![]() OrigInitGame = (t_InitGameFn)DetourCreate((LPVOID)0x00403180,(LPVOID)initGameHook, DETOUR_TYPE_JMP) (I couldn't detour it reliably without this code because some faster computers would have already run it, and slower computers might not have even unpacked by the time my dll inits. This just detours the games init function. Game is unpacked in memory and memory security check is done. This just seems to be the way it is for asprotect. We know the game is unpacked when the exception has a PUSH 0C after it. MessageBox(null, Message, "Debug", MB_OK) ![]() pExceptionInfo->ContextRecord->Esi, pExceptionInfo->ContextRecord->Edi) pExceptionInfo->ContextRecord->Esp, pExceptionInfo->ContextRecord->Ebp, pExceptionInfo->ContextRecord->Eax, pExceptionInfo->ContextRecord->Ebx, pExceptionInfo->ContextRecord->Ecx, pExceptionInfo->ContextRecord->Edx, pExceptionInfo->ExceptionRecord->ExceptionCode, sprintf(Message, "Exception Count: %i\nException Code: %X\nEIP: %p\nRegisters\n\nEAX: %X EBX: %X ECX: %X EDX: %X\nESP: %X EBP: %X\nESI: %X EDI: %X\n", Void* Eip = (void*)pExceptionInfo->ContextRecord->Eip LONG WINAPI MyUnhandledExceptionFilter(EXCEPTION_POINTERS *pExceptionInfo) ![]() I start the process suspended, inject dll then resume the main thread. I use an injected dll to run this code and the rest of my code inside the target process. I detect if the ASProtect packed target executable is unpacked by using a VEH Rename the method to _UnhandledExceptionFilter which conflicts with one in kernel32 when linking. The compiler or linker? im not sure which. And you also have a function called UnhandledExceptionFilter
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |