|
|
使用beaengine,可以读取自身当前的代码。
// MyDiasm.cpp : 定义控制台应用程序的入口点。
//
#include "windows.h"
#include "stdio.h"
#include "HEADERS/BeaEngine.h"
int main(void)
{
/* ============================= Init datas */
DISASM MyDisasm;
int false = 0, true = 1;
int len, i = 0;
BOOL Error = false;
CONTEXT context;
HANDLE hprocess;
HANDLE hthreadt;
/* ============================= Init the Disasm structure (important !)*/
(void) memset (&MyDisasm, 0, sizeof(DISASM));
/* ============================= Init EIP */
memset(&context,0,sizeof(CONTEXT));
context.ContextFlags = CONTEXT_CONTROL;
DuplicateHandle(GetCurrentProcess(),GetCurrentThread(),GetCurrentProcess(),&hthreadt,0,FALSE,DUPLICATE_SAME_ACCESS);
GetThreadContext(hthreadt,&context);
MyDisasm.EIP = *(DWORD*)(context.Esp+0x1c);
/* ============================= Loop for Disasm */
while ((!Error) && (i<100)){
len = Disasm(&MyDisasm);
if (len != UNKNOWN_OPCODE) {
(void) puts(MyDisasm.CompleteInstr);
MyDisasm.EIP = MyDisasm.EIP + len;
i++;
}
else {
Error = true;
}
};
return 0;
}
|
|
发表于 2016-4-18 14:53:59
