
tii = ti();
int tii1 = ti();
checker();
__asm {
call anti_debug_by_CheckRemoteDebuggerPresent
pushad
push s2
mov ecx, s1
mov eax, 0xC3000000
s1:mov ebx, ecx
cmp ecx, 0x0
je junkcode
sub ecx, 0x1
jmp ebx
junkcode :
clc
cmc
mov eax, 0
jmp junkcode2
s2 : add eax, s4 - 0xC3000000
mov ecx, s3
mov edx, 0xD0FF1716
s3 : mov ebx, ecx
sub ebx, 4
cmp ecx, 0x0
je junkcode2
sub ecx, 0x1
jmp ebx
junkcode2 :
clc
cmc
mov eax,1
jmp junkcode
s4 : add esp, 0x4
popad
}
if (clock() - tii1 > 1000) ExitProcess(0);
std::cout << "password?";
std::cin >> ps;
tii = tii + tii1;
if (ps == tii) {
std::cout << "success";
}
else
{
ExitProcess(0);
}
}
|