Jump to content

Recommended Posts

You can't really block them,there is always a way to inject

But here is an example with python:

import os,dbg,app

my_pid = os.getpid()
dlls = os.popen("tasklist /F /FI 'PID eq "+my_pid+"'").read()
dll = 10
asi = 10
m3d = 10
flt = 10
if dlls.count('.dll') != dll) and dlls.count('.asi') != asi and dlls.count('.m3d') != m3d and dlls.count('.flt') != flt:
	dbg.LogBox('Error')
	# app.Exit()

To find you many dlls you have injected to your binary write in cmd:

tasklist /F /IM "PID eq your_pid_here"

and change the count for example you have 15 dlls so you write at dll = 15

  • Love 1
Link to comment
Share on other sites

You can't really block them,there is always a way to inject

But here is an example with python:

import os,dbg,app

my_pid = os.getpid()
dlls = os.popen("tasklist /F /IM 'PID eq "+my_pyd+"'").read()
dll = 10
asi = 10
m3d = 10
flt = 10
if dlls.count('.dll') != dll) and dlls.count('.asi') != asi and dlls.count('.m3d') != m3d and dlls.count('.flt') != flt:
	dbg.LogBox('Error')
	# app.Exit()

To find you many dlls you have injected to your binary write in cmd:

tasklist /F /IM "PID eq your_pid_here"

and change the count for example you have 15 dlls so you write at dll = 15

 

hello, this where I add?

 

Link to comment
Share on other sites

What if I rename the DLL to .banana and inject that file?

 

P.s.:

my_pyd is wrong. you declared it as my_pid before :)

 

Edit:

Manual mapping or any kind of deletion from module list will still be hidden and useable :)

 

Edit2:

On my windows, the right syntax is taskilist -M -FI "PID eq Here_comes_PID"

Are you sure that your script works at all?

spacer.png

Link to comment
Share on other sites

What if I rename the DLL to .banana and inject that file?

 

P.s.:

my_pyd is wrong. you declared it as my_pid before :)

 

Edit:

Manual mapping or any kind of deletion from module list will still be hidden and useable :)

 

Edit2:

On my windows, the right syntax is taskilist -M -FI "PID eq Here_comes_PID"

Are you sure that your script works at all?

I didn't say that this protection is the best.

I did the script in 2 mins I didn't check it for errors so i'm sorry :)

I know that this isn't the best way but it's something

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.