SHARE
TWEET

SizeOfStackReserve As Anti-Attach Trick

waliedassar Oct 24th, 2012 549 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com
  2. //http://www.twitter.com/waleedassar
  3. //A simple trick that can be as anti-attaching trick under Windows 7.
  4. #include "stdafx.h"
  5. #include "windows.h"
  6. #include "stdio.h"
  7.  
  8. extern "C"
  9. {
  10.         IMAGE_NT_HEADERS* __stdcall RtlImageNtHeader(unsigned long ImageBase);
  11. }
  12.  
  13. int main(int argc, char* argv[])
  14. {
  15.  
  16.         //----------------------------------------------------------------
  17.         unsigned long IB=(unsigned long)GetModuleHandle(0);
  18.         unsigned long old=0;
  19.         VirtualProtect((void*)IB,0x1000,PAGE_READWRITE,&old);
  20.         IMAGE_NT_HEADERS* pNt=RtlImageNtHeader(IB);
  21.         pNt->OptionalHeader.SizeOfStackReserve=0xFFFFFED7;
  22.         VirtualProtect((void*)IB,0x1000,old,&old);
  23.         //-----------------------------------------------------------------
  24.     int i=0;
  25.         while(8)
  26.         {
  27.                 printf("Now try to attach a debugger to me (Win7) %x\r\n",i++);
  28.                 Sleep(1000);
  29.         }
  30.         return 0;
  31. }
RAW Paste Data
Top