检测浏览器
bool chrome_history_evasion(int min_websites_visited = 10){
sqlite3 *db;
int rc;
bool vm_found = false;
rc = sqlite3_open("C:\\Users\\<USER_NAME>\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History", &db);
if (!rc)
{
char **results = nullptr;
char *error = nullptr;
int rows, columns;
rc = sqlite3_get_table(db, "SELECT DISTINCT title FROM urls;", &results, &rows, &columns, &error);
if (!rc)
vm_found = rows < min_websites_visited;
sqlite3_free_table(results);
}
sqlite3_close(db);
return vm_found;
} int pafish_exists_file(char * filename) {
DWORD res = INVALID_FILE_ATTRIBUTES;
if (pafish_iswow64() == TRUE) {
void *old = NULL;
// Disable redirection immediately prior to calling GetFileAttributes.
if (pafish_disable_wow64_fs_redirection(&old) ) {
res = GetFileAttributes(filename);
// Ignoring MSDN recommendation of exiting if this call fails.
pafish_revert_wow64_fs_redirection(old);
}
}
else {
res = GetFileAttributes(filename);
}
return (res != INVALID_FILE_ATTRIBUTES) ? TRUE : FALSE;
}
int gensandbox_common_names() {
DWORD dwSize = MAX_PATH;
char szLogicalDrives = {0};
DWORD dwResult = GetLogicalDriveStrings(dwSize,szLogicalDrives);
BOOL exists;
if (dwResult > 0 && dwResult <= MAX_PATH)
{
char* szSingleDrive = szLogicalDrives;
char filename = {0};
while(*szSingleDrive)
{
if (GetDriveType(szSingleDrive) != DRIVE_REMOVABLE ) {
snprintf(filename, MAX_PATH, "%ssample.exe",szSingleDrive);
exists = pafish_exists_file(filename);
if (exists) return TRUE;
snprintf(filename, MAX_PATH, "%smalware.exe",szSingleDrive);
exists = pafish_exists_file(filename);
if (exists) return TRUE;
}
szSingleDrive += strlen(szSingleDrive) + 1;
}
}
return FALSE;
}
页:
[1]