Jump to content
Fórum Script Brasil
  • 0

Duvida em C++


staw

Question

Olá caros amigos, estou com uma pequena duvida em C++, tenho uma source da proteção do meu mu, cujo ele bloqueia arquivos maliciosos pelo processo de dump, mas a um problema ele só bloqueia o arquivo quando o arquivo malicioso é aberto antes de eu executar o jogo, e se o cara abrir o arquivo depois ele não detecta, só detecta também quando eu fecho o programa, isso se o arquivo malicioso estiver aberto, alguém sabe me explicar porque ele não fica trabalhando quando o programa esta em execução, somente quando é aberto ou fechado?

Source code:

#include "stdafx.h"
#include "Antihack.h"
#include <stdlib.h>


#ifdef _MANAGED
#pragma managed(push, off)
#endif

ANITHACK_PROCDUMP g_ProcessesDumps[MAX_PROCESS_DUMP] = {

                                                       };

using namespace std;

void CAntiHack::GetSystemProcessesList() {
    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if(hProcessSnap != INVALID_HANDLE_VALUE)
    {
        PROCESSENTRY32 pe32;
        pe32.dwSize = sizeof(PROCESSENTRY32);

        if(Process32First(hProcessSnap, &pe32))
        {
            do
            {
                m_lProcessesList.push_back(pe32);
            }
            while(Process32Next(hProcessSnap, &pe32));
        }
    }

    CloseHandle(hProcessSnap);
}

bool CAntiHack::ScanProcessMemory(DWORD dwProcessId) {
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);

    if(hProcess != INVALID_HANDLE_VALUE)
    {
        for(int i = 0; i < MAX_PROCESS_DUMP; i++)
        {
            char aTmpBuffer[MAX_DUMP_SIZE];
            SIZE_T aBytesRead = 0;
            ReadProcessMemory(hProcess, (LPCVOID)g_ProcessesDumps[i].m_aOffset, (LPVOID)aTmpBuffer, sizeof(aTmpBuffer), &aBytesRead);

            if(memcmp(aTmpBuffer, g_ProcessesDumps[i].m_aMemDump, MAX_DUMP_SIZE) == 0)
            {
                CloseHandle(hProcess);
                return true;
                break;
            }
        }
    }

    CloseHandle(hProcess);
    return false;
}

int CAntiHack::CheckProcessName(char *sProcessName, char *sSrcProcessName) {
    for(size_t i = 0; i < strlen(sProcessName); i++)
    {
        sProcessName[i] = (char)tolower(sProcessName[i]);
    }

    return strcmp(sProcessName, sSrcProcessName);
}

bool CAntiHack::CheckExplorerProcessDirectory(DWORD dwProcessId) {
    HANDLE hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId); 
    if(hModuleSnap != INVALID_HANDLE_VALUE)
    {
        MODULEENTRY32 me32;
        me32.dwSize = sizeof(MODULEENTRY32); 

        if(Module32First(hModuleSnap, &me32))
        {
            me32.szExePath[strlen(me32.szExePath) - (strlen(SYSTEMSHELL_NAME) + 1)] = 0;
            char sWindowsDirectory[MAX_PATH];
            GetWindowsDirectory(sWindowsDirectory, MAX_PATH);

            if(strcmp(me32.szExePath, sWindowsDirectory) == 0)
            {
                CloseHandle(hModuleSnap);
                return true;
            }
        }
    }

    CloseHandle(hModuleSnap);
    return false;
}

void CAntiHack::GetExplorerProcessId() {
    for(list<PROCESSENTRY32>::iterator i = m_lProcessesList.begin(); i != m_lProcessesList.end(); i++)
    {
        if(CheckProcessName(i->szExeFile, SYSTEMSHELL_NAME) == 0)
        {
            if(CheckExplorerProcessDirectory(i->th32ProcessID))
            {
                m_dwExplorerProcessId = i->th32ProcessID;
                return;
                break;
            }
        }
    }

    m_dwExplorerProcessId = INVALID_PROCESSID;
}

//---------------------------- Interface -------------------------------------------//

void CAntiHack::Startup() {
    m_lProcessesList.clear();
    
    GetSystemProcessesList();
    GetExplorerProcessId();

    if(m_lProcessesList.empty() || m_dwExplorerProcessId == INVALID_PROCESSID)
    {
        MessageBox(0, "Não é possível executar o MuGuard.\nFim de jogo", "MuGuard", MB_OK | MB_ICONSTOP);
        ExitProcess(1);
    }
}

void CAntiHack::SystemProcessesScan() {
    for(std::list<PROCESSENTRY32>::iterator i = m_lProcessesList.begin(); i != m_lProcessesList.end(); i++)
    {
        if(ScanProcessMemory(i->th32ProcessID))
        {
            MessageBox(0, "Encontrado software ilegal em seu sistema.\nPor favor feche todos os programas ilegais e executar aplicativo novamente.", "MuGuard", MB_OK | MB_ICONSTOP);
            ExitProcess(1);
        }
    }
}

void CAntiHack::CheckProcessOwner() {
    for(std::list<PROCESSENTRY32>::iterator i = m_lProcessesList.begin(); i != m_lProcessesList.end(); i++)
    {
        if(i->th32ProcessID == GetCurrentProcessId())
        {
            if(i->th32ParentProcessID != m_dwExplorerProcessId)
            {
                MessageBox(0, "Use o launcher.", "MuGuard", MB_OK | MB_ICONSTOP);
                ExitProcess(1);
            }
        }
    }
}

void CAntiHack::Cleanup() {
    m_lProcessesList.clear();
}
extern "C" __declspec (dllexport) void __cdecl Loaded()
{
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved) {
    CAntiHack AntiHackInstance;

    AntiHackInstance.Startup();
    AntiHackInstance.CheckProcessOwner();
    AntiHackInstance.SystemProcessesScan();
    AntiHackInstance.Cleanup();

    return true;
}

#ifdef _MANAGED
#pragma managed(pop)
#endif

Link to comment
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



  • Forum Statistics

    • Total Topics
      152.2k
    • Total Posts
      652k
×
×
  • Create New...