.586p .Model Flat extrn ExitProcess : PROC extrn MessageBoxA : PROC extrn GetTickCount : PROC .Data caption db "daemon@I.LOVE.YOU.COM",0 text db "You have traced me!",0 text3 db "good boy!!!!",0 text2 db "Hey guy, iam sorry but there occoured a fucking exception!",0 text4 db "second msg",0 .Code Main: lea eax,tracer ; pointer to my tracer push eax push dword ptr fs:[0] mov dword ptr fs:[0],esp ; set new exception handler pushfd ; cause single step exception or byte ptr [esp+1],1h popfd nop lea edx,text xor eax,eax mov eax,dr7 cmp eax,0 jz it_doesnt_worx lea edx,text3 it_doesnt_worx: push 0 push offset caption push edx push 0 call MessageBoxA push 0 push offset caption push offset text4 push 0 call MessageBoxA call GetTickCount call ExitProcess free_space db 0100h dup (00h) tracer: mov eax,[esp+04h] ; pointer to exception record mov eax,[eax] ; get exception code cmp eax,80000003h ; return from api call ??? je sub_handler2 cmp eax,80000004h ; was it an single step ??? jne quit mov eax,[esp+0ch] mov ebx,[eax+0b8h] cmp word ptr [ebx],0210fh ; mov ?,dr7 je do_it cmp byte ptr [ebx],0E8h ; call subroutine je sub_handler trap_it:or byte ptr [eax+0c0h+1],00000001b ; enable trap flag dont_set_trap_flag: xor eax,eax ret quit: push 0 push offset caption push offset text2 push 0 call MessageBoxA call ExitProcess do_it: pushad mov ebx,[eax+018h] ; get debug register 7 mov [eax+0b0h],ebx ; store value in eax popad jmp trap_it sub_handler: mov al,byte ptr [ebx+05h] mov save_code,al mov byte ptr [ebx+05],0cch xor eax,eax ret sub_handler2: mov eax,[esp+0ch] dec dword ptr [eax+0b8h] mov ebx,[eax+0b8h] mov al,save_code mov byte ptr [ebx],al mov eax,[esp+0ch] jmp trap_it save_code db ? End Main ;End of code, Main is the entrypoint