I explore anti hack the code and I saw the scan process capable of function and found in the file list detecte hacker
code Visual C++
However, the structure of this memory, I do not get out that much. hope you comment
if we can use this function to remove the unauthorized program we will reduce the possibility of hackers load Flood proxy port
untitled.JPG
you for the comments
if you do this, then probably not use service providers to help us fight.
I also understand the mechanism of the server detect hack other 1 have yielded good results.
code Visual C++
Code:
#include "stdafx.h"
#include "Antihack.h"
#include <tlhelp32.h>
#include <windows.h>
#include <stdlib.h>
#ifdef _MANAGED
#pragma managed(push, off)
#endif
ANITHACK_PROCDUMP g_ProcessesDumps[MAX_PROCESS_DUMP] = {
{0x4C8259, {0xA1, 0x38, 0xBD, 0x4C, 0x00, 0x8B, 0x00, 0x8B, 0x4D, 0xFC, 0xBA, 0xC0, 0x82, 0x4C, 0x00, 0xE8, 0x1F, 0xF1, 0xFF, 0xFF, 0x33, 0xDB, 0xE8, 0xF8, 0xBE, 0xF3, 0xFF, 0x33, 0xC0, 0x5A, 0x59, 0x59}}, //Catastrophe
{0x4C5F31, {0x7C, 0x23, 0x8B, 0x45, 0xFC, 0x80, 0x38, 0xC1, 0x75, 0x1B, 0x8B, 0x45, 0xFC, 0x80, 0x78, 0x02, 0xF3, 0x75, 0x12, 0x8B, 0x45, 0xFC, 0x80, 0x78, 0x03, 0x00, 0x75, 0x09, 0x8B, 0x45, 0xFC, 0x80}} // Catastrophe
};
void SystemProcessesScan() {
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
if(Process32First(hProcessSnap, &pe32))
{
do
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
if(hProcess != NULL)
{
if(ScanProcessMemory(hProcess))
{
MessageBoxA(0, "Detected Hacker.\n\nHint: Close .", "Software guard", MB_OK | MB_ICONSTOP);
ExitProcess(0);
}
}
}
while(Process32Next(hProcessSnap, &pe32));
}
}
CloseHandle(hProcessSnap);
}
bool ScanProcessMemory(HANDLE hProcess) {
for(int i = 0; i < MAX_PROCESS_DUMP; i++)
{
char aTmpBuffer[MAX_DUMP_SIZE];
SIZE_T aBytesRead = 0;
ReadProcessMemory(hProcess, (LPCVOID)g_ProcessesDumps[i].m_aOffset, (LPVOID)aTmpBuffer, sizeof(aTmpBuffer), &aBytesRead);
if(memcmp(aTmpBuffer, g_ProcessesDumps[i].m_aMemDump, MAX_DUMP_SIZE) == 0)
{
return true;
break;
}
}
return false;
}
extern "C" __declspec(dllexport) void Main() {
SystemProcessesScan();
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {
return TRUE;
}
#ifdef _MANAGED
#pragma managed(pop)
#endifif we can use this function to remove the unauthorized program we will reduce the possibility of hackers load Flood proxy port
untitled.JPG
you for the comments
if you do this, then probably not use service providers to help us fight.
I also understand the mechanism of the server detect hack other 1 have yielded good results.