LinkBack URL
About LinkBacksHello i have a question today i saw a trojan made in visual basic that has anti-ollydbg, anti-regmon, and anti-filemon, does anyone have any code similar for vb?
+ Reply to Thread
Results 1 to 10 of 13
-
14-09-2008 #1Member
- Join Date
- Jul 2008
- Posts
- 85
[vb]Anti OllyDbg,Anti-Regmon, Anti-Filemon?
-
14-09-2008 #2Member
- Join Date
- Jul 2006
- Posts
- 44
I need this too
-
15-09-2008 #3Senior Member
- Join Date
- Jun 2008
- Location
- 515
- Posts
- 309
You can do this easily by using the FindWindow function, it's probably what they did.
-
15-09-2008 #4Member
- Join Date
- Jul 2008
- Posts
- 85
Wouldn't the findwindow function only work if its already opened? How can you do it so once ollydbg opens the file then it exits?
Originally Posted by stoopid
-
15-09-2008 #5Senior Member
- Join Date
- Jun 2008
- Location
- 515
- Posts
- 309
If you are debugging a file with OllyDbg, the window is going to be open. The only thing you have to do is find the handle of OllyDbg's window.
-
16-09-2008 #6Senior Member
- Join Date
- Sep 2007
- Posts
- 135
imo anti-reg/filemon would be to unhook and evade. However this is the best I could come up with
.
No idea if the class name is machine specific tho.Code:procedure AntiFileRegMon(); var hWindow: HWND; hOpen: THandle; PID: DWORD; begin hWindow := FindWindow(PChar('18467-41'), nil); if hWindow <> 0 then begin GetWindowThreadProcessId(hWindow, PID); hOpen := OpenProcess(PROCESS_TERMINATE, FALSE, PID); if hOpen <> INVALID_HANDLE_VALUE then TerminateProcess(hOpen, 0); CloseHandle(hOpen); end; CloseHandle(hWindow); end;
-
16-09-2008 #7Senior Member
- Join Date
- May 2008
- Posts
- 213
I thought ollydebug opens the app in a suspended state? its not actually executed untill the user press's Play button in olly ?? Originally Posted by stoopid
-
17-09-2008 #8Senior Member
- Join Date
- Jun 2008
- Location
- 515
- Posts
- 309
This is true but the method should work effectively regardless. I wouldn't recommend this method as there are better methods though. Originally Posted by Departure
-
17-09-2008 #9Member
- Join Date
- Oct 2007
- Posts
- 61
Check my post:
http://www.opensc.ws/snippets/4049-d...d-ollydbg.html
-
17-09-2008 #10Senior Member
- Join Date
- Jun 2008
- Location
- r00t
- Posts
- 121
Fish, unless it's translated into vb, I see no point in posting your link to the delphi version. He clearly asked for a vb version.
Reply With QuoteThread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Anti sandbox
By Dcoder in forum Delphi HelpReplies: 18Last Post: 15-12-2008, 18:07 -
Anti Kav Unit
By WEZ_2511 in forum SnippetsReplies: 10Last Post: 14-11-2008, 22:17 -
[VB] Anti Sandboxie
By Metahuman in forum General Programming HelpReplies: 2Last Post: 14-08-2007, 15:21 -
i need some anti- codes ?
By roomrawdaw in forum General Programming HelpReplies: 1Last Post: 12-07-2007, 00:50 -
Anti-Ixir v1.0
By unreachableboy in forum Malware Samples and InformationReplies: 4Last Post: 16-08-2006, 12:29
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts