waliedassar

SizeOfStackReserve As Anti-Attach Trick

Oct 24th, 2012
781
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com
  2. //http://www.twitter.com/waleedassar
  3. //A simple trick that can be as anti-attaching trick under Windows 7.
  4. #include "stdafx.h"
  5. #include "windows.h"
  6. #include "stdio.h"
  7.  
  8. extern "C"
  9. {
  10.     IMAGE_NT_HEADERS* __stdcall RtlImageNtHeader(unsigned long ImageBase);
  11. }
  12.  
  13. int main(int argc, char* argv[])
  14. {
  15.  
  16.     //----------------------------------------------------------------
  17.     unsigned long IB=(unsigned long)GetModuleHandle(0);
  18.     unsigned long old=0;
  19.     VirtualProtect((void*)IB,0x1000,PAGE_READWRITE,&old);
  20.     IMAGE_NT_HEADERS* pNt=RtlImageNtHeader(IB);
  21.     pNt->OptionalHeader.SizeOfStackReserve=0xFFFFFED7;
  22.     VirtualProtect((void*)IB,0x1000,old,&old);
  23.     //-----------------------------------------------------------------
  24.     int i=0;
  25.     while(8)
  26.     {
  27.         printf("Now try to attach a debugger to me (Win7) %x\r\n",i++);
  28.         Sleep(1000);
  29.     }
  30.     return 0;
  31. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×