Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <iostream>
- #include "SigFinder.h"
- #include "MemoryMaster.h"
- #include "External.h"
- #include "WinUtils.h"
- int main()
- {
- LoadLibraryA("user32.dll");
- //DebugBreak();
- MemoryMaster::SigFinder finder = MemoryMaster::SigFinder("user32.dll");
- /*
- 3.1.11 NtUserFindWindowEx
- This is a system call function in user32.dll.The windows APIs FindWindowA / W and FindWindowExA / W call this internally.The debugger window
- will be hidden.
- */
- void* NtUserFindWindowEx_sig = finder.Find(
- "\x4C\x8B\xD1\xB8\x00\x00\x00\x00\x0F\x05\xC3\xFF\x15\x9F\x85\x0A\x00\xE9",
- "xxxx????xxxxxxxxxx");
- if (!NtUserFindWindowEx_sig)
- {
- std::cout << "Not find FindWindowA system call. ScyllaHide detected. " << std::endl;
- } else
- {
- std::cout << "Find FindWindowA system call signature."<< std::endl;
- std::cout << NtUserFindWindowEx_sig << std::endl;
- }
- // --------------------------------------------------------------------------------
- std::cout << "--------------------------------------------------------------------------------" << std::endl;
- void* BlockInput_sig = finder.Find(
- "\x90\xFF\x25\x00\x00\x00\x00\x3C\x1D\xE9",
- "xxxxxxxxxx");
- if (!BlockInput_sig)
- {
- std::cout << "Not find BlockInput system call. ScyllaHide detected. " << std::endl;
- }
- else
- {
- std::cout << "Find BlockInput system call signature." << std::endl;
- std::cout << BlockInput_sig << std::endl;
- }
- system("pause");
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
