isdllpresent.cpp

Cracker终结者——提供最优秀的软件保护技术

//#define UNICODE
#ifdef UNICODE
  #define _UNICODE
#endif
#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include <tchar.h>
//#define AH_STATIC_LINKING
#include <ApiHooks.h>
//#define PW_STATIC_LINKING
#include <PrcWorks.h>

/////////////////////////////////////////////////////////
DWORD WINAPI Deferred(LPVOID pVOID) {
  PRCINFO pRCI = (PRCINFO)pVOID;
  DWORD AHResult;
  BOOL Exited = FALSE;
  BOOL Terminated = FALSE;

  while(!(Exited = (WaitForSingleObject(pRCI->hThread, 8000) == WAIT_OBJECT_0))) {
    if(MessageBox(NULL, _T("Terminate remote thread?"), _T("Timeout Thread"), MB_YESNO) == IDYES) {
      SuspendThread(pRCI->hThread);
      TerminateThread(pRCI->hThread, ErrorAHRemote);
      if(WaitForSingleObject(pRCI->hThread, 4000) == WAIT_OBJECT_0) {
        Terminated = TRUE;
        AHResult = ErrorAHRemote;
      }
      else {
        MessageBox(NULL, _T("Can't terminate remote thread!"), _T("Timeout Thread"), MB_ICONERROR | MB_OK);
        AHResult = ErrorAHTimeOut;
      }
      break;
    }
  }

  if(Terminated) {
    pRCI->RtlFreeMem(pRCI->hProcess, pRCI->ThreadBody);
    pRCI->RtlFreeMem(pRCI->hProcess, pRCI->ThreadStack);
  }
  else {
    if(Exited) {
      if(pRCI->RCFlags & RC_FL_OWNFREE) {
        pRCI->RtlFreeMem(pRCI->hProcess, pRCI->ThreadBody);
      } 
      if(pRCI->ProcFlags & RC_PF_NATIVE) {
        pRCI->RtlFreeMem(pRCI->hProcess, pRCI->ThreadStack);
      } 
      GetExitCodeThread(pRCI->hThread, &AHResult);
    } 
  }         

  CloseHandle(pRCI->hThread);
  CloseHandle(pRCI->hProcess);
  return(AHResult);
}

/////////////////////////////////////////////////////////
int _tmain(VOID) {

  DWORD PID = ProcessName2PID(_T("LdrBlock.exe"));
  if((PID == PW_PIDERROR) || (PID == PW_MEMERROR)) {
    WinExec("LdrBlock.exe", SW_SHOWNORMAL);
    Sleep(1000);
    PID = ProcessName2PID(_T("LdrBlock.exe"));
    if((PID == PW_PIDERROR) || (PID == PW_MEMERROR)) {
      _tprintf(_T("Can't create LdrBlock.exe process!"));
      return(getch());
    }
  }
 
  RCINFO lRCI;
  memcpy(&lRCI, GetDefaultRCInfo(), sizeof(lRCI));
  lRCI.RCFlags = RC_FL_OWNTIMEOUT;
  DWORD AHResult = IsModuleLoaded(&lRCI, _T("LdrBlock.dll"), PID, 2000);
  if(AHResult == ErrorAHTimeOut) {
    HANDLE hThread;
    if(!(hThread = CreateThread(NULL, 0, Deferred, &lRCI, 0, &PID))) {
      CloseHandle(lRCI.hThread);
      CloseHandle(lRCI.hProcess);
      _tprintf(_T("Can't create timeout thread!"));
    }
    else {
      while(WaitForSingleObject(hThread, 1000) != WAIT_OBJECT_0)
        _tprintf(_T(".")); // do something useful
      GetExitCodeThread(hThread, &AHResult);
      CloseHandle(hThread);
      if(ErrorAHRemote == AHResult) {
        _tprintf(_T("\nWas timeout: Remote thread was terminated!"));
      } 
      else {
        if(ErrorAHTimeOut == AHResult) {
          _tprintf(_T("\nWas timeout: Remote thread was left (can't terminate)!"));
        }
        else {
          _tprintf(_T("\nWas timeout: LdrBlock.dll is loaded at 0x%X."), AHResult);
        }
      }
    }
  }
  else {
    if((ErrorAHMin <= AHResult) && (AHResult <= ErrorAHTimeOut)) {
      _tprintf(_T("\nNo timeout: Can't prepare remote execution!"));
    }
    else {
      _tprintf(_T("\nNo timeout: LdrBlock.dll is loaded at 0x%X."), AHResult);
    }
  }
  getch();
  return(AHResult);
}