Rekall Doppelgänging Detector
| using System; | |
| using System.IO; | |
| using System.Text.RegularExpressions; | |
| namespace DoppSearcher | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { | |
| string[] readeddata = File.ReadAllLines("3doppmod.json"); | |
| foreach (string chill in readeddata) | |
| { | |
| try | |
| { | |
| string mempath, mapped, eprocess; | |
| eprocess = mempath = Regex.Split(chill, @"/.\\")[1].Trim(); | |
| mempath = Regex.Split(chill, @"/.\\")[10].Trim().ToUpper(new System.Globalization.CultureInfo("en-US", true)); | |
| mapped = Regex.Split(chill, @"/.\\")[11].Trim().ToUpper(new System.Globalization.CultureInfo("en-US", true)); | |
| if (mempath != mapped && mempath != "-" && mempath.Contains("SYSTEM32") == false && mapped.Contains("SYSWOW64") == false && mempath.Contains("WINSXS") == false && eprocess != "") | |
| { | |
| Console.WriteLine(eprocess + " " + mempath + " " + mapped + "\n"); | |
| } | |
| } | |
| catch (Exception) | |
| { | |
| } | |
| } | |
| Console.ReadLine(); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment