infilter2.bat
来自「Cracker终结者——提供最优秀的软件保护技术」· Batch 代码 · 共 88 行
BAT
88 行
;@goto translate
.586P
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE
INCLUDE WINDOWS.inc
UNICODE = FALSE
INCLUDE APIMACRO.mac
INCLUDELIB iKERNEL32.lib
INCLUDELIB iUSER32.lib
INCLUDELIB iApiHooks.lib
INCLUDE ApiHooks.inc
.DATA?
Processes DWORD ?
PIDarraysize EQU 1000H
PIDarray DWORD PIDarraysize/4 DUP (?)
PathHooks SIGN MAX_PATH DUP (?)
.CODE
TEXT zTitle, <Infiltration/0>
TEXT GAPFailed, <Can/-t retrieve process IDs./0>
TEXT Done, </#u of /#u processes infiltered./0>
Start:
;=================================================
SUB EBP, EBP
MOV EDI, OFFSET PathHooks
iWin32i GetModuleHandle, EBP
iWin32i GetModuleFileName, EAX, EDI, MAX_PATH
;=================================================
;Get identificators of all currently running processes.
MOV ESI, OFFSET PIDarray
sWin32 GetCurrentPIDs, ESI, SIZEOF PIDarray
TEST EAX, EAX
MOV EBX, sGAPFailed
JE MsgBox
MOV EBX, EAX ;total number of processes
MOV Processes, EAX ;total number of processes
;=================================================
;exclude W9X KERNEL32.DLL process for time reasons
LODSD
DEC EBX
NextPID:
LODSD ;get PID
iWin32i LoadAndCall, EDI, EAX, 1, 1
CMP EAX, ErrorTimeOut
JBE @F
INC EBP ;hooks were applied
@@:
DEC EBX
JG NextPID
;=================================================
MOV EBX, OFFSET PIDarray
icWin32i wsprintf, EBX, sDone, EBP, Processes
MsgBox:
iWin32i MessageBox, NULL, EBX, szTitle, MB_ICONINFORMATION
iWin32 ExitProcess, NULL
PUBLIC Entry
Entry:
iWin32 GetTickCount
RET
INCLUDE GetPIDs.inc
END Start
:translate
@echo off
ML /c /coff /nologo InFilter2.bat
eLINK InFilter2 /nologo /optidata /SUBSYSTEM:WINDOWS /MERGE:.rdata=.text /IGNORE:4078 /FIXED:NO /export:Entry,@1,NONAME
DEL InFilter2.obj
DEL InFilter2.exp
DEL InFilter2.lib
PAUSE
CLS⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?