“INT3”断点指令的机器码是 “0xcch”
检测思路,取函数地址,判断第一个字节是不是 “CCh”
BYTE bFirst = 0; ProcAddres = GetProcAddress(LoadLibrary("user32.dll","MessageBox")); bFirst = *((BYTE*)ProcAddress); if(bFirst == 0xCC) { return TRUE; }
“INT3”断点指令的机器码是 “0xcch”
检测思路,取函数地址,判断第一个字节是不是 “CCh”
BYTE bFirst = 0; ProcAddres = GetProcAddress(LoadLibrary("user32.dll","MessageBox")); bFirst = *((BYTE*)ProcAddress); if(bFirst == 0xCC) { return TRUE; }