Rekall Doppelgänging Detector
using System; | |
using System.IO; | |
using System.Text.RegularExpressions; | |
namespace DoppSearcher | |
{ | |
class Program | |
{ | |
static void Main(string[] args) | |
{ | |
string[] readeddata = File.ReadAllLines("3doppmod.json"); | |
foreach (string chill in readeddata) | |
{ | |
try | |
{ | |
string mempath, mapped, eprocess; | |
eprocess = mempath = Regex.Split(chill, @"/.\\")[1].Trim(); | |
mempath = Regex.Split(chill, @"/.\\")[10].Trim().ToUpper(new System.Globalization.CultureInfo("en-US", true)); | |
mapped = Regex.Split(chill, @"/.\\")[11].Trim().ToUpper(new System.Globalization.CultureInfo("en-US", true)); | |
if (mempath != mapped && mempath != "-" && mempath.Contains("SYSTEM32") == false && mapped.Contains("SYSWOW64") == false && mempath.Contains("WINSXS") == false && eprocess != "") | |
{ | |
Console.WriteLine(eprocess + " " + mempath + " " + mapped + "\n"); | |
} | |
} | |
catch (Exception) | |
{ | |
} | |
} | |
Console.ReadLine(); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment