mirror of https://github.com/a0rtega/pafish
Added a check for less than one GiB of memory.
This commit is contained in:
parent
b0a2aeeda3
commit
01ac4d2153
|
@ -1,4 +1,6 @@
|
||||||
|
|
||||||
|
#define _WIN32_WINNT 0x0501 /* _WIN32_WINNT_WINXP */
|
||||||
|
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <winioctl.h>
|
#include <winioctl.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
@ -149,3 +151,11 @@ int gensandbox_one_cpu_GetSystemInfo() {
|
||||||
return siSysInfo.dwNumberOfProcessors < 2 ? TRUE : FALSE;
|
return siSysInfo.dwNumberOfProcessors < 2 ? TRUE : FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int gensandbox_less_than_onegb() {
|
||||||
|
MEMORYSTATUSEX statex;
|
||||||
|
statex.dwLength = sizeof (statex);
|
||||||
|
|
||||||
|
GlobalMemoryStatusEx(&statex);
|
||||||
|
return (statex.ullAvailPhys/1024) < 1048576 ? TRUE : FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,4 +20,6 @@ int gensandbox_one_cpu();
|
||||||
|
|
||||||
int gensandbox_one_cpu_GetSystemInfo();
|
int gensandbox_one_cpu_GetSystemInfo();
|
||||||
|
|
||||||
|
int gensandbox_less_than_onegb();
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -191,6 +191,14 @@ int main(void)
|
||||||
}
|
}
|
||||||
else print_not_traced();
|
else print_not_traced();
|
||||||
|
|
||||||
|
printf("[*] Checking if pysical memory is < 1Gb ... ");
|
||||||
|
if (gensandbox_less_than_onegb() == TRUE) {
|
||||||
|
print_traced();
|
||||||
|
write_log("Sandbox traced by checking if pysical memory is less than 1Gb");
|
||||||
|
write_trace("hi_sandbox_pysicalmemory_less_1Gb");
|
||||||
|
}
|
||||||
|
else print_not_traced();
|
||||||
|
|
||||||
/* Hooks detection tricks */
|
/* Hooks detection tricks */
|
||||||
printf("\n[-] Hooks detection\n");
|
printf("\n[-] Hooks detection\n");
|
||||||
printf("[*] Checking function DeleteFileW method 1 ... ");
|
printf("[*] Checking function DeleteFileW method 1 ... ");
|
||||||
|
|
Loading…
Reference in New Issue