Advertisement
waliedassar

SizeOfStackReserve As Anti-Attach Trick

Oct 24th, 2012
1,049
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com
  2. //http://www.twitter.com/waleedassar
  3. //A simple trick that can be as anti-attaching trick under Windows 7.
  4. #include "stdafx.h"
  5. #include "windows.h"
  6. #include "stdio.h"
  7.  
  8. extern "C"
  9. {
  10.     IMAGE_NT_HEADERS* __stdcall RtlImageNtHeader(unsigned long ImageBase);
  11. }
  12.  
  13. int main(int argc, char* argv[])
  14. {
  15.  
  16.     //----------------------------------------------------------------
  17.     unsigned long IB=(unsigned long)GetModuleHandle(0);
  18.     unsigned long old=0;
  19.     VirtualProtect((void*)IB,0x1000,PAGE_READWRITE,&old);
  20.     IMAGE_NT_HEADERS* pNt=RtlImageNtHeader(IB);
  21.     pNt->OptionalHeader.SizeOfStackReserve=0xFFFFFED7;
  22.     VirtualProtect((void*)IB,0x1000,old,&old);
  23.     //-----------------------------------------------------------------
  24.     int i=0;
  25.     while(8)
  26.     {
  27.         printf("Now try to attach a debugger to me (Win7) %x\r\n",i++);
  28.         Sleep(1000);
  29.     }
  30.     return 0;
  31. }
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement