本文介绍了一种在Windows平台上通过禁用ntdll.DLL中的DbgBreakPoint函数来避免程序调试过程中出现CPU中断的方法。具体步骤包括获取ntdll.DLL句柄、找到DbgBreakPoint地址,并使用WriteProcessMemory函数将该地址处的指令替换为NOP指令。
在主界面的implementation {$R *.dfm} 下放入以下代码:
procedure PatchInt3;
var
NOP: Byte;
NTDLL: THandle;
BytesWritten: DWORD;
Address: Pointer;
begin
if Win32Platform <> VER_PLATFORM_WIN32_NT then
Exit;
NTDLL := GetModuleHandle('NTDLL.DLL');
if NTDLL = 0 then
Exit;
Address := GetProcAddress(NTDLL, 'DbgBreakPoint');
if Address = nil then
Exit;
try
if Char(Address^) <> #$CC then
Exit;
NOP := $90;
if WriteProcessMemory(GetCurrentProcess, Address, @NOP, 1, BytesWritten) and (BytesWritten = 1) then FlushInstructionCache(GetCurrentProcess, Address, 1);
except // Do not panic if you see an EAccessViolation here, it is perfectly harmless!
on EAccessViolation do ;
else
raise;
end;
end;
然后在窗体的Create中调用 PatchInt3 ;或者在窗体代码的最后一个end.前加入一下代码即可以解决
//-------------------------------------------------------------- i
nitialization
begin
PatchInt3; //防止关闭窗口时出现CPU: ntdll.DbgBreakPoint
end;
procedure PatchInt3;
var
NOP: Byte;
NTDLL: THandle;
BytesWritten: DWORD;
Address: Pointer;
begin
if Win32Platform <> VER_PLATFORM_WIN32_NT then
Exit;
NTDLL := GetModuleHandle('NTDLL.DLL');
if NTDLL = 0 then
Exit;
Address := GetProcAddress(NTDLL, 'DbgBreakPoint');
if Address = nil then
Exit;
try
if Char(Address^) <> #$CC then
Exit;
NOP := $90;
if WriteProcessMemory(GetCurrentProcess, Address, @NOP, 1, BytesWritten) and (BytesWritten = 1) then FlushInstructionCache(GetCurrentProcess, Address, 1);
except // Do not panic if you see an EAccessViolation here, it is perfectly harmless!
on EAccessViolation do ;
else
raise;
end;
end;
然后在窗体的Create中调用 PatchInt3 ;或者在窗体代码的最后一个end.前加入一下代码即可以解决
//-------------------------------------------------------------- i
nitialization
begin
PatchInt3; //防止关闭窗口时出现CPU: ntdll.DbgBreakPoint
end;
扫一扫
374
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
