Skip to content

Instantly share code, notes, and snippets.

@kaganisildak kaganisildak/dopp.cs
Created Jul 25, 2019

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Rekall Doppelgänging Detector
Raw
dopp.cs
using System;
using System.IO;
using System.Text.RegularExpressions;
namespace DoppSearcher
{
class Program
{
static void Main(string[] args)
{
string[] readeddata = File.ReadAllLines("3doppmod.json");
foreach (string chill in readeddata)
{
try
{
string mempath, mapped, eprocess;
eprocess = mempath = Regex.Split(chill, @"/.\\")[1].Trim();
mempath = Regex.Split(chill, @"/.\\")[10].Trim().ToUpper(new System.Globalization.CultureInfo("en-US", true));
mapped = Regex.Split(chill, @"/.\\")[11].Trim().ToUpper(new System.Globalization.CultureInfo("en-US", true));
if (mempath != mapped && mempath != "-" && mempath.Contains("SYSTEM32") == false && mapped.Contains("SYSWOW64") == false && mempath.Contains("WINSXS") == false && eprocess != "")
{
Console.WriteLine(eprocess + " " + mempath + " " + mapped + "\n");
}
}
catch (Exception)
{
}
}
Console.ReadLine();
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.