谁帮我把下面这段代码译成delphi,谢谢!
bool InstallAntiAttach()
{
HMODULE ntdll; // ntdll handle
void* pDbgUiRemoteBreakin; // function handle
DWORD dwOldProtect; // just for fun
DWORD dwCodeSize; // Size of code to copy // Get ntdll.dll handle
ntdll = GetModuleHandle("ntdll.dll");
if(ntdll)
{
// Get target function addr
pDbgUiRemoteBreakin = GetProcAddress(ntdll, "DbgUiRemoteBreakin");
if(pDbgUiRemoteBreakin)
{
__asm
{
// Get code size
lea eax, __CodeToCopyStart
lea ecx, __CodeToCopyEnd
sub ecx, eax
mov dwCodeSize, ecx
}
// Make sure that we have write rights ...
if(VirtualProtect(pDbgUiRemoteBreakin, dwCodeSize, PAGE_EXECUTE_READWRITE, &dwOldProtect))
{
__asm
{
// Copy code between __CodeToCopyStart and __CodeToCopyEnd
mov edi, pDbgUiRemoteBreakin
lea esi, __CodeToCopyStart
mov ecx, dwCodeSize
rep movsb
// Skip code
jmp __CodeEnd__CodeToCopyStart:
lea eax, __CodeToCopyEnd
jmp eax
__CodeToCopyEnd:
} // ***CODE*HERE***
__asm
{
// Clear registers
xor eax, eax
pushfd
mov [esp], eax
popfd
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor esi, esi
xor edi, edi
xor esp, esp
xor ebp, ebp
// Jump to address 0
jmp eax
}
// ***************__CodeEnd:;
return true;
}
}
}
return false;
}
bool InstallAntiAttach()
{
HMODULE ntdll; // ntdll handle
void* pDbgUiRemoteBreakin; // function handle
DWORD dwOldProtect; // just for fun
DWORD dwCodeSize; // Size of code to copy // Get ntdll.dll handle
ntdll = GetModuleHandle("ntdll.dll");
if(ntdll)
{
// Get target function addr
pDbgUiRemoteBreakin = GetProcAddress(ntdll, "DbgUiRemoteBreakin");
if(pDbgUiRemoteBreakin)
{
__asm
{
// Get code size
lea eax, __CodeToCopyStart
lea ecx, __CodeToCopyEnd
sub ecx, eax
mov dwCodeSize, ecx
}
// Make sure that we have write rights ...
if(VirtualProtect(pDbgUiRemoteBreakin, dwCodeSize, PAGE_EXECUTE_READWRITE, &dwOldProtect))
{
__asm
{
// Copy code between __CodeToCopyStart and __CodeToCopyEnd
mov edi, pDbgUiRemoteBreakin
lea esi, __CodeToCopyStart
mov ecx, dwCodeSize
rep movsb
// Skip code
jmp __CodeEnd__CodeToCopyStart:
lea eax, __CodeToCopyEnd
jmp eax
__CodeToCopyEnd:
} // ***CODE*HERE***
__asm
{
// Clear registers
xor eax, eax
pushfd
mov [esp], eax
popfd
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor esi, esi
xor edi, edi
xor esp, esp
xor ebp, ebp
// Jump to address 0
jmp eax
}
// ***************__CodeEnd:;
return true;
}
}
}
return false;
}
汇编部分照搬。DWORD部分换成unsigned integer(不知道是不是这样写,忘记了)
void* pDbgUiRemoteBreakin,改成 pointer
别的好像没什么可说的了。
function InstallAntiAttach: Boolean;
label
__CodeToCopyStart, __CodeToCopyEnd, __CodeEnd;
var
ntdll: THandle;
pDbgUiRemoteBreakin: Pointer;
dwOldProtect: DWORD;
dwCodeSize: DWORD;
begin
ntdll := GetModuleHandle('ntdll.dll');
Result := False;
if ntdll = 0 then Exit;
pDbgUiRemoteBreakin := GetProcAddress(ntdll, 'DbgUiRemoteBreakin');
if Assigned(pDbgUiRemoteBreakin) then
begin
asm
// Get code size
lea eax, __CodeToCopyStart
lea ecx, __CodeToCopyEnd
sub ecx, eax
mov dwCodeSize, ecx
end;
// Make sure that we have write rights ...
if VirtualProtect(pDbgUiRemoteBreakin, dwCodeSize, PAGE_EXECUTE_READWRITE, dwOldProtect) then
begin
asm
// Copy code between __CodeToCopyStart and __CodeToCopyEnd
mov edi, pDbgUiRemoteBreakin
lea esi, __CodeToCopyStart
mov ecx, dwCodeSize
rep movsb
// Skip code
jmp __CodeEnd__CodeToCopyStart:
lea eax, __CodeToCopyEnd
jmp eax
__CodeToCopyEnd:
end; // ***CODE*HERE***
asm
// Clear registers
xor eax, eax
pushfd
mov [esp], eax
popfd
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor esi, esi
xor edi, edi
xor esp, esp
xor ebp, ebp
// Jump to address 0
jmp eax
end;
// ***************__CodeEnd:;
Result := True;
end;
end;
end;
var
ntdll:HMODULE;
dwOldProtect,dwCodeSize:DWORD;
pDbgUiRemoteBreakin:Pointer;
begin
// Get ntdll.dll handle
ntdll:= GetModuleHandle('ntdll.dll');
if ntdll<>0 then // Get target function addr
pDbgUiRemoteBreakin:=GetProcAddress(ntdll, 'DbgUiRemoteBreakin');
if(pDbgUiRemoteBreakin<>nil) then
beginasm
lea eax, @CodeToCopyStart
lea ecx, @CodeToCopyEnd
sub ecx, eax
mov dwCodeSize, ecx
@CodeToCopyStart:
lea eax,@CodeToCopyEnd
jmp eax
@CodeToCopyEnd:
xor eax, eax
pushfd
mov [esp], eax
popfd
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor esi, esi
xor edi, edi
xor esp, esp
xor ebp, ebp
jmp eax
end;if(VirtualProtect(pDbgUiRemoteBreakin, dwCodeSize, PAGE_EXECUTE_READWRITE, dwOldProtect)) then
begin
asm mov edi, pDbgUiRemoteBreakin
lea esi, @CodeToCopyStart
mov ecx, dwCodeSize
rep movsb
jmp @CodeEnd@CodeToCopyStart:
lea eax,@CodeToCopyEnd
jmp eax
@CodeToCopyEnd:
xor eax, eax
pushfd
mov [esp], eax
popfd
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor esi, esi
xor edi, edi
xor esp, esp
xor ebp, ebp
jmp eax
@CodeEnd:
end;
Result:=TRUE;
end;
end;end;procedure TForm1.FormCreate(Sender: TObject);
begin
//
end;procedure TForm1.FormShow(Sender: TObject);
begin
CheckBox1.Checked:=InstallAntiAttach; //运行出错
end;end.