Jump to content
Welcome, Guest
Existing user? Sign In

Sign In



Sign Up
The MatriX
  • Welcome To Ghbsys
  • CS GO Streaming Version is released. Have fun streaming while cheating!
  • Have a Payment Issue? Send us a Support ticket.
  • Make a thread if you need support or join our discord for live support.
  • Have Suggestions? Make a thread and you'll earn Ghbsys Points for implemented suggestions.
  • Join our discord to stay well connected! Don't forget to integrate your discord to the site

  • Welcome to [GHB] - GAmEhAcKbAsTaRdS Forum

    Welcome to [GHB] - GAmEhAcKbAsTaRdS Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of [GHB] - GAmEhAcKbAsTaRdS Forum by signing in or creating an account.
    • Start new topics and reply to others
    • Subscribe to topics and forums to get email updates
    • Get your own profile page and make new friends
    • Send personal messages to other members.

    Guest Message by DevFuse

    protect your prozess from getting killed by taskmanger/proc viewer etc.

    bobi

    By bobi,
    in C and C++

     Share

    Recommended Posts

    bobi

    bobi 1

    Posted
    Posted

    yes, i like playing with inline asm - and yes, i'm not really got at.... but hey - it works O.o

     

    have fun, and don't use it for any "trojan/stealer shit" xD

     

    credits to Gordon` - if i need help - i get it from him

     

     

     

    /*

Don't Kill my Process! - by bobi

Testet Process Explorer/Viewer/Killer WITH success:

TaskManager
Process Explorer
Process Viewer
Process Killer

Testet Process Explorer/Viewer/Killer WITHOUT success:

-none =))

*/

#include <windows.h>
#include <TlHelp32.h>
#include <detours.h>


typedef HANDLE (__stdcall *tOpenProcess)(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId);
tOpenProcess pOpenProcess;

typedef bool (__stdcall *tTerminateProcess)(HANDLE hProcess, UINT uExitCode);
tTerminateProcess pTerminateProcess;


BOOL bIsTargetProc = false;
DWORD TargetProcID;


DWORD GetPidByExeName(char *ProcessName)
{
PROCESSENTRY32 p32;
HANDLE hSnap;
BOOL isSuccess;
DWORD pid = 0;
DWORD AddrOfp32 = (DWORD)&p32;

__asm 
{

	push 0
		push TH32CS_SNAPPROCESS
		mov eax, CreateToolhelp32Snapshot
		call eax
		mov hSnap, eax

		cmp eax, 0
		je end

		push AddrOfp32
		push hSnap
		mov eax, Process32First
		call eax
		mov isSuccess, eax

		cmp eax, 0
		je end
loopProcesses:

		lea eax, p32.szExeFile
		push eax
		push ProcessName
		mov eax, lstrcmpi
		call eax

		cmp eax, 0
		je found

		push AddrOfp32
		push hSnap
		mov eax, Process32Next
		call eax
		mov isSuccess, eax

		cmp eax, 0
		je end

		push 1
		mov eax, Sleep
		call eax


		jmp loopProcesses

found:
	mov eax, p32.th32ProcessID
		push eax
		leave
		ret

end:
}

}




bool __stdcall Hooked_TerminateProcess(HANDLE hProcess, UINT uExitCode)
{
__asm
{
	mov eax, bIsTargetProc
	cmp eax, 1
	jne ret_
	mov bIsTargetProc, 0
	jmp end

ret_:
	push uExitCode
	push hProcess
	call pTerminateProcess
end:
}

}

HANDLE __stdcall Hooked_OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId)
{
__asm
{
	mov eax, dwProcessId
	cmp eax, TargetProcID
	jne ret_
	mov eax, dwDesiredAccess
	cmp dwDesiredAccess, 1
	jne ret_
	mov bIsTargetProc, 1

ret_:
	push dwProcessId
	push bInheritHandle
	push dwDesiredAccess
	call pOpenProcess
}
}

void Hook()
{
DWORD dwOpenProcAddress		= ( DWORD ) GetProcAddress ( GetModuleHandle ("kernel32.dll"), "OpenProcess" ); 
DWORD dwTPAddress			= ( DWORD )	GetProcAddress ( GetModuleHandle ("kernel32.dll"), "TerminateProcess");

pOpenProcess				= ( tOpenProcess )				DetourFunction( (PBYTE) dwOpenProcAddress, ( PBYTE ) &Hooked_OpenProcess);
pTerminateProcess			= ( tTerminateProcess)			DetourFunction( (PBYTE) dwTPAddress, ( PBYTE ) &Hooked_TerminateProcess);

TargetProcID = GetPidByExeName("explorer.exe");
}


BOOL WINAPI DllMain (HINSTANCE hModule, DWORD dwReason, LPVOID lpvReserved)
{

if(dwReason == DLL_PROCESS_ATTACH)
{
	CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Hook, 0, 0, 0);
}


return TRUE;
}

    Link to comment
    Share on other sites
    Guest
    This topic is now closed to further replies.
     Share
    Go to topic listing

    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...