Veil veil-ivy
veil-ivy
/ block_create_process.cpp
Created
February 22, 2022 22:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ntddk.h> | |
| #define BLOCK_PROCESS "notepad.exe" | |
| static OB_CALLBACK_REGISTRATION obcallback_registration; | |
| static OB_OPERATION_REGISTRATION oboperation_callback; | |
| #define PROCESS_CREATE_THREAD (0x0002) | |
| #define PROCESS_CREATE_PROCESS (0x0080) | |
| #define PROCESS_TERMINATE (0x0001) | |
| #define PROCESS_VM_WRITE (0x0020) | |
| #define PROCESS_VM_READ (0x0010) | |
| #define PROCESS_VM_OPERATION (0x0008) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <iostream> | |
| LPVOID original_func = NULL; | |
| PIMAGE_IMPORT_DESCRIPTOR import_descriptor = NULL; | |
| const wchar_t* back = L"\\"; | |
| wchar_t current_directory[MAX_PATH]; | |
| typedef HMODULE(WINAPI * loadlibrary_def)( | |
| LPCWSTR lpLibFileName |