Source
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Source as PDF for free.
More details
- Words: 278
- Pages: 2
#include <windows.h> #include <strsafe.h> #include #define WIN32_LEAN_AND_MEAN #define VC_EXTRALEAN #define CODEBEGIN 0x00401000 #define CODEEND 0x004019FE #define modAllowedSize 11 const char modAllowedArray[][255] = { "ADVAPI32.DLL", "ntdll.dll", "RPCRT4.dll", "Secur32.dll", "PSAPI.DLL", "kernel32.dll", "USER32.dll", "GDI32.dll", "MSVCR90.dll", "IMM32.DLL", "Killing Bad Threads.exe" }; int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd ) { HMODULE modArray[1024]; int modNumber; int modAllowedQ = 0; int noBaseAddress = 0; char modFileName[255]; char modInfoTemp[255]; _MODULEINFO modInfo; if( EnumProcessModules( GetCurrentProcess( ), modArray, sizeof( modArray ), ( LPDWORD ) &modNumber ) ) { if( modNumber > sizeof( modArray ) ) return( -1 ); unsigned int i = 0; while( i < ( modNumber / sizeof( HMODULE ) ) ) { int j = 0; while( j < modAllowedSize ) { GetModuleFileName( modArray[i], modFileName, 255 ); char *ModuleName = strtok( modFileName, "\\" ); char *ModuleTempName; char *ModuleLastName; do { ModuleTempName = strtok( NULL, "\\" ); if( ModuleTempName == NULL ) break; ModuleName = ModuleTempName; } while( ModuleName != NULL );
if( *modAllowedArray[j] == *ModuleName ) { GetModuleInformation( GetCurrentProcess( ), GetModuleHandle( modAllowedArray[j] ), &modInfo, sizeof( modInfo ) ); //sprintf( modInfoTemp, "%08x", modInfo.lpBaseOfDll ); // If you plan to fingerprint modules, based off entrypoint // base address, or size of the image base, the above will // load that information into a buffer if( modInfo.lpBaseOfDll == 0 ) noBaseAddress++; modAllowedQ++; } j++; } i++; } if( noBaseAddress != 1 ) { MessageBox( 0, "Unknown module loaded to memory!", "Fatal error", MB_OK ); exit( -1 ); } if( modAllowedQ < modAllowedSize ) { MessageBox( 0, "Unknown module loaded to memory!", "Fatal error", MB_OK ); exit( -1 ); } } MessageBox( 0, "Nothing evil detected.", "Success?", MB_OK ); }
return( EXIT_SUCCESS );
if( *modAllowedArray[j] == *ModuleName ) { GetModuleInformation( GetCurrentProcess( ), GetModuleHandle( modAllowedArray[j] ), &modInfo, sizeof( modInfo ) ); //sprintf( modInfoTemp, "%08x", modInfo.lpBaseOfDll ); // If you plan to fingerprint modules, based off entrypoint // base address, or size of the image base, the above will // load that information into a buffer if( modInfo.lpBaseOfDll == 0 ) noBaseAddress++; modAllowedQ++; } j++; } i++; } if( noBaseAddress != 1 ) { MessageBox( 0, "Unknown module loaded to memory!", "Fatal error", MB_OK ); exit( -1 ); } if( modAllowedQ < modAllowedSize ) { MessageBox( 0, "Unknown module loaded to memory!", "Fatal error", MB_OK ); exit( -1 ); } } MessageBox( 0, "Nothing evil detected.", "Success?", MB_OK ); }
return( EXIT_SUCCESS );
