mirrors
/
pafish
mirror of https://github.com/a0rtega/pafish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adds GetTickCount() sleep patching detection

This commit is contained in:
Alberto Ortega 2015-01-01 13:08:47 +01:00
parent 417963345c
commit abb13ad351
3 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pafish/gensandbox.c
View File

@ -93,3 +93,12 @@ int gensandbox_drive_size2() {
}
return FALSE;
}
int gensandbox_sleep_patched() {
DWORD time1;
time1 = GetTickCount();
Sleep(500);
if ((GetTickCount() - time1) > 450 ) return FALSE;
else return TRUE;
}

2
pafish/gensandbox.h
View File

@ -12,4 +12,6 @@ int gensandbox_drive_size();
int gensandbox_drive_size2();
int gensandbox_sleep_patched();
#endif

8
pafish/main.c
View File

@ -116,6 +116,14 @@ int main(int argc, char *argv[])
}
else print_not_traced();
printf("[*] Checking if Sleep() is patched using GetTickCount() ... ");
if (gensandbox_sleep_patched() == TRUE) {
print_traced();
write_log("Sandbox traced by checking if Sleep() was patched using GetTickCount()");
write_trace("hi_sandbox_sleep_gettickcount");
}
else print_not_traced();
/* Hooks detection tricks */
printf("\n[-] Hooks detection\n");
printf("[*] Checking function DeleteFileW method 1 ... ");