Source

  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Source as PDF for free.

More details

  • Words: 278
  • Pages: 2
#include <windows.h> #include <strsafe.h> #include #define WIN32_LEAN_AND_MEAN #define VC_EXTRALEAN #define CODEBEGIN 0x00401000 #define CODEEND 0x004019FE #define modAllowedSize 11 const char modAllowedArray[][255] = { "ADVAPI32.DLL", "ntdll.dll", "RPCRT4.dll", "Secur32.dll", "PSAPI.DLL", "kernel32.dll", "USER32.dll", "GDI32.dll", "MSVCR90.dll", "IMM32.DLL", "Killing Bad Threads.exe" }; int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd ) { HMODULE modArray[1024]; int modNumber; int modAllowedQ = 0; int noBaseAddress = 0; char modFileName[255]; char modInfoTemp[255]; _MODULEINFO modInfo; if( EnumProcessModules( GetCurrentProcess( ), modArray, sizeof( modArray ), ( LPDWORD ) &modNumber ) ) { if( modNumber > sizeof( modArray ) ) return( -1 ); unsigned int i = 0; while( i < ( modNumber / sizeof( HMODULE ) ) ) { int j = 0; while( j < modAllowedSize ) { GetModuleFileName( modArray[i], modFileName, 255 ); char *ModuleName = strtok( modFileName, "\\" ); char *ModuleTempName; char *ModuleLastName; do { ModuleTempName = strtok( NULL, "\\" ); if( ModuleTempName == NULL ) break; ModuleName = ModuleTempName; } while( ModuleName != NULL );

if( *modAllowedArray[j] == *ModuleName ) { GetModuleInformation( GetCurrentProcess( ), GetModuleHandle( modAllowedArray[j] ), &modInfo, sizeof( modInfo ) ); //sprintf( modInfoTemp, "%08x", modInfo.lpBaseOfDll ); // If you plan to fingerprint modules, based off entrypoint // base address, or size of the image base, the above will // load that information into a buffer if( modInfo.lpBaseOfDll == 0 ) noBaseAddress++; modAllowedQ++; } j++; } i++; } if( noBaseAddress != 1 ) { MessageBox( 0, "Unknown module loaded to memory!", "Fatal error", MB_OK ); exit( -1 ); } if( modAllowedQ < modAllowedSize ) { MessageBox( 0, "Unknown module loaded to memory!", "Fatal error", MB_OK ); exit( -1 ); } } MessageBox( 0, "Nothing evil detected.", "Success?", MB_OK ); }

return( EXIT_SUCCESS );

Related Documents

Source
November 2019 70
Source
June 2020 22
Source
May 2020 28
Source
June 2020 20
Source
June 2020 18
Source
May 2020 20