Skip to content

Instantly share code, notes, and snippets.

View spnow's full-sized avatar

spnow

44 followers · 93 following
View GitHub Profile
@spnow
spnow / GetTickCount.cpp
Created August 1, 2017 23:10 — forked from evernick/GetTickCount.cpp
#include <windows.h>
#include <stdio.h>
#pragma comment(lib, "winmm.lib")
BOOL anti_debug(DWORD count1)
{
DWORD count2;
count2 = GetTickCount();
if ((count2-count1) > 0x10) {
return 1;
}
@spnow
spnow / timeGetTime.cpp
Created August 1, 2017 23:10 — forked from evernick/timeGetTime.cpp
#include <windows.h>
#include <stdio.h>
#pragma comment(lib, "winmm.lib")
BOOL anti_debug(DWORD time1)
{
DWORD time2;
time2 = timeGetTime();
if ((time2-time1) > 0x10) {
return 1;
@spnow
spnow / GetSystemTime.cpp
Created August 1, 2017 23:10 — forked from evernick/GetSystemTime.cpp
#include <windows.h>
#include <stdio.h>
BOOL anti_debug(SYSTEMTIME s_time1, FILETIME f_time1)
{
SYSTEMTIME s_time2;
FILETIME f_time2;
GetSystemTime(&s_time2);
SystemTimeToFileTime(&s_time2, &f_time2);
if ((f_time2.dwLowDateTime - f_time1.dwLowDateTime)/10000 > 1000) {
@spnow
spnow / DirectPEB_ZwQueryInformationProcess.cpp
Created August 1, 2017 23:09 — forked from evernick/DirectPEB_ZwQueryInformationProcess.cpp
#define _WIN32_WINNT 0x0501
#include <windows.h>
#include <stdio.h>
#include <Winternl.h>
typedef DWORD (WINAPI *PFZWQUERYINFORMATIONPROCESS) (
HANDLE ProcessHandle,
DWORD ProcessInformationClass, // Origianl : _PROCESS_INFORMATION_CLASS
PVOID ProcessInformation,
ULONG ProcessInformationLength,
@spnow
spnow / DirectPEB_Inline.cpp
Created August 1, 2017 23:09 — forked from evernick/DirectPEB_Inline.cpp
#include <windows.h>
#include <stdio.h>
int main(int argc, char **argv)
{
unsigned long *p;
__asm
{
mov eax, fs:[0x30]
@spnow
spnow / BeingDebugged_Inline.cpp
Created August 1, 2017 23:09 — forked from evernick/BeingDebugged_Inline.cpp
#include <windows.h>
#include <stdio.h>
DWORD anti_debug()
{
__asm
{
mov eax, fs:[0x30] // PEB 접근
movzx eax, byte ptr [eax+2] // PEB.BeingDebugged 멤버 접근
}
@spnow
spnow / NtGlobalFlag_Inline.cpp
Created August 1, 2017 23:09 — forked from evernick/NtGlobalFlag_Inline.cpp
#include <windows.h>
#include <stdio.h>
DWORD anti_debug()
{
__asm
{
mov eax, fs:[0x30]
movzx eax, dword ptr [eax+0x68]
}
@spnow
spnow / ProcessHeap_Inline.cpp
Created August 1, 2017 23:08 — forked from evernick/ProcessHeap_Inline.cpp
#include <windows.h>
#include <stdio.h>
BOOL anti_debug()
{
BOOL result = FALSE;
void *pHeap;
DWORD Flags, ForceFlags;
__asm
@spnow
spnow / MagicNumber_FEEEFEEE.cpp
Created August 1, 2017 23:08 — forked from evernick/MagicNumber_FEEEFEEE.cpp
#include <windows.h>
#include <stdio.h>
void magicnumber_ldr()
{
void *pLdr;
DWORD data, *base;
__asm
{
@spnow
spnow / crc.h
Created August 1, 2017 23:08 — forked from evernick/crc.h
unsigned __int64 table[256] = {
0x0000000000000000, 0xB32E4CBE03A75F6F, 0xF4843657A840A05B, 0x47AA7AE9ABE7FF34,
0x7BD0C384FF8F5E33, 0xC8FE8F3AFC28015C, 0x8F54F5D357CFFE68, 0x3C7AB96D5468A107,
0xF7A18709FF1EBC66, 0x448FCBB7FCB9E309, 0x0325B15E575E1C3D, 0xB00BFDE054F94352,
0x8C71448D0091E255, 0x3F5F08330336BD3A, 0x78F572DAA8D1420E, 0xCBDB3E64AB761D61,
0x7D9BA13851336649, 0xCEB5ED8652943926, 0x891F976FF973C612, 0x3A31DBD1FAD4997D,
0x064B62BCAEBC387A, 0xB5652E02AD1B6715, 0xF2CF54EB06FC9821, 0x41E11855055BC74E,
0x8A3A2631AE2DDA2F, 0x39146A8FAD8A8540, 0x7EBE1066066D7A74, 0xCD905CD805CA251B,
0xF1EAE5B551A2841C, 0x42C4A90B5205DB73, 0x056ED3E2F9E22447, 0xB6409F5CFA457B28,
0xFB374270A266CC92, 0x48190ECEA1C193FD, 0x0FB374270A266CC9, 0xBC9D3899098133A6,