Skip to content

Instantly share code, notes, and snippets.

@veil-ivy
veil-ivy / detect_dll_hijack.cpp
Created February 9, 2022 21:20
detect dll hijacking attempts
#include <Windows.h>
#include <stdio.h>
#include <iostream>
LPVOID original_func = NULL;
PIMAGE_IMPORT_DESCRIPTOR import_descriptor = NULL;
const wchar_t* back = L"\\";
wchar_t current_directory[MAX_PATH];
typedef HMODULE(WINAPI * loadlibrary_def)(
LPCWSTR lpLibFileName
#include <ntddk.h>
#define BLOCK_PROCESS "notepad.exe"
static OB_CALLBACK_REGISTRATION obcallback_registration;
static OB_OPERATION_REGISTRATION oboperation_callback;
#define PROCESS_CREATE_THREAD (0x0002)
#define PROCESS_CREATE_PROCESS (0x0080)
#define PROCESS_TERMINATE (0x0001)
#define PROCESS_VM_WRITE (0x0020)
#define PROCESS_VM_READ (0x0010)
#define PROCESS_VM_OPERATION (0x0008)