Home > Others

A record about the disable of Dual-machine debugging in the TP of CF

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The weekend suddenly hurt, bored to look at TP, and then there is only CF such a TX game on hand, so there is a little record.

Disable dual-machine debugging. It is basically the kernel API kddisabledebugger. First, let's take a look at the function definition.

Ntstatus kddisabledebugger (void );

Because the parameters are available, you can directly change ret.



Tessafe + 0x59dd:
B15479dd 75b0 JNE tessafe + 0x598f (b154798f)

Direct NOP

Tessafe + 0x59dd:
B15479dd 90 NOP
B15479de 90 NOP

Tessafe + 0x5b0b:
B1547b0b 7402 je tessafe + 0x5b0f (b1547b0f)

Change to JMP

Tessafe + 0x5b0b:
B1547b0b eb02 JMP tessafe + 0x5b0f (b1547b0f)


CF's TP protection does not seem to have the maximum protection. I don't know why...


A little code is attached.

B13f2abe a18c2c40b1 mov eax, dword ptr [tessafe + 0x15c8c (b1402c8c)]
B13f2ac3 8b402c mov eax, dword ptr [eax + 2ch]
B13f2ac6 3305882c40b1 XOR eax, dword ptr [tessafe + 0x15c88 (b1402c88)]
B13f2acc 7404 je tessafe + 0x5ad2 (b13f2ad2)
B13f2ace ffd0 call eax {nt! Kddisabledebugger (804f8742 )}
B13f2ad0 eb24 JMP tessafe + 0x5af6 (b13f2af6)
B13f2ad2 803d4ae23fb100 CMP byte PTR [tessafe + 0x1124a (b13fe24a)], 0
B13f2ad9 751b JNE tessafe + 0x5af6 (b13f2af6)
B13f2adb 688b010000 push 18bh
B13f2ae0 68e64d6e43 push 436e4de6h
B13f2ae5 6873426e57 push 576e4273h
B13f2aea e81dd9ffff call tessafe + 0x340c (b13f040c)
B13f2aef c6054ae23fb101 mov byte PTR [tessafe + 0x1124a (b13fe24a)], 1
B13f2af6 8b0d3ce23fb1 mov ECx, dword ptr [tessafe + 0x1123c (b13fe23c)] DS: 0023: b13fe23c = {nt! Kidebugroutine (8055c644 )}
B13f2afc 85c9 test ECx, ECx
B13f2afe 740f je tessafe + 0x5b0f (b13f2b0f)
B13f2b00 a140e23fb1 mov eax, dword ptr [tessafe + 0x11240 (b13fe240)]
B13f2b05 85c0 test eax, eax
B13f2b077406 je tessafe + 0x5b0f (b13f2b0f)
B13f2b09 3901 cmp dword ptr [ECx], eax
B13f2b0b 7402 je tessafe + 0x5b0f (b13f2b0f)
B13f2b0d 8901 mov dword ptr [ECx], eax
B13f2b0f C3 RET

Pay attention to the red part.

The first one is call kddisabledebugger.

The second is kidebugroutine, which is a global variable. This indicates a flag that determines whether to debug the tool.

Some code from Restos



The third point is the final point.

The fourth is the assignment, that is, the role of kddisabledebugger.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
get the permalink example of record in database how to get rid of about blank in chrome of following not example of debugging how to disable refresh button of browser in php record of sorts meaning ocarina of time record

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More