Nirvana22 0 Posted July 17, 2014 Share Posted July 17, 2014 Is there any way to block injectors on the client? if so how? Link to comment Share on other sites More sharing options...
Denis 1477 Posted July 17, 2014 Share Posted July 17, 2014 You can't really block them,there is always a way to inject But here is an example with python: import os,dbg,app my_pid = os.getpid() dlls = os.popen("tasklist /F /FI 'PID eq "+my_pid+"'").read() dll = 10 asi = 10 m3d = 10 flt = 10 if dlls.count('.dll') != dll) and dlls.count('.asi') != asi and dlls.count('.m3d') != m3d and dlls.count('.flt') != flt: dbg.LogBox('Error') # app.Exit() To find you many dlls you have injected to your binary write in cmd: tasklist /F /IM "PID eq your_pid_here" and change the count for example you have 15 dlls so you write at dll = 15 1 Link to comment Share on other sites More sharing options...
Nirvana22 0 Posted July 17, 2014 Author Share Posted July 17, 2014 You can't really block them,there is always a way to inject But here is an example with python: import os,dbg,app my_pid = os.getpid() dlls = os.popen("tasklist /F /IM 'PID eq "+my_pyd+"'").read() dll = 10 asi = 10 m3d = 10 flt = 10 if dlls.count('.dll') != dll) and dlls.count('.asi') != asi and dlls.count('.m3d') != m3d and dlls.count('.flt') != flt: dbg.LogBox('Error') # app.Exit() To find you many dlls you have injected to your binary write in cmd: tasklist /F /IM "PID eq your_pid_here" and change the count for example you have 15 dlls so you write at dll = 15 hello, this where I add? Link to comment Share on other sites More sharing options...
Denis 1477 Posted July 17, 2014 Share Posted July 17, 2014 Create a fille called dll.py and import it at prototype.py Link to comment Share on other sites More sharing options...
Unc3nZureD 59 Posted July 17, 2014 Share Posted July 17, 2014 What if I rename the DLL to .banana and inject that file? P.s.: my_pyd is wrong. you declared it as my_pid before Edit: Manual mapping or any kind of deletion from module list will still be hidden and useable Edit2: On my windows, the right syntax is taskilist -M -FI "PID eq Here_comes_PID" Are you sure that your script works at all? Link to comment Share on other sites More sharing options...
Denis 1477 Posted July 17, 2014 Share Posted July 17, 2014 What if I rename the DLL to .banana and inject that file? P.s.: my_pyd is wrong. you declared it as my_pid before Edit: Manual mapping or any kind of deletion from module list will still be hidden and useable Edit2: On my windows, the right syntax is taskilist -M -FI "PID eq Here_comes_PID" Are you sure that your script works at all? I didn't say that this protection is the best. I did the script in 2 mins I didn't check it for errors so i'm sorry I know that this isn't the best way but it's something Link to comment Share on other sites More sharing options...
Unc3nZureD 59 Posted July 17, 2014 Share Posted July 17, 2014 Oh, of course Of course,it's better than nothing Dont take the,comment before as an offend, just a feedback Link to comment Share on other sites More sharing options...
Denis 1477 Posted July 17, 2014 Share Posted July 17, 2014 Yeah I know Link to comment Share on other sites More sharing options...
Ken 905 Posted July 18, 2014 Share Posted July 18, 2014 @Denic Cikiec your solution is easy for him but you can use to ctypes module for this. System always taken pid result may change. That's mean your system little security Best Regards Ellie Do not be sorry, be better. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now