spnow
/ ZwSetInformationThread.cpp
Created
August 1, 2017 23:12
— forked from evernick/ZwSetInformationThread.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<windows.h> | |
| #include<stdio.h> | |
| typedef DWORD (WINAPI *PFZWSETINFORMATIONTHREAD) ( | |
| HANDLE ThreadHandle, | |
| DWORD ThreadInformationClass, // Original : _THREAD_INFORMATION_CLASS | |
| PVOID ThreadInformation, | |
| ULONG ThreadInformationLength | |
| ); |
spnow
/ ZwQueryInformationProcess_ProcessDebugPort.cpp
Created
August 1, 2017 23:12
— forked from evernick/ZwQueryInformationProcess_ProcessDebugPort.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<windows.h> | |
| #include<stdio.h> | |
| typedef DWORD (WINAPI *PFZWQUERYINFORMATIONPROCESS) ( | |
| HANDLE ProcessHandle, | |
| DWORD ProcessInformationClass, // Origianl : _PROCESS_INFORMATION_CLASS | |
| PVOID ProcessInformation, | |
| ULONG ProcessInformationLength, | |
| PULONG ReturnLength | |
| ); |
spnow
/ OllyDbgStaticString.cpp
Created
August 1, 2017 23:12
— forked from evernick/OllyDbgStaticString.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <psapi.h> | |
| #pragma comment(lib, "psapi.lib") | |
| BOOL anti_debug() | |
| { | |
| DWORD All_process[1024], cb, process_cnt, value; | |
| int read; | |
| unsigned int i; |
spnow
/ ZwQueryInformationProcess_ProcessDebugObjectHandle.cpp
Created
August 1, 2017 23:12
— forked from evernick/ZwQueryInformationProcess_ProcessDebugObjectHandle.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<windows.h> | |
| #include<stdio.h> | |
| typedef DWORD (WINAPI *PFZWQUERYINFORMATIONPROCESS) ( | |
| HANDLE ProcessHandle, | |
| DWORD ProcessInformationClass, // Origianl : _PROCESS_INFORMATION_CLASS | |
| PVOID ProcessInformation, | |
| ULONG ProcessInformationLength, | |
| PULONG ReturnLength | |
| ); |
spnow
/ ZwQueryInformationProcess_ProcessDebugFlags.cpp
Created
August 1, 2017 23:12
— forked from evernick/ZwQueryInformationProcess_ProcessDebugFlags.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<windows.h> | |
| #include<stdio.h> | |
| typedef DWORD (WINAPI *PFZWQUERYINFORMATIONPROCESS) ( | |
| HANDLE ProcessHandle, | |
| DWORD ProcessInformationClass, // Origianl : _PROCESS_INFORMATION_CLASS | |
| PVOID ProcessInformation, | |
| ULONG ProcessInformationLength, | |
| PULONG ReturnLength |
spnow
/ ParentProcess.cpp
Created
August 1, 2017 23:11
— forked from evernick/ParentProcess.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <tlhelp32.h> | |
| #include <psapi.h> | |
| #pragma comment(lib, "psapi.lib") | |
| int GetProcssName(DWORD PID, char *buff, int size) | |
| { | |
| int len = 0; |
spnow
/ BlockInput.cpp
Created
August 1, 2017 23:11
— forked from evernick/BlockInput.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <Winable.h> | |
| int main() | |
| { | |
| char str[100]; | |
| BlockInput(TRUE); | |
| printf("Input String: "); |
spnow
/ SelfDebugging_DebugActiveProcess.cpp
Created
August 1, 2017 23:11
— forked from evernick/SelfDebugging_DebugActiveProcess.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| void self_debug() | |
| { | |
| char result = FALSE; | |
| char szCmdLine[MAX_PATH]; | |
| char szCurrPath[MAX_PATH]; | |
| char pid_str[12]; |
spnow
/ RDTSC.cpp
Created
August 1, 2017 23:10
— forked from evernick/RDTSC.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <intrin.h> | |
| BOOL anti_debug(unsigned __int64 cnt1) | |
| { | |
| unsigned __int64 cnt2; | |
| cnt2 = __rdtsc(); | |
| if ((cnt2-cnt1) > 0xFF) { | |
| return 1; | |
| } |
spnow
/ NtQueryPerformanceCounter.cpp
Created
August 1, 2017 23:10
— forked from evernick/NtQueryPerformanceCounter.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| BOOL anti_debug(LARGE_INTEGER cnt1) | |
| { | |
| LARGE_INTEGER cnt2; | |
| QueryPerformanceCounter (&cnt2); | |
| if ((cnt2.QuadPart-cnt1.QuadPart) > 0xFF) { | |
| return 1; | |
| } |