[Aporte] Base Anti-Injector de dlls C++ Avanzado

por Shermie80 Miér Sep 18, 2013 11:47 am

Código:: (c): NTSTATUS NTAPI HOOK_ZwCreateThread(OUT PHANDLE ThreadHandle,IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE ProcessHandle,OUT PCLIENT_ID ClientId, IN PCONTEXT ThreadContext,IN PUSER_STACK UserStack, IN BOOLEAN CreateSuspended) { NTSTATUS lStatus; CHAR CurFileName[MAX_PATH]={0},ProcFileName[MAX_PATH]={0}; HANDLE CurrentPID=PsGetCurrentProcessId(); HANDLE ProcessHandleId=(HANDLE)GetProcessIdByHandle(ProcessHandle); PEPROCESS EProc; lStatus=PsLookupProcessByProcessId(CurrentPID,&EProc); if(lStatus==STATUS_SUCCESS) { ImageFileName(EProc,CurFileName); ObDereferenceObject(EProc); } lStatus=PsLookupProcessByProcessId(ProcessHandleId,&EProc); if(lStatus==STATUS_SUCCESS) { ImageFileName(EProc,ProcFileName); ObDereferenceObject(EProc); } if(!strcmp(_strlwr(ProcFileName),"NOMBRE DE TU AO.EXE")) { if(CurrentPID==ProcessHandleId || !strcmp(_strlwr(CurFileName),"explorer.exe")) return pZwCreateThread(ThreadHandle,DesiredAccess,ObjectAttributes, ProcessHandle,ClientId,ThreadContext,UserStack, CreateSuspended); else { DbgPrint("Fuiste echado por intentar injectar el cliente",CurFileName); return STATUS_UNSUCCESSFUL; } } return pZwCreateThread(ThreadHandle,DesiredAccess,ObjectAttributes,ProcessHandle, ClientId,ThreadContext,UserStack,CreateSuspended); }