Int3断点设置与移除函数

冷月孤心

学习in3断点之余，感觉封装为函数调用有点方便。小白手记，大神飘过

[C++] 纯文本查看 复制代码

void SetInt3Breakpoint(HANDLE hProcess, DWORD SetInt3address)
{
	DWORD oldProtect;
	VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
	originalByte = *(BYTE*)SetInt3address;
	BOOL VirtualProtectResult = VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
	if (VirtualProtectResult)
	{
		MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作成功"), TEXT("提示"), NULL);
	}
	else
	{
		MessageBox(NULL, TEXT("SetInt3_VirtualProtect操作失败"), TEXT("提示"), NULL);
		DWORD dwError = GetLastError();
		VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
		BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)SetInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
		if (VirtualProtectExResult)
		{
			MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作成功"), TEXT("提示"), NULL);
		}
		else
		{
			MessageBox(NULL, TEXT("SetInt3_VirtualProtectEx操作失败"), TEXT("提示"), NULL);
			DWORD dwError = GetLastError();
		}
	}
	//WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);
	memcpy((LPVOID)SetInt3address, KeyInfo, sizeof(KeyInfo));
	//BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)SetInt3address, &KeyInfo, 0x1, NULL);
	//if (writeResult)
	//{
	//	MessageBox(NULL, TEXT("SetInt3_address Int3写入成功"), TEXT("提示"), NULL);

	//}
	//else
	//{
	//	MessageBox(NULL, TEXT("SetInt3_address Int3写入失败"), TEXT("提示"), NULL);
	//	DWORD dwError = GetLastError();

	//}

	VirtualProtect((LPVOID)SetInt3address, sizeof(BYTE), oldProtect, &oldProtect);
	wsprintf(szBuffer, TEXT("Int3设置完成 *(BYTE*)SetInt3address＝ %#I32x"), *(BYTE*)SetInt3address);
	OutputDebugString(szBuffer);
	if (*(BYTE*)SetInt3address == 0xCC)
	{
		MessageBox(NULL, TEXT("Int3设置成功"), TEXT("提示"), NULL);
	}
}

void RemoveInt3Breakpoint(HANDLE hProcess, DWORD RemoveInt3address)
{
	DWORD oldProtect;
	VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
	BOOL VirtualProtectResult = VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
	if (VirtualProtectResult)
	{
		MessageBox(NULL, TEXT("Remove_VirtualProtect操作成功"), TEXT("提示"), NULL);
	}
    else
    {
        MessageBox(NULL, TEXT("Remove_VirtualProtect操作失败"), TEXT("提示"), NULL);
        DWORD dwError = GetLastError();
    
		VirtualProtectEx(hProcess, (LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
		BOOL VirtualProtectExResult = VirtualProtectEx(hProcess, (LPVOID)RemoveInt3address, sizeof(BYTE), PAGE_EXECUTE_READWRITE, &oldProtect);
		if (VirtualProtectExResult)
		{
			MessageBox(NULL, TEXT("Remove_VirtualProtectEx操作成功"), TEXT("提示"), NULL);
		}
		else
		{
			MessageBox(NULL, TEXT("Remove_VirtualProtectEx操作失败"), TEXT("提示"), NULL);
			DWORD dwError = GetLastError();
		}
    }
        memcpy((LPVOID)RemoveInt3address, &originalByte, sizeof(originalByte));
		//WriteProcessMemory(hProcess, (LPVOID)RemoveInt3address, &originalByte, sizeof(BYTE), NULL);
/*		BOOL writeResult = WriteProcessMemory(hProcess, (LPVOID)RemoveInt3address, &originalByte, sizeof(BYTE), NULL);
		if (writeResult)
		{
			MessageBox(NULL, TEXT("SetInt3address Int3还原成功"), TEXT("提示"), NULL);

		}
		else
		{
			MessageBox(NULL, TEXT("SetInt3address Int3还原失败"), TEXT("提示"), NULL);
			DWORD dwError = GetLastError();

		}*/
		VirtualProtect((LPVOID)RemoveInt3address, sizeof(BYTE), oldProtect, &oldProtect);
	wsprintf(szBuffer, TEXT("Int3执行完成 *(BYTE*)RemoveInt3address＝ %#I32x"), *(BYTE*)RemoveInt3address);
	OutputDebugString(szBuffer);
}

不破不立

谢谢分享学习心得

LCC

谢谢分享学习心得

飞天梦

谢谢分享，学习

回归原点

谢谢分享学习心得

szwanglei

谢谢分享

desaiapi999

谢谢分享学习心得，我也学习下

风轻云淡

不可能 根本不可能学会

乐活

过来学习，多谢分享

rensan

谢谢分享学习心得