หน้าแรก ASP_Volume3 HackerScan Routine
Advertisement
ASP_Volume3 Miscellaneous #48816

HackerScan Routine

★★★★★
4.8 · ดาวน์โหลด: 2,341

This code will scan for popular hacking tools: FileMon, RegMon and SoftICE (both Win 9x and NT versions). This code was inspired by the SoftICE detection routine by Joox (http://www.planetsourcecode.com/vb/scripts/ShowCode.asp?lngWId=1&txtCodeId=7600). If any of these programs are in memory an access violation is generated. You should call this routine before you read or write any sensitive information (ie license files) to files or the regsitry. I'm certain that there are workarounds for this code, but its intent is to make things harder for the hacker. I would love to see other methods added to this to detect other debuggers, tools, etc. so please leave whatever comments come to mind. Go ahead and vote too! Enjoy!

AI

สรุปโดย AI: This codebase represents a historical implementation of the logic described in the metadata. Our preservation engine analyzes the structure to provide context for modern developers.

ซอร์สโค้ด
original-source 
Public Sub HackerScan()
Dim hFile As Long, retVal As Long
Dim sRegMonClass As String, sFileMonClass As String
'\\We break up the class names to avoid detection in a hex editor
sRegMonClass = "R" & "e" & "g" & "m" & "o" & "n" & "C" & "l" & "a" & "s" & "s"
sFileMonClass = "F" & "i" & "l" & "e" & "M" & "o" & "n" & "C" & "l" & "a" & "s" & "s"
'\\See if RegMon or FileMon are running
Select Case True
 Case FindWindow(sRegMonClass, vbNullString) <> 0
 'Regmon is running...throw an access violation
 RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
 Case FindWindow(sFileMonClass, vbNullString) <> 0
 'FileMon is running...throw an access violation
 RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
End Select
'\\So far so good...check for SoftICE in memory
hFile = CreateFile("\\.\SICE", GENERIC_WRITE Or GENERIC_READ, FILE_SHARE_READ Or FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0)
If hFile <> -1 Then
 ' SoftICE is detected.
 retVal = CloseHandle(hFile) ' Close the file handle
 RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
Else
 ' SoftICE is not found for windows 9x, check for NT.
 hFile = CreateFile("\\.\NTICE", GENERIC_WRITE Or GENERIC_READ, FILE_SHARE_READ Or FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0)
 If hFile <> -1 Then
 ' SoftICE is detected.
 retVal = CloseHandle(hFile) ' Close the file handle
 RaiseException EXCEPTION_ACCESS_VIOLATION, 0, 0, 0
 End If
End If
End Sub
Upload
ความคิดเห็นดั้งเดิม (3)
กู้คืนจาก Wayback Machine