Skip to content

Instantly share code, notes, and snippets.

View evernick's full-sized avatar

Jo Hyun-Suk evernick

1 follower · 0 following
View GitHub Profile
@evernick
evernick / VideoDriver.cpp
Created June 18, 2015 09:53
#include <windows.h>
#include <stdio.h>
BOOL anti_debug()
{
char buffer[100];
HKEY hKey;
int i=0;
DWORD len=sizeof(buffer);
RegOpenKeyEx (HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000", 0L, KEY_READ , &hKey);
@evernick
evernick / HardDriver.cpp
Created June 18, 2015 09:44
#include <windows.h>
#include <stdio.h>
BOOL anti_debug()
{
HKEY hKey;
int i=0;
if( RegOpenKeyEx (HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Enum\\IDE\\DiskVMware_Virtual_IDE_Hard_Drive___________00000001", 0L, KEY_READ , &hKey) )
return 0;
@evernick
evernick / VMware_HarddiskName.cpp
Created June 18, 2015 09:43
#include <windows.h>
#include <stdio.h>
BOOL anti_debug()
{
char buffer[100];
HKEY hKey;
int i=0;
DWORD len=sizeof(buffer);
RegOpenKeyEx (HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Disk\\Enum", 0L, KEY_READ , &hKey);
@evernick
evernick / CRC.cpp
Created June 18, 2015 09:41
#include <stdio.h>
#include <windows.h>
#include "crc.h"
static void guard_func()
{
char pass[100];
printf("Input String : ");
scanf("%100s", pass);
if(!strcmp(pass, "test"))
@evernick
evernick / crc.h
Created June 18, 2015 09:40
unsigned __int64 table[256] = {
0x0000000000000000, 0xB32E4CBE03A75F6F, 0xF4843657A840A05B, 0x47AA7AE9ABE7FF34,
0x7BD0C384FF8F5E33, 0xC8FE8F3AFC28015C, 0x8F54F5D357CFFE68, 0x3C7AB96D5468A107,
0xF7A18709FF1EBC66, 0x448FCBB7FCB9E309, 0x0325B15E575E1C3D, 0xB00BFDE054F94352,
0x8C71448D0091E255, 0x3F5F08330336BD3A, 0x78F572DAA8D1420E, 0xCBDB3E64AB761D61,
0x7D9BA13851336649, 0xCEB5ED8652943926, 0x891F976FF973C612, 0x3A31DBD1FAD4997D,
0x064B62BCAEBC387A, 0xB5652E02AD1B6715, 0xF2CF54EB06FC9821, 0x41E11855055BC74E,
0x8A3A2631AE2DDA2F, 0x39146A8FAD8A8540, 0x7EBE1066066D7A74, 0xCD905CD805CA251B,
0xF1EAE5B551A2841C, 0x42C4A90B5205DB73, 0x056ED3E2F9E22447, 0xB6409F5CFA457B28,
0xFB374270A266CC92, 0x48190ECEA1C193FD, 0x0FB374270A266CC9, 0xBC9D3899098133A6,
@evernick
evernick / MagicNumber_FEEEFEEE.cpp
Created June 18, 2015 09:36
#include <windows.h>
#include <stdio.h>
void magicnumber_ldr()
{
void *pLdr;
DWORD data, *base;
__asm
{
@evernick
evernick / ProcessHeap_Inline.cpp
Created June 18, 2015 09:34
#include <windows.h>
#include <stdio.h>
BOOL anti_debug()
{
BOOL result = FALSE;
void *pHeap;
DWORD Flags, ForceFlags;
__asm
@evernick
evernick / NtGlobalFlag_Inline.cpp
Created June 18, 2015 09:22
#include <windows.h>
#include <stdio.h>
DWORD anti_debug()
{
__asm
{
mov eax, fs:[0x30]
movzx eax, dword ptr [eax+0x68]
}
@evernick
evernick / BeingDebugged_Inline.cpp
Created June 18, 2015 09:19
#include <windows.h>
#include <stdio.h>
DWORD anti_debug()
{
__asm
{
mov eax, fs:[0x30] // PEB 접근
movzx eax, byte ptr [eax+2] // PEB.BeingDebugged 멤버 접근
}
@evernick
evernick / DirectPEB_Inline.cpp
Created June 18, 2015 09:16
#include <windows.h>
#include <stdio.h>
int main(int argc, char **argv)
{
unsigned long *p;
__asm
{
mov eax, fs:[0x30]