int MalwareExtractor::Initialize()
{
m_thread = Findthread(Getcputhreadid());
if (m_thread == NULL) {
m_error_code = ME_ERROR_NOTHREAD;
return -1;
}
m_module = Findmodule(m_thread->reg.ip);
m_imagecopy = new uchar[m_module->size];
if (m_imagecopy == NULL) {
m_error_code = ME_ERROR_MEMALLOC;
return -1;
}
if (Readmemory(m_imagecopy, m_module->base, m_module->size, MM_RESTORE) == 0) {
m_error_code = ME_ERROR_MEMREAD;
return -1;
}
this->BackupModuleRanges();
m_running = 1;
return 0;
}
bool ESPRun(void)
{
DWORD EIP,ESP,ESP2;
ulong cpuid;
cpuid = Getcputhreadid();
t_thread *pt = Findthread(cpuid);
EIP = pt->reg.ip;
ESP = pt->reg.r[4];
/*
char code[2]={0};
char pushad=0x60;
char pushaf=0x9c;
uint pushwf=0x669c;
Readmemory(code,EIP,1,MM_RESTORE);
t_status st = Getstatus();
try
{
while(code[0] != pushad)
{
int er=Go(cpuid, 0, STEP_IN, 1, 1);
st = Getstatus();
Suspendprocess(cpuid);
t_thread *pt = Findthread(cpuid);
EIP = pt->reg.ip;
Readmemory(code,EIP,1,MM_RESTORE);
Runsinglethread(cpuid);
st = Getstatus();
}
}
catch (...)
{
cout <<"error";
exit(100);
}
ESP2 = pt->reg.r[4];
DWORD tmpesp =ESP2 - 8;
*/
ESP=ESP-0x04;
Sethardwarebreakpoint(ESP, 1, HB_WRITE);
Sendshortcut(PM_MAIN, 0, WM_KEYDOWN, 0, 1, VK_F9);
return true;
}
/*******************************************************************************
*
* 函 数 名 : SetASMCpu
* 功能描述 : 设置反汇编窗口的地址
* 参数列表 : 无
* 说 明 :
* 返回结果 : 如果成功返回TRUE,失败返回FALSE
*
*******************************************************************************/
BOOL SetASMCpu(DWORD dwAddr)
{
Setcpu(Getcputhreadid(), dwAddr, 0,0, CPU_REDRAW | CPU_ASMFOCUS) ;
return TRUE ;
}