感谢师叔的科普。
下面代码来源于52pojie。不想自己写,我是懒人。
#include <windows.h> BOOL DetectFuncBreakpoints(); int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd ) { if (DetectFuncBreakpoints()) { MessageBox(NULL, "检测到int3断点", "结果", MB_OK); return 0; } else { MessageBox(NULL, "没有检测到int3断点", "结果", MB_OK); } return 0; } BOOL DetectFuncBreakpoints() { BOOL bFoundOD; bFoundOD=FALSE; DWORD dwAddr; dwAddr = (DWORD)GetProcAddress(LoadLibrary("user32.dll"),"MessageBoxA"); //将FARPROC类型转换成DWORD __asm { cld ;检测代码开始 mov edi,dwAddr mov ecx,100 ;100bytes mov al,0CCH ;字母前面必须有0 repne scasb jnz ODNotFound mov bFoundOD,1 ODNotFound: } return bFoundOD; }